Here we are in the fourth quarter of what was a dynamic year. We are settling into the realities of a post-pandemic environment, where supply chain pressures continue to linger, new workarounds have been born, and backup plans tend to be a new reality; it seems to pivot is the verb of the moment.
During these times, technology quickly filled in some otherwise impossible gaps when the ability to share physical space was a health risk. As a result, cybercriminals took full advantage of the rapid change that left many companies with security holes, and we’re now facing an unprecedented frequency of breaches.
In response, compliance requirements for cyber liability insurance have increased, along with doubling premiums for cyber insurance coverage. Changes like these will require organizations to start bringing in security layers not previously budgeted for, especially as cyber risk is only increasing.
Cyber Insurance Compliance Provisions
Before your budget is finalized for 2023, review this highlighted list of compliance provisions for attaining ransomware cyber insurance, along with guidance to get you and your budget prepared.
- Required enforcement of identity & access management
- Increased requirement for email security screening
- Identified & segregated unsupported & end-of-life (EOL) software
- Limited domain administrator accounts within an organization's network
- Implemented security products & solutions to prevent & detect malicious network activity
- Applied baseline standards and vulnerability scans for devices with network connections
- Dedicated backup & recovery processes with data recovery point objectives (RPO) & recovery time objectives (RTO)
- Directed tabletop exercises to test & inform your incident response plan
Required enforcement of identity & access management
Multi-factor authentication (MFA) for privileged accounts is now extended to all users on your network. This includes volunteers, third-party contractors, etc.; Anyone with an account on your network.
Enabling MFA is not a new recommendation; in fact, this has been at the top of the cybersecurity best practices list for years now. The issue seems to be the slow pace at which organizations have taken to implement MFA. If you have not deployed MFA throughout your company, then stop reading here. Come back once you have enabled this low-cost, highly effective cloud security defense measure designed to stop cybercriminals before they start.
Increased requirement for email security screening
Security controls for emails will need to include screening and quarantining for malicious links and attachments, tagging, detonation, and evaluation of attachments in a sandbox, among other policy and reporting standards. Regular employee testing and training for phishing email simulation should be conducted so users can identify fraudulent or spoofed emails.
Phishing and ransomware attacks are only increasing and becoming more sophisticated each day. Cybercriminals are adapting their tactics to trick spam filters and fool unsuspecting victims to gain access to your organization's sensitive information. You can get in front of these hacker attempts by creating a culture of security through security awareness training for employees and implementing the right email security measures.
Identified & segregated unsupported & end-of-life (EOL) software
You will need the ability to discover and map devices or endpoints connected to your network to help maintain an up-to-date configuration management database (CMDB). Any EOL and end-of-support software should be segregated from your network and supplementally supported.
Information technology (IT) should serve your business strategy and future goals, not put your business at unnecessary risk. It is important to understand that running EOL or EOS software leaves the network they are connected to vulnerable to attacks, which cybercriminals waste no time exploiting.
When planning ahead for outdated technology in the coming year, time needs to be accounted for in each phase of the process. From analyzing options, making decisions, lead times for engineering talent and hardware, to training employees for ‘go-live.' A solid EOL management strategy and an asset inventory maintenance program will help you control risk, reduce unforeseen budget expenses, and better plan for supply chain issues that cause delays.
Here is a list of upcoming EOL dates on some common products within the next year. If you will be impacted by any of the items listed, now would be the time to connect with your IT Account Manager.
- vSphere 6.5 and 6.7 EOL 10.15.2022
- Windows 8 EOL 1.10.2023
- Exchange Server 2013 EOL 4.11.2023
- Windows Server 2012 EOL 10.10.2023
Limited domain administrator accounts within an organization's network
As part of data breach prevention, the principle of "least privilege" should be applied to administrator or service accounts that, by default, have the most access and control within your organization's network. Along with limiting access, these service accounts need to be uniquely monitored for unusual activity and password management.
Organizations need to expand data breach prevention and network protection to include people, devices, apps, and data found in remote work environments to a ‘Zero Trust’ environment. With Zero Trust, your network no longer implicitly trusts anyone or anything, inside or outside of your network boundary. Each access request must be fully authenticated, authorized, and encrypted before access is granted. Using the idea of 'least privilege,' just-in-time and just-enough-access (JIT/JEA) principles are applied to minimize lateral movement within your network (access to one network resource does not grant automatic access to another).
Implemented security products & solutions to prevent & detect malicious network activity
Endpoint protection and response solutions dedicated to network protection, designed to detect known threats, as well as changes in the operation behavior of endpoints, are a standard requirement. These are next-generation virus scanning tools, such as endpoint detection & response (EDR), combined with a centralized team dedicated to monitoring and remediating identified security threats, known as a security operations center (SOC).
The need for greater visibility and depth of response to cyberthreats across your entire digital landscape is not just a cybersecurity best practice; it's a requirement to obtain cyber insurance. You may have some form of network security monitoring in place; however, many organizations must have advanced network monitoring. This new model combines security operations expertise, threat intelligence from endpoints, networks, identity, and cloud sources, and 24x7 monitoring capabilities. This level of response is key to securing your organization against the increasing dangers of advanced cyberattacks.
Applied baseline standards and vulnerability scans for devices with network connections
You may hear the term 'harden' in relation to systems and devices connecting to your network. This means you need to have a set of standards and tools in place that will test any new endpoints or systems introduced to the network, including MFA enforcement, patching updates, device monitoring, etc. It is also necessary to conduct penetration testing of the network and vulnerability scanning of devices on that network
It may be easy to assume that patching is less critical now that more data lives in replicated cloud storage environments, but the opposite is true. Our work-from-anywhere society, access to multiple network environments, and increasing occurrences of cyberattacks makes it more important than ever to manage patching and software updates with urgency. By implementing a solid patch management process along with system parameters for network access within your organization, you can 'harden' your security posture and become more translucent to cybercriminals.
Dedicated backup & recovery processes with data recovery point objectives (RPO) & recovery time objectives (RTO)
Every business should have a data backup and recovery strategy. This strategy should include protecting data in backup systems from compromise. Ahead of a ransomware breach, you also need to predetermine how long your organization can be down (RTO) and how much data can be lost (RPO) before it can be functional again.
Data loss affects all organizations at some point, and the type of industry you are in can dictate certain requirements of your backup and recovery strategy. Knowing your RTO and RPO will help determine the type of backup and recovery process you need. Do you have a tape-based, air-gapped backup system that now needs to be augmented with a cloud backup service or vice-versa? Each of these determinations will have a dollar figure associated, so the right combination is paramount to optimizing costs.
Directed tabletop exercises to test & inform your incident response plan
If your business is hit with ransomware or any other cyberattack, it’s wise to know how your organization will respond. A disaster recovery/business continuity plan (BCP) must be in place that outlines your response strategy in the event of a cybersecurity incident. The plan should be regularly tested and involve an incident response team.
The best way to know if your backup system and business continuity plan is reliable is to test it. Having regular incident response tabletop exercises is a best practice. With C-level executives now being held accountable for cyber breach incidents, it is important to get involved at the planning stage to help establish a full understanding of the cybersecurity controls and preventative measures in place.
The domestic cyberattacks of 2022 on large and small companies motivated a national awareness for increased cybersecurity, prompting increased industry regulations. No longer are these cyber requirements reserved for companies with high compliance obligations – getting and maintaining cyber insurance at all levels is now required from all businesses, regardless of industry or size. To stay ahead of these industry requirements, we suggest alignment of company operations around a security framework, such as NIST.
As a managed IT and security services partner, Systems Engineering exists to help simplify the technology planning and budgeting process. By staying on top of trends and the industry shifts that influence tech spending and regulations, we can help you make sound investments that enhance your productivity and security.
If you would like assistance budgeting for new security layers and aligning operations around an appropriate security framework, fill out our form below and get the conversation started.
If you recognized potential gaps in your current IT process, or you would like to discuss any of the above cybersecurity requirements or recommendations, please reach out to us at email@example.com or call 888.624.6737 to speak to a Systems Engineering representative. Clients, please reach out to your Account Manager.