Generali launches cyber security venture

A digital key for cyber security.
Company brief

Italian general insurer Generali has announced the launch of a new startup company, through which it will offer cyber security solutions via a web-based platform to customers in Europe, Asia and the Americas.

GeneraliCyberSecurTech, a wholly owned subsidiary of Generali, alongside the insurer’s newly released cyber insurance function, Majorana, will broaden the scope of the company’s cyber risk actions throughout the world, developing new solutions through which to prevent cyberattacks, improve responses to breaches, and generally improve the provision of support both before, during and after a potential attack.

Majorana collects consumer data and analyses it, assessing the company’s web infrastructure and performing an automatic search of the dark web in order to see if any breaches may have occurred. A proprietary algorithm analyses all results and then tailors a bespoke IT risk insurance policy and security report which are then shared with the customer.

Remo Marini, CEO of the new startup, commented: “Developed using innovative technologies based on machine learning and AI, the tool’s considerable sophistication enables the real risks to which the customer is exposed to be assessed, providing detailed information that the customer can use to build a plan to mitigate risks and transfer residual risks, both from a technology and insurance perspective.”

The risk landscape
According to the latest analysis of the global cyber risk landscape from Alert Logic, those perpetrating cyberattacks are operating at a distinct advantage compared with their corporate targets, easily subverting security measures and targeting entities with little to no fear of reprisal.

The organisation’s latest threat detection report, based on data from over 7.2 million security events, found that hackers are using cutting-edge techniques such as killchain compression and attack automation to launch constant attacks on businesses of every size and in every industry. Traditionally, the ‘killchain’ model of a cyberattack involves a series of steps, allowing a business to stop an attack at a preliminary stage, if detected early enough; this new killchain effectively makes every step simultaneous, removing the option of early detection and removal. Automation also allows hackers to launch many more attacks, often with no clear pattern, making them difficult to track and defend against due to their random nature and sheer volume.

“It’s no secret that attackers push the envelope and innovate attacks to abuse weaknesses anywhere they find them – in cloud and hybrid deployments, containerised environments and on-premises systems,” commented Rohit Dhamankar, Vice President of Threat Intelligence Products at Alert Logic. “What is troublesome is the use of force-multipliers like automation to scale attacks for increased financial gain. This report demonstrates that attackers are gaining increasing sophistication in their ability to weaponise trusted techniques to exploit common vulnerabilities and misconfigurations for purposes such as cryptomining.”

It’s not all doom and gloom though, Dhamankar added, as while hackers are constantly improving and refining their methodologies, ‘defenders also have the opportunities to evolve the way they approach their security processes, procedures and technologies’.