Absio founder: ‘Sheer number of connected devices’ is greatest threat

By Chad Hemenway on June 15, 2014
Dan Kruger, founder and president of Absio Corp.

Dan Kruger, founder and president of Absio Corp.

Advisen: What do you see as the greatest cyber risks today?

Dan Kruger: I think the greatest risks can be summarized by the following:

  • The lack of focus on the data itself. “Protecting our networks” is a misleading concept. People are not after your network or your computers, they are after your data.
  • Confusing security with control. It is easy to secure your data. Just put it on a flash drive and stick it in a safe deposit box. The problem is that most data is only valuable if it can be shared. This means that I not only need control of my data on my computer—I must have control of my data on your computer.
  • The lack of solutions available that control stored data in a meaningful way. Most cybersecurity technologies only focus on the protection of data in transit or in memory, which is a very small percentage of your data at any given moment. Stored data is the largest target with the most value, and the easiest to steal.

Advisen: What will the greatest threats be in 5 years’ time?

Dan Kruger: The sheer number of connected devices. Due to the Internet of Things, the number of connected devices will grow explosively by 10-100X. Every one of these devices will provide a communications pathway, and therefore, be a potential vulnerability that can be exploited. Thus the problems of today will be magnified if we don’t change the focus to the persistent control of data. If your cybersecurity focus is on hardening the perimeter, how do you think you will be doing in 5 years?

Advisen: Is the insurance industry doing enough to adequately address these risks?

Dan Kruger: No, I don’t think it is. The industry needs to insist on valid measures of control. The current measures do not comprehend the actual problem. To what degree is my data in control? To what degree would a breach be irrelevant?  To what degree is the data I send to others reliably constrained in its use? To what degree is the use of my data being reported? Currently, the insurance industry is mostly focused on remediation after a breach occurs, rather than making the breach irrelevant.

Advisen: What keeps you awake at night?

Dan Kruger: As bad as IT (Information Technology) is, OT (Operational Technology) is worse. The vulnerability of our industrial plant (chemical plants located in dense population areas) is my personal nightmare. And we are rushing headlong into the Internet of Things that extends those vulnerabilities into every part of our environment.

Advisen: In your opinion, what is the single most important cyber risk development in the past 12 months?

Dan Kruger: I think the largest development has been awareness as a result of events such as the Snowden revelations and Target breach. We are finally confronting the real risk and cost of complacency and checkbox compliance.

***

Dan Kruger is founder, president and chairman of the Board of Directors of Absio Corp., a position he has held since 2009. A pioneer in software-enabled collaboration, Dan is a 30-year veteran in consulting to businesses on teamwork, communication, technology strategy and the design and application of collaboration software.

Chad Hemenway

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].