How organizations can defend themselves against cyber risk

 

 

Cyber insurance, once viewed as a desirable security accessory, has evolved into an incident response and business resilience lifeline. As cybercrime continues to leave mass financial and operational destruction in its wake, protecting the bottom line and ensuring business continuity following such events has captivated the attention of executive leadership, and propelled the demand for cyber insurance.

Regulatory compliance and increased scrutiny from customers have also forced this level of urgency. Not only has there been an influx of applications for cyber insurance but also a tidal wave of organizations actively using their coverage. Research from Delinea found that 80% of organizations have leveraged their coverage at least once, and more than half of that group has used it on more than one occasion.

With the average cost of a data breach reaching astronomical amounts ($4.35 million according to IBM), insurers are not only raising rates but also tightening requirements. Many organizations are now facing significant delays and upfronts costs to satisfy the more rigorous coverage qualification criteria. As cyber insurance is still a relativity new phenomenon for many organizations despite having been around for many years, many organizations lack prior knowledge of the application process itself and can be unprepared for the questions and risk assessments from carriers.

Although each insurer has its own methodology to assess organizational risk, many reference the five key functions of the National Institute of Standards and Technology’s cybersecurity framework to evaluate companies: Identify, Protect, Detect, Respond and Recover. Understanding the core questions that insurers may ask under each of these components can help streamline the process of obtaining coverage and minimizing costs.  Let’s explore how organizations can prepare for each of these five components.

Identifying risks 

A prospective insurer first will want to understand the specific risks which pertain to your organization and the current risk management processes in place. Organizations can evaluate their risks by conducting a cybersecurity risk assessment to identify where vulnerabilities prevail. This activity also helps gauge a company’s cyber risk tolerance.

For example, insurance carriers will want a deep dive into how organizations conduct security awareness training initiatives for employees. Insurers want to see organizations conducting frequent security training that extends beyond simple online tests.  Insurers will also want a portrayal of an organization's inventory of hardware, software and privileged accounts.  Maintaining a list of all devices, applications and privileged accounts that could be a possible entry point for malicious attacks can help identify all possible threat vectors, and will determine the value and scope of the assets an organization wishes to insure.

Protecting assets 

Insurers will also want organizations to convey how they are currently protecting their assets, including highlighting Identity and Access Management controls, data security, maintenance and repair strategies, and more. As credential-based cyberattacks are increasingly common, insurers are looking for strong Multi-Factor Authentication controls to be in place. These controls can help validate who is accessing systems and add an additional layer of security.

Multiple layers of malware defense are another highly requested requirement. These protect against viruses and malicious programs deployed by bad actors. This defense includes implementing and enforcing least privilege access, restricting or removing local administrative rights, and layering in threat intelligence and endpoint protection. Part of protecting assets and data is having a strong backup and recovery plan to ensure that the business is resilient to attacks such as ransomware, which can bring a business to a complete stop.

Detecting risk and breaches 

Establishing an organization’s ability to detect risks and breaches is another core component for cyber insurers. The increased reliance on remote work means that more endpoints, including laptops and cloud servers, are high-value targets for attacks. More insurers are requiring organizations to have an endpoint security tool that can seamlessly identify and respond to security events originating at endpoints.

Thus, insurers want organizations to have comprehensive monitoring, alerting and reporting capabilities for privileged behavior and possible abuse on workstations and servers. This enables information technology and security teams to quickly identify unexpected behavior and conduct an incident response and forensic analysis if a breach occurs.

Responding to cyber attacks 

Perhaps the most important part of an evaluation to an insurer is the appraisal of an organization’s incident response plan. Robust incident response game plans are non-negotiable to an insurer as they can reduce the risk of a cyber breach becoming a catastrophic event.

An incident response plan helps align IT operations, security and developers to ensure a rapid and thorough response to an attack. A robust plan includes a checklist of roles and responsibilities in the event of an attack, along with actionable steps to measure the extent of a cybersecurity incident. Conducting frequent incident simulations can help identify areas for improvement and demonstrate to insurers that readiness is more than hypothetical.

Recovery after an attack 

Finally, carriers will want to delve into an organization’s recovery plan to understand how they will navigate the aftermath of a potential breach. Organizations must effectively showcase the measures in place to return operations to normal and stem losses. While 71% of companies are confident they can quickly recover from a cyberattack, it still takes an average of 280 days to identify and contain a data breach. Organizations must demonstrate to insurers that they’re realistic, willing to learn from cyber mistakes and implement ongoing improvements.

Before applying for a cyber insurance premium and engaging with perspective carriers, it is important to evaluate your organization within these five components to better understand the risks which pertain to your organization, where gaps in security infrastructure may persist and which assets are most critical for an organization to insure.

Comments

Post a Comment

Popular posts from this blog

Are your Business Critical Servers Mining Cryto?

Image
Cryptocurrency mining, also known as crypto mining, is the process of validating transactions and adding them to the blockchain by solving complex mathematical puzzles. Miners use powerful computer hardware to perform these calculations, and in return for their efforts, they are rewarded with newly minted cryptocurrency coins. However, in some cases, crypto mining can be conducted without the owner's consent, leading to unauthorized usage of computing resources, known as crypto mining on servers. Mitigating unauthorized crypto mining on servers involves several steps to detect, prevent, and address such activities:   Monitoring and Detection : Regularly monitor server performance and resource usage. Sudden spikes in CPU usage, memory usage, and energy consumption can be indicators of crypto mining. Use monitoring tools and software that can identify abnormal behavior and patterns indicative of unauthorized mining activities. Regular Software Updates : Keep server operating system
Read more

5 ways to protect your Infrastrcture security

Image
Protecting your infrastructure security is crucial to safeguard sensitive information, prevent cyberattacks, and maintain the integrity of your systems. Here are five important ways to enhance infrastructure security:   Network Security : Firewalls : Implement both hardware and software firewalls to filter incoming and outgoing traffic, blocking unauthorized access and potential threats. Intrusion Detection and Prevention Systems (IDPS) : Set up IDPS solutions to detect and mitigate suspicious activities in real-time. Network Segmentation : Divide your network into segments to limit lateral movement for attackers and contain potential breaches. Virtual Private Networks (VPNs) : Use VPNs to encrypt data transmission between remote locations and your infrastructure, ensuring secure communication. Access Control and Authentication : Multi-Factor Authentication (MFA) : Require multiple forms of authentication, such as passwords and biometrics, to add an extra layer of security. Role-Based
Read more