Share on Facebook Share on Twitter Share on Google+ Share on Linkedin In another edition of ACORD’s TechTalk, host Johnell Johnson welcomes Eric Qualkenbush, a Director with BLACKOPS Partners, who retired from the Central Intelligence Agency (CIA). He focuses on cybersecurity and the “insider threat.” Mr. Qualkenbush says most cyber security companies focus on technical solutions, and do not pay enough attention to the human element. In fact, he says, most cyber-attacks happen due to human intervention, and most of those are related to employee negligence, carelessness or a lack of indoctrination. “It is much easier to exploit humans with legal access to a network than it is to hack into network using technical means…. It’s much better to use a key than to pick the lock.” Hackers are “constantly looking at employees”, according to Mr. Qualkenbush. Employees, contractors and suppliers are the weakest link in cybersecurity. He notes how the Chinese Liberation Army has an Advanced Persistent Threat (APT) Unit that look for such holes in security. In fact, he estimates there are 20 APTs across China. Mr. Qualkenbush sites an example of an APT that the FBI said targeted Exxon, Mobil, ConocoPhillips and Marathon Oil, and syphoned off proprietary information from their systems. It involved billions of dollars in trade secrets and competitive information. The FBI advised the affected companies that the breaches were the result of “phishing” emails of company employees duped into responding to false emails. It provided the Chinese APT with initial access to the company networks. To address the human element, Mr. Qualkenbush recommends that companies understand what secrets they have. As is done in the intelligence community, companies should identify their trade secrets, rank them based on the potential damage they might due if revealed, and place them in compartments with limited access. Then they should monitor the employees who have access to the information. For more on cyber risk and cyber security, visit the WRIN.tv On Demand Library. And for more on the technologies shaping the insurance industry, visit the ACORD website.