Insurance companies need to serve their customers faster and easier, which is why we are developing digital services at breakneck speed. This is a challenge for traditional security development. We security people cannot stop development projects for weeks for security testing; instead, we must be involved in the development of a new service from the beginning. And we are, says Leo Niemelä, Director and CSO at LocalTapiola.
“We know that information security is at a very high level when we make a new service available to our customers. But are all the doors locked from cybercriminals for sure? This is what we ask from hackers on a regular basis.
Our Bug Bounty program rewards hackers who find vulnerabilities in our systems and report them to us. We have paid these white hat hackers a total of 122,000 euros and fixed almost 300 vulnerabilities in our systems. This is quite a low price for an international team of experts to test our services all day long.
When we started the Bug Bounty program in 2015, we were the first financial company in the Nordic countries to do so, and we didn’t know how it would affect our reputation. After positive experiences we decided to invite white hat hackers to visit our Hack Day event later that same year.
Hack Day has since become an annual event. We have even provided participants with the source code of software awaiting release, with the customer information encrypted.
In addition to LocalTapiola, thousands of other companies have benefited from our hacker program. The white hats on our payroll have found vulnerabilities also in third-party software that is used by many others besides us.
We have found that courage and openness are worthwhile. It’s easy for us to be a trustworthy insurance company when we use all means to ensure security and demonstrate it, too.”
This article was originally published in Finnish in the HS Ideat supplement as part of FFI’s digital finance theme campaign.
Looking for more?
Other articles on the topic