Security Evolution in a Commercial WorldFocusing on the Response rather than the Protection

Nikos MaroulianakisINTERAMERICAN Insurance Greece

6th Information Security Conference 2019Feb. 14 | Athens

▪ The most famous brand in Greek

Insurance Market

▪ The highest brand awareness (99%)

▪ Balanced presence in

Non Life, Health and Life Business

Lines

▪ The only insurer with its own

Health and Assistance infrastructure

▪ Multi distribution model &

innovative products

▪ The 1st direct insurer in Greece

through Anytime

Interamerican at a glance

REPEATABLE Internet exposed years

IT security needs to focus on the response rather than the protection

DEFINED Cyber security years

MANAGEDData protection years

INITIAL Innocent years

OPTIMISEDProactive in Over Regulated years

Initial (innocent years )

Business needsSecurity ecosystem

Firewall

Antivirus

Proxy

Backup

Cooperate web site

Internet Access

Electronic mail

Repeatable (internet exposed years )

Business needsSecurity ecosystem

Security Officer

Security Policy (

Firewall UTM

VPN

Audit & Compliance

e-Commerce

Remote users

WAN Agency Network

Mobile Network

Solvency II

Disaster Recovery Site

Web Security Gateway

Risk Analysis

Endpoint Security

Log Management

Network Segmentation / Monitoring

E-mail Gateway

Patch Management

Physical Security Enhancements

Defined ( cyber security years )

Business needsSecurity ecosystem

RBAC - IDM

SIEM

User Awareness

Data Protection Regulation

e-Insurance

Mobile Office

Business Continuity Management System (ISO 22301)

Data Flow Management

Data Classification

IPS, Encryption, Device Control

Web Application Firewalls (WAF)

Penetration Test - Vulnerability assessment

Uninterrupted Business Operation

Managed(data protection years )

Business needsSecurity ecosystem

0-day malware

Emergency Incident response

Big Data

GDPR

Ransomware

Data Traffic Controller

DDos Protection

Mobile Device Management

Data Leakage Prevention

24*7 Managed Security Services

Authentication/Authorization/ Accounting

Security Analytics

Threat Emulator

Endpoint Security USB Blocking

Mail Encryption

Optimized( proactive in over regulated years)

Business needsSecurity ecosystem

2 Factor Authentication

Compliance Management System

Control Transferred (2nd -> 1st line)

Enhanced Database Security

Proactive VS Reactive

Over-Regulated Environment

IOT Advanced Network Security

Mobile Security Container

Secure Coding

Mobile

Robotics

Insurance as a service

CloudBlockchain

ArtificialIntelligence

Internet of Things

Digital eCosystem

Insurtech

Analytics

Virtual Assistance

Customer experience

The New Digital Insurance Challenges

Security Governance

Risk /ComplianceISO/DPO

Security Administrators

Security Analysts

External AuditorsInternal Audit 3rd Line

2nd Line

1st Line

Control Framework

Security Governance

Risk /ComplianceISO/DPO

Security Administrators

Security Analysts

External AuditorsInternal Audit 3rd Line

2nd Line

1st Line

Control Framework

Needed Factors

Security is a Business Process driving to

Operational Excellence

Business Plan Alignment with

Security Roadmap

Vision & Strategy

Reliable Partners

BudgetManagement Commitment

“There are two types of companies: Those that have been hacked and those that will be hacked.”

Robert S. Mueller, III, Director FBI

“There are two types of companies: Those that have been hacked and those that have not been founded yet.”

Interamerican

Thank you!

INTERAMERICAN Insurance Greece

Athens 2019