Insurance companies are increasingly requiring businesses, particularly those in the medical and financial sectors, to have comprehensive policies to mitigate the risk of cyber-attack. Minimum requirements for cyber insurance are becoming increasingly complex. Frequently, annual cyber audits are implemented to ensure best practices are in place. The following is a list of the key protocols recommended for an organization to have a successful cyber-security audit.
Endpoint Detection & Response (EDR) implemented on all endpoints
EDR is an endpoint security solution which continuously monitors end-user devices to detect and respond to cyber threats, including ransomware and malware. Insurers are now requiring the use of EDR technologies as part of a business’ Incident Response (IR) for all those applying for cyber insurance because it provides better visibility over endpoints and can address broader attack campaigns stretching across multiple endpoints.
Endpoints include laptops, desktops, mobile phones, tablets, servers, and virtual environments – devices that sit on the end of a network. Attackers can exploit vulnerabilities in such endpoints and use them as entry points to install malware and move throughout a network. Endpoints can be protected from these attacks through a variety of solutions. (See our most recent blog post for more information on EDR.
Multi-Factor Authentication (MFA) implemented and required for all remote network access and cloud services
MFA has become an industry-favorite feature in most minimum requirements. It takes a multi-lock approach to user access to business systems: it combines two or more different methods of authentication – such as a thumbprint or a unique code texted to the individual user – to provide greater security when proving the identities of users trying to access their accounts. Many organizations now require MFA to establish a connection to their network from outside the office and protect the end-user in case their credentials get compromised.
Often this method will require a combination of the following: something you are, such as an iris scan or fingerprint, something you know, such as a password, and something you have, such as a one-time token. Insurance companies will want to see MFA used across business email accounts and other key business applications as this technique will prevent malicious actors from accessing a business network.
Backup Procedures, Offline Backup, or Alternative Backup Solutions
In this age of ransomware, insurers know that a good backup can significantly reduce business interruption and extortion demands in the event of an attack. For cloud backups, malware scanning, encryption, segmentation, and MFA are commonly required by insurers. When it comes to a business’s most sensitive data and applications, insurers are likely to require these to be offline, immutable (the data remains fixed, unchanging, and unable to be deleted), and clearly cataloged through audits. It is important that backup data is isolated from other enterprise services to protect the backups from being impacted by attacks.
Identity and Access Management (IAM) for ad-hoc privileges and restricted network access
IAM applies sets of rules and policies to track and control user activity. The extent to which these activities can be supervised will depend on the specific technologies employed by a business. For example, it will monitor successful and failed login attempts, determine access rights, and grant administrating privileges to users on an as-needed basis. These management techniques minimize the potential attack areas, decrease the impact of a breach, and prevent cyber risks such as insider threats, misconfigured automation, and accidental operator error in production environments.
Privileged Access Management (PAM) to monitor accounts with privileged access
This is a subset of IAM that acts as a gatekeeper, maintaining control and visibility over the most critical systems and data. It will both enable access to critical resources and privileged information and audit the activity of privileged users in the event of a security incident. PAM helps businesses to minimize the risk of hacking privileged accounts (often a favorite target of threat actors). It should also be noted that PAM is not just a popular requirement of insurers, it is often needed for compliance with many legislative frameworks for privacy and data protection.
Good Patch Management
This is particularly relevant for critical patches and can include regularly installing patch updates, mapping out an inventory of the current operating systems on a regular basis, and keeping a list of all security controls (such as firewalls, antivirus software, EDR technologies, and so on) within an organization, classifying risks and prioritizing critical assets, and testing and applying patches on a regular basis.
Security Awareness Training
Sophisticated phishing and ransomware attacks require strategic solutions. While an IT security system is essential to any business, equipping all team members to recognize and defeat cyber-attacks is a proven tactic in the battle against cybercrime. Knowledgeable team members are the final shield in your line of prevention and defense. Preparing your staff for cyber-defense is best accomplished utilizing a combination of web-based training and mock phishing attacks. Equip your team to recognize and eliminate cyber-attacks before they invade your network.
Email Security Measures
Implement filters at the email gateway to filter out emails with known malicious indicators and enable common attachment filters to restrict file types that commonly contain malware. Prevent email attacks from getting through by combining email gateway, inbox defense, and security awareness training. Identify suspicious activity and email threats already inside your email environment before they can cause damage. Limit the impact of any threats that reach users with automated response and fast recovery tools. Back up your important Microsoft 365 email and data to recover easily from malware attacks or lost data.
Vulnerability Scans
An external vulnerability scan views your network through the lens of a hacker. This approach scans external IP addresses and domains to search for vulnerabilities within your internet-facing infrastructure. External vulnerability scans provide detailed insights into the weaknesses of your network perimeter and are essential to understanding and mitigating potential risks. Routine scanning is also key to maintaining an up-to-date list of the new servers or services added to your network and any potential threats that may accompany these additions.
Historically, cyber liability insurance renewal applications have been a straightforward experience for brokers and their clients, with only a minimal amount of information required. That has changed dramatically in recent years as cyber-attacks have evolved and will continue to evolve, in frequency, severity, and sophistication. For more information on how you can set your business up to be its most cyber-secure and in turn, successful during cyber audits, email info@btsmaine.com or call 207-443-9554.
Reader Interactions