Agero Insights

With the emergence of digital technologies like Gen AI, cybersecurity threats are more serious than ever. Potential damage extends beyond the company being targeted to those it does business with and the end users who rely on its services. Breaches can lead to extensive financial loss, brand damage, and a long array of related consequences.

At Agero, we closely monitor industry trends to identify key vulnerabilities and emerging areas of risk. We use these insights to continuously adjust the rigorous processes and oversight we have in place to mitigate these threats. 

In the April 2024 issue of Property Casualty 360, the article “5 Cyber Threats to Watch in 2024” identified the following as specific areas which companies should focus their security efforts:

1. Deep fakes
2. Privacy threats to personal information
3. AI Automation
4. Business email compromise and fraud
5. Ransomware

Some of these, like ransomware and email fraud, have been around for decades, while others, such as deep fakes and AI automation, are relatively new, emerging alongside advances in technology. In either case, Agero has extensive systems in place to mitigate weaknesses associated with each of those potential vulnerabilities, approaching each threat from a variety of angles to minimize its security risk.

1. Deep fakes

Video and audio deep fakes present a significant concern, particularly with the rapid advancements in this technology. This sophisticated form of social engineering is essentially a next-generation version of phishing, putting at risk sensitive data like customer payment information. Preparing employees, who are typically the targets of deep fake phishing, to recognize and be vigilant against this emerging risk is crucial to defeating the efforts of threat actors.

• Core Controls – Recent incidents of this have related to financial fraud, such as looking for ways to manipulate finance employees to issue payments. Agero has long used core controls (like dual approval for payments) to defend against this.
• Password Reset Policies – Recent incidents have highlighted cases of financial fraud, often involving attempts to manipulate finance employees into issuing unauthorized payments. In addition to dual approval for payments, we enforce stringent password reset policies, which incorporate employee-specific knowledge for resets.
• Employee Education –  We regularly share instances of deep fakes with employees to raise awareness of the threats and to underscore the importance of our security processes

2. Privacy threats to personal information

We recognize our role as guardians of our clients’ valuable data, particularly the consumer data essential for delivering our services. Protecting this privacy reduces the risk of consumer data loss that could result in damages to the consumer as well as the brand of the client. We take this responsibility seriously and utilize comprehensive measures to manage and protect sensitive data. These measures include: 

• Privacy by Design & Data Management – Agero adopts a privacy-by-design approach, meticulously examining each data item to ascertain its purpose and maximum retention requirements. This is a part of Agero’s robust data management program, encompassing the identification of a sensitive data inventory, designation of data owners, and establishment of data locations. Data owners undergo Agero-specific training on the policy to ensure comprehensive understanding and adherence.
• Data at Rest Detection – Despite diligent manual efforts to identify sensitive data locations, gaps may still arise due to the diverse nature of cloud deployments today. Agero is implementing technology capable of scanning both cloud and on-premise data storage to identify potentially sensitive data, thus enhancing our data protection measures.
• Real-Time Protection & Active Scanning – Agero is rolling out real-time detection capabilities to semi-privileged and privileged users, enabling them to monitor the movement of sensitive data in real time. Further, we’ve implemented technology capable of identifying potential attack paths that threat actors might exploit to gain unauthorized access to data.

3. AI Automation

Since the emergence of Generative Artificial Intelligence (Gen AI), there has been considerable discussion regarding leveraging AI in cybersecurity. Agero is actively monitoring how threat actors utilize Gen AI, and our cyber partners are exploring numerous opportunities in this regard. However, AI is not new to Agero. Here are a pair of examples of how we leverage AI to enhance our security controls:

• SOC Machine Learning – Our Security Operations Center uses machine learning to enhance detection of threat actors.
• Email Protection – We employ AI-driven technology to intercept malicious emails based on their content, enhancing our email security measures.

Staying ahead of the curve with this technology will allow Agero to leverage the benefits of AI while continuing to safeguard our and our clients’ data.

4. Business email compromise and fraud

This is the most common way that threat actors attempt access to an enterprise, seeking to establish a foothold in the network that can be used to steal data. We see regular activity in this area at Agero. Because fraudulent emails have become increasingly difficult to detect as an end user, we have extended the email protections in a standard business suite to also include a variety of advanced features. These include:

• DMARC & Remote Detonation– We block emails that are not from verified sending locations and are signed by the organization using the “Domain-based Message Authentication, Reporting & Conformance” (DMARC) protocol. This makes it much harder for a threat actor to spoof an email and gain access to sensitive information through unwitting employees. Similarly, while standard email platforms block links (URLs) associated with known bad actors, threat actors quickly spin up new links. Agero uses remote browser sessions to open unknown links to protect users from accidentally getting compromised. The remote browsers do not allow the transfer of data (often login credentials) to the sites.
• Attachment Scanning & Advanced Scanning – Standard email platforms scan email texts for links. To avoid this detection, threat actors will hide links in attachments. Agero uses advanced functionality to scan attachments to block this evasion. While standard email platforms relied on scanning emails for common language indicative of "phishing" behavior, this approach is becoming less effective as threat actors adapt and employ Gen AI technology. Agero employs advanced scanning techniques with a higher containment rate to counter this evolving threat landscape.
• User Education – User education is crucial for safeguarding against threats. To support our users, Agero has invested in extensive user education initiatives. These involve active testing of users combined, with dynamic training content tailored to address specific instances of erroneous behavior when encountering phishing emails.

5. Ransomware

While email compromise frequently serves as the initial entry point into an organization, ransomware often follows as the next step for threat actors seeking to exploit data. Agero has prioritized addressing this threat for years. Some of the more advanced measures we undertake to safeguard against ransomware include:

• Endpoint Protection & Asset Visibility – Standard antivirus and anti-ransomware tools depend on fingerprinting (signatures) of known malware. Agero has implemented next-generation endpoint protection systems capable of detecting device actions indicative of a breach. By blocking these actions, we effectively prevent malware that hasn't been otherwise identified from infiltrating our systems. While deploying Endpoint Protection is excellent, ensuring maximum coverage for deployment and updates is also critical. Agero has invested in monitoring systems that identify and inspect all network-connected devices. This enables us to guarantee the deployment and updating of Endpoint Protection across our network, ensuring no blind spots for all user devices, servers, and containers
• Secure Backup – While the assumption is that you can restore from backups in the event of an attack, threat actors have become adept at infecting backups. To mitigate this risk, Agero has implemented ransom-resistant backup SaaS services. Moreover, many overlook the importance of testing restoration processes. At Agero, we routinely conduct restoration tests to ensure the effectiveness of our backups.
• SOC Coverage – Agero operates a 24/7/365 Security Operations Center (SOC) equipped with AI technology to automatically detect potential threat actor actions across various event feeds, including Cloud, Network, Identity, AV (Antivirus), and more. We’re also transitioning towards a zero-trust (least privileged access) approach. This encompasses identity features such as impossible travel detection and VPN identification. Additionally, we are implementing technology tailored for semi-privileged (corporate) and privileged (Admin/Engineering) users. This technology scans activity in real time to detect any indications of a breach.

Efforts countering these risks improve both the security of our client data and the availability of our critical systems to service our clients’ consumers.

With the threats posed by bad actors in the cyber arena constantly evolving, Agero has extensive resources dedicated to understanding areas of weakness and implementing best-in-class security solutions. Beyond our continuous threat assessment and corresponding adjustments to our Cyber Security Program, we are also vigorously pursuing next-gen security solutions in areas like cloud posture management, dark web monitoring, code security, and various other controls. 

These efforts are essential to the integrity of the relationships we maintain with our clients and the customers we serve, as a trusted partner to global brands and provider of essential services to 10s of millions of drivers in need.