OneLift, a Luxembourg life assurance specialist, has called on the services of Telindus' Security & Intelligence Operations Center (CSIOC) as part of its digital transformation.
Like many industries, the life insurance sector has to adapt to new customer behavior. These new uses illustrate consumer demand for an improved experience, delivered through customised and omnichannel offers. To be in a position to roll out new digital tools to its customers and partners, while minimising the risk, OneLife called on the services of Telindus' CSIOC.
Nadine Tavolacci, OneLife's IT Security Officer, explained the challenges at stake and how the desired returns were achieved. She pointed out: “Life insurance companies such as ours handle large amounts of confidential information. This means being in a position to guarantee our customers the integrity, confidentiality, availability and traceability of this sensitive data. On top of that, we have to safeguard OneLife's good reputation on the financial market, along with its brand image”.
To achieve these goals, OneLife had to put in place the operational capabilities necessary to monitor the flows transiting over the company's networks and issue appropriate and relevant alerts in the event of an incident.
Ms Tavolacci stated: “In Telindus, we have found a partner that can meet our stringent service performance and quality requirements while respecting our budgetary constraints”.
To deliver on the OneLife's expectations, Telindus' cyber security consultants first analysed the company's entire infrastructure and communications. They then identified the risk scenarios likely to occur before categorising potential incidents on the basis of use cases and prioritization. External vulnerability was also analysed in order to assess the exposure of the company's perimeter infrastructure. Following this risk analysis and anticipation phase, a rapid escalation mechanism to Telindus' CSIOC team was introduced in order to be able to deal with a major incident, as well as DNS monitoring. To validate the defense capabilities of OneLife's infrastructure and communications, the Telindus team scheduled an annual “Red Team” exercise and conducted a phishing test to assess users' exposure to social engineering risk. Finally, it was decided that a cyber security report would be sent to OneLife's IT teams on a monthly basis.
Nadine Tavolacci continued: “The monthly reports issued by Telindus confirm the appropriate level of security measures put in place. [...] The CSIOC now allows us to identify threats and risks at an early stage and to limit their potential impact".
Through Telindus' CSIOC, OneLife now has access to the support of a team of around 20 cyber-security specialists. Based in Luxembourg, this team provides 360° coverage, 24/7, on three levels of expertise. The team draws on the talents of high-level experts capable of analysing large amounts of information to pinpoint unusual behaviour. These feed into new detection scenarios accompanied by a remediation plan adapted to the actual situation.