Our customers expect and deserve a safe and secure digital experience
As our world becomes increasingly connected, providing a best-in-class cyber security program has never been more important.
AIG values our customers’ trust and is dedicated to helping clients proactively protect their data, networks, and IT systems and is committed to helping save their information from risks, like fraud, unauthorized access, and cyber threats. We recognize the importance of information security in maintaining a resilient business and understand that responding to an evolving threat landscape is critical to effective risk management. Below are some resources to inform you about AIG’s capabilities and the ways in which you can better protect yourself, your work, and your families.
AIG’s Information Security Approach
AIG recognizes the importance of information security as a key element of maintaining a resilient business. To respond to the evolving threat landscape, AIG has adopted a risk-centric approach to information security. AIG is committed to continually developing and honing our overall security capabilities and putting the security and safety of our data, and our customers’ data, at the forefront of our efforts through:
- Intelligence Driven Risk Management
-
Dedicated professionals monitor information security intelligence, leverage information security tools, and enact processes and procedures designed to secure networks and access points. Threat intelligence plays a crucial role in our strategic business planning – with informed investments in security, our capabilities can align to counter the evolving threat landscape.
- Data and Identity Access Management
-
We use identity and access management controls to help protect AIG’s information and systems through the management of worker access to systems and data. AIG remains focused on secure privileged access and enhanced authentication capabilities.
- Proactive Security Practices
-
Having a proactive, defense-in-depth approach to our security efforts allows us to be more vigilant and adaptive to the evolving threat landscape. This approach helps us improve visibility into the AIG environment by establishing further transparency into cyber threats through maturing security monitoring capabilities and existing toolsets. We also work to enhance security vulnerability remediation by augmenting the security of internet-facing applications and improving overall cloud security.
- Security Posture and Assurance
-
Validation of the AIG security posture is conducted using a multifaceted approach. Assurance is obtained from independent internal and external organizations to assess the effectiveness of our control environment. Issues are prioritized based on AIG’s defined risk criteria and tracked to remediation.
- Workforce Training and Awareness
-
Protecting the safety, including the confidentiality, availability, and integrity of information assets is a priority at AIG. Whether we are working with customer data, employee data, or AIG proprietary information, AIG is committed to delivering ongoing user cybersecurity awareness training designed to help protect our assets and information.
Cybersecurity Awareness Month
Every October, AIG recognizes Cybersecurity Awareness Month as an opportunity to reinforce a strong cybersecurity culture throughout the enterprise by sharing best practices and online safety tips with our employees.
Cybersecurity Awareness Month was created as a collaborative effort between the U.S. government and industry to ensure the general public has the resources they need to stay safer and more secure online.
AIG partners with the National Cybersecurity Alliance to help promote Cybersecurity Awareness Month tools and resources with our workforce and to help build additional cybersecurity awareness tips and best practices to share with our stakeholders.
AIG’s Cyber & Information Security Resources
AIG frequently shares cyber safety tips and best practices throughout the enterprise in an effort to help build a strong cybersecurity culture. We equip our employees and stakeholders with the cyber safety tools they need to help stay protected from evolving cyber threats, such as Cyber Safety for the Digital Newcomer and many other safety resources.
AIG Ransomware Resources
Ransomware attacks are associated with increased losses due to a rise in ransom demands and the associated expenses in getting systems back online.1 At AIG, we anticipate an increase in cyber business interruption on a global level as ransomware and extortion attacks evolve. The rapid spread of malware or attacks on critical service providers by state-sponsored actors could bring widespread disruption and potentially also physical damage to a wide range of industries.
There are many steps organizations can take to mitigate the risk, including having multiple backups; however, cyber insurance is becoming an important backstop to protect an organization’s balance sheet and help it recover quickly when these incidents occur.
- Please reference our Staying Safe from Ransomware page for more safety tips to help protect yourself from ransomware threats.
- More resources from partner organizations can be found on these pages to include additional actions and resources available to your organization designed to address ransomware.
AIG Phishing Resources
At a time of increased remote work, employees are more vulnerable than ever to exploitation by malicious actors. Phishing is one of the most common types of cyberattacks used by malicious actors to access an organization’s network and confidential information. AIG conducts recurring phishing simulation tests to help build the firm’s resilience to cyber-threats by exercising and evaluating readiness across the workforce.
- Read more about Phishing to learn safety tips on how to protect against these types of threats.
AIG Stronger Password Resources
Poor password hygiene is an issue that has not gone away, although best practice approaches have evolved. Simple passwords are typically the weakest link in otherwise secure networks. Attackers often use password-cracking tools to circumvent an encrypted password and gain access to a user’s account. This is easier to do if the password is simple, such as ‘password’, ‘qwerty’ or ‘1234567’.
Whereas the advice was once to change passwords regularly, today it is deemed more useful to have a strong password and to stick with it. The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework provides information about best practices for passwords and passphrases.1
- Learn more about how to Supercharge Your Passwords and,
- Read about Multifactor Authentication to learn how to enable MFA to better protect your information and data online.
1Source: https://www.aig.co.uk/content/dam/aig/emea/united-kingdom/documents/Insights/cyber-human-factor.pdf
Additional Cybersecurity Resources and Information
The National Cybersecurity Alliance (NCA) is a nonprofit organization that builds strong public/private partnerships to create and implement broad-reaching education and awareness efforts. It empowers users at home, work and school and equips them with the information they need to keep themselves, their organizations, their systems, and their sensitive information more safe and secure online. Along with over 25 other private sector companies, AIG serves as a board member of NCA, helping to build and encourage a culture around good cybersecurity hygiene. Some helpful resources include, but are not limited to:
- The National Cybersecurity Alliance’s:
- Online Safety Basics
- Phishing tip sheet
- Security Tips for Remote Workers
- Security Tips for K-12 Students
- Visit NCA’s Resource Library for more information on free cybersecurity events, tips, and resources.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is the United States’ risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future. CISA is also a close partner and collaborator with the NCS, but they also provide many cybersecurity and information security resources and safety tips to the general public, as well as to the public and private sectors. Some of these resources include, but are not limited to:
- CISA’s Ransomware Guidance and Resources
- CISA’s Ransomware Guide
- CISA’s Ransomware Alerts and Tips
- CISA’s Avoid Social Engineering and Phishing Attacks article
- How to report a cyber incident through CISA or a cyber crime through the FBI.
For more information on cybersecurity in Japan, please visit the sites below: