Summary
This document is a strategic analysis focused on the evolving threat landscape faced by Aviva, a financial services provider. It outlines the challenges posed by a diverse ecosystem of intermediaries and brokers, which significantly expands the attack surface. The analysis highlights the increasing prevalence of valid account abuse and voice phishing attacks, emphasizing the need for robust security measures. It discusses the regulatory landscape, including NIS2, DORA, PSD2, and GDPR, which necessitates a cohesive security strategy. The document details a 120-day roadmap aimed at enhancing security across Aviva's operations, focusing on safeguarding sensitive data, building operational resilience, and enabling secure digital transformation. Key phases include establishing foundational security measures, enhancing protection capabilities, and ensuring compliance with evolving regulations. The analysis underscores the importance of a unified security architecture to address complex threats and improve real-time threat detection and response capabilities across Aviva's digital infrastructure.
