2022 was an eventful year for cybersecurity teams as cyberattacks increased by 38%. In Q1 2023, global weekly attacks rose by 7% versus the same quarter last year. In response, cyber insurers are becoming stricter with their cybersecurity requirements, and some businesses are seeing premiums nearly double to attain and retain coverage.
According to one IBM report, ransomware was the most common attack vector in 2022, which grew by 41%. Additionally, ransomware attacks are costing organizations an average of $4.54M and taking nearly two months (49 days) longer to spot and contain than other attack vectors. These changes require organizations to implement new security measures to mitigate and manage cyber risks.
Cyber Insurance Requirements & Considerations
Depending on your organizational needs, you may find a request for many of the items below within a cyber insurance policy document. Refer to this list when seeking to attain or retain cyber insurance, along with guidance to prepare your organization's budget.
- Required enforcement of identity and access management
- Increased requirement for email security screening
- Identified and segregated unsupported and end-of-life (EOL) software
- Limited domain administrator accounts within an organization's network
- Implemented security products and solutions to prevent and detect malicious network activity
- Applied baseline standards and vulnerability scans for devices with network connections
- Dedicated backup and recovery processes with data recovery point objectives (RPO) and recovery time objectives (RTO)
- Directed tabletop exercises to test and inform an incident response plan
Required enforcement of identity and access management
Multi-factor authentication (MFA) for privileged accounts is now extended to all users on your network. This includes volunteers, third-party contractors, etc., and anyone with an account on your network.
Guidance
Enabling MFA is not a new recommendation; this has been at the top of the cybersecurity best practices list for years. The issue seems to be organizations' slow pace in implementing MFA. If you have not deployed MFA throughout your company, stop reading here. Come back once you have enabled this low-cost, highly effective cloud security defense measure designed to stop cybercriminals before they start.
Increased requirement for email security screening
Security controls for emails must include screening and quarantining for malicious links and attachments, tagging, detonation, and evaluation of attachments in a sandbox, among other policy and reporting standards. Regular employee testing and training for phishing email simulation should be conducted so users can identify fraudulent or spoofed emails.
Guidance
Phishing and ransomware attacks are only increasing and becoming more sophisticated each day. Cybercriminals are adapting tactics to trick spam filters and fool unsuspecting victims to gain access to your organization's sensitive information. You can get in front of these hacker attempts by creating a culture of security through security awareness training for employees and implementing the right email security measures.
Identified and segregated unsupported and end-of-life (EOL) software
You need the ability to discover and map devices or endpoints connected to your network to help maintain an up-to-date configuration management database (CMDB). Any EOL and end-of-support (EOS) software should be segregated from your network and supplementally supported.
Guidance
Information technology (IT) should serve your business strategy and future goals, not put your business at unnecessary risk. It is important to understand that running EOL or EOS software leaves the network they are connected to vulnerable to attacks, which cybercriminals waste no time exploiting.
When planning for outdated technology, time must be accounted for in each process phase. From analyzing options, making decisions, lead times for engineering talent and hardware, to training employees for ‘go-live.' A solid EOL management strategy and an asset inventory maintenance program will help you control risk, reduce unforeseen budget expenses, and better plan for supply chain issues that cause delays.
----------------
Here is a list of upcoming EOL dates on some common products within the next year. If you will be impacted by any of the items listed, now would be the time to connect with your IT Account Manager.
- Windows 8 EOL 1.10.2023
- Exchange Server 2013 EOL 4.11.2023
- Windows Server 2012 EOL 10.10.2023
Limited domain administrator accounts within an organization's network
As part of data breach prevention, the "least privilege" principle should be applied to administrator or service accounts that, by default, have the most access and control within your organization's network. Along with limiting access, these service accounts must be uniquely monitored for unusual activity and password management.
Guidance
Organizations need to expand data breach prevention and network protection to include people, devices, apps, and data found in remote work environments to a 'Zero Trust' environment. With Zero Trust, your network no longer implicitly trusts anyone or anything, inside or outside your network boundary. Each access request must be fully authenticated, authorized, and encrypted before access is granted. Using the idea of 'least privilege,' just-in-time and just-enough-access (JIT/JEA) principles are applied to minimize lateral movement within your network (access to one network resource does not grant automatic access to another).
Implemented security products and solutions to prevent and detect malicious network activity
Endpoint protection and response solutions dedicated to network protection, designed to detect known threats, as well as changes in the operation behavior of endpoints, are a standard requirement. These are next-generation virus scanning tools, such as endpoint detection & response (EDR), combined with a centralized team dedicated to monitoring and remediating identified security threats, known as a security operations center (SOC).
Guidance
The need for greater visibility and depth of response to cyber threats across your entire digital landscape is not just a cybersecurity best practice; it's a requirement to obtain cyber insurance. You may have some form of network security monitoring in place; however, many organizations must have advanced network monitoring. This new model combines security operations expertise, threat intelligence at endpoints, networks, identity, and cloud sources, along with 24x7 monitoring capabilities. This level of response is key to securing your organization against the increasing dangers of advanced cyberattacks.
Applied baseline standards and vulnerability scans for devices with network connections
You may hear the term 'harden' in relation to systems and devices connecting to your network. This means you need to have a set of standards and tools in place that will test any new endpoints or systems introduced to the network, including MFA enforcement, patching updates, device monitoring, etc. It is also necessary to conduct penetration testing of the network and vulnerability scanning of devices on that network.
Guidance
It may be easy to assume that patching is less critical now that more data lives in replicated cloud storage environments, but the opposite is true. Our work-from-anywhere society, access to multiple network environments, and increasing occurrences of cyberattacks make it more important than ever to manage patching and software updates with urgency. By implementing a solid patch management process and system parameters for network access within your organization, you can harden your security posture and become more translucent to cybercriminals.
Dedicated backup & recovery processes with data recovery point objectives (RPO) & recovery time objectives (RTO)
Every business should have a data backup and recovery strategy. This strategy should include protecting data in backup systems from compromise. Before a ransomware breach, you must predetermine how long your organization can be down (RTO) and how much data can be lost (RPO) before it can be functional again.
Guidance
Data loss affects all organizations at some point, and the type of industry you are in can dictate certain requirements of your backup and recovery strategy. Knowing your RTO and RPO will help determine the type of backup and recovery process you need. Do you have a tape-based, air-gapped backup system that needs to be augmented with a cloud backup service or vice-versa? Each determination will have a dollar figure associated, so the right combination is paramount to optimizing costs.
Directed tabletop exercises to test & inform your incident response plan
If your business is hit with ransomware or any other cyberattack, it’s wise to know how your organization will respond. A disaster recovery/business continuity plan (BCP) that outlines your response strategy in the event of a cybersecurity incident must be in place. The plan should be regularly tested and involve an incident response team.
Guidance
Testing your backup systems and business continuity plan is the best way to know their reliability. Regular incident response tabletop exercises are a best practice. With C-level executives now being held accountable for cyber breach incidents, it is important to get involved to fully understand the cybersecurity controls and preventative measures you have in place.
Domestic cyberattacks on large and small companies motivated a national awareness for increased cybersecurity, prompting increased industry regulations. No longer are these cyber requirements reserved for companies with high compliance obligations – getting and maintaining cyber insurance at all levels is now a must for all businesses, regardless of industry or size. To stay ahead of these industry requirements, we suggest alignment of company operations around a cybersecurity framework, such as NIST.
As your managed IT and security services partner, Systems Engineering will effectively support your technology and end-users and improve your cyber defense posture. By staying on top of trends and the industry shifts influencing tech spending and regulations, we can help you make sound investments that enhance productivity and harden your cyber defenses.
If you recognize potential gaps in your current IT operation or would like to discuss any of the cybersecurity solutions recommended in this article, contact us at info@systemsengineering.com or call 888.624.6737 to speak to a Systems Engineering representative. Clients, please reach out to your Account Manager.