It seems like all we talk about in technology these days are cybersecurity incidents, data breaches, and ransomware attacks. It’s no wonder considering that these incidents are taking entire organizations offline and stealing data from the masses. They’ve become a big part of our current digital existence. At the end of the day, the computer systems we utilize every day rely on us fallible humans to tell them what to do, and to keep them secure from new threats.
If you took a computer course in school, you inevitably had a project where you were tasked with making the famous words “Hello World” appear on screen or on a printout. If you coded the system properly, you were successful, but if you made even the slightest mistake in syntax, code, variable, etc. the system would error out and you’d have to search for the problem. Our traditional security systems have operated in much the same way, relying on the configuration and policy decisions of error-prone humans to dictate what was happening. So how does this relate to insurance?
Well as technology has evolved, so have the defensive solutions available to our organizations designed to help protect our systems and digital assets. These new evolutions in security technology are designed to overcome some of our weaknesses as humans to fortify and protect us even if we make a small mistake here or there.
So, combine these scenarios and you will start to realize why new questions are appearing on your liability and cybersecurity insurance applications and renewals.
- Increase in the number of cyber incidents and ransomware attacks resulting in losses totaling millions of dollars.
- New cybersecurity technologies aimed at the most common threat vectors used in those cybersecurity incidents.
You will likely see the following questions (and others) on your application or renewal:
- Do you utilize/enforce multifactor authentication (MFA) for administrative access, or access by users into systems that store/process critical or sensitive information?
- Do you use an endpoint detection & response (EDR) product across your enterprise?
- Do you perform regular vulnerability scans?
- Do you have or utilize an outsourced security operations center?
- Do you have an incident response plan?
- Do you regularly test your backups?
These are all considered modern solutions to the real cybersecurity threats we all face every day.
- Multifactor ensures that before gaining access a person must present at least two different types of authentication:
- Something they know like a password
- Something they have like a smartphone or token
- Something they are like a biometric thumbprint or facial scan
- EDR is an enhanced next-gen antivirus solution that not only protects against known threats like viruses, malware, and ransomware, but also collects information about running processes and activities that themselves may not be malicious but can be used in malicious ways. Through Machine Learning (ML) and Artificial Intelligence (AI) these platforms can spot the abnormal and take action accordingly.
- Vulnerability scans are key for taking away the threat actors leverage into the system. By ensuring that systems are updated/patched, and end of life (EOL) software is removed when no longer in use, we can reduce the capabilities an attacker has if they gain access to the system. While not specifically discussed, we also face human vulnerabilities that we address through cybersecurity awareness training and testing.
- A Security Operations Center generally collects information through a Security Information and Event Management (SIEM) system and correlates this information into actionable data. This is helpful when spotting anomalies across systems, and/or reconstructing actions during an investigation.
- An Incident Response (IR) plan is critical for ensuring that resources have been allocated to respond to an incident and that careful planning takes place to reduce the chaos during an incident. Usually, these are great learning exercises as well that will spot system deficiencies or lack of resources that are needed to respond to an incident.
- Testing backups regularly ensure that if an incident does occur that takes a system down and/or destroys data, then recovery is possible and a general idea regarding the process and time required to recover is known.
The NIST Cybersecurity Framework utilizes five functions (Identity, Protect, Detect, Respond, and Recover). These protections follow along with these functions very well. MFA, EDR, Vulnerability Scans are all focused around Identifying Assets/Users/Systems and providing Protection. The SOC and IR are focused on being able to Detect anomalies and being able to Respond accordingly. And finally testing backups ensures that we can Recover when all else fails.
So, if you are up for renewal for your business liability insurance, and/or cybersecurity insurance and you are being asked about some of these protections, hopefully this information will help you better assess your current situation and respond accurately. The only thing worse than not having the protection in place, is providing false information to insurance, and then losing coverage eligibility.
Axxys has developed a tiered cybersecurity solution to meet the needs of your organization and aligns with the requirements of common frameworks such as NIST CSF, CISv8, and insurance requirements like those listed here. If you are unsure about your current posture and capabilities, please reach out so we review your current posture and desired state and help build a plan of action to keep you safe.