2024-01-19 10:01:31
Why have cyber insurance
Rampant ransomware attacks have turned the cyber insurance o cyber insurance a priority for company boards of directors, which has motivated a change in the profitability equation of cyber insurers.
Requirements to contract cyber insurance
The requirements are becoming stricter, hence obtaining a cyber insurance policy with favorable conditions, price coverage and low retention is proving to be a battle for many organizations. The world has changed and the new identitiesenvironments and attack methods alter the ability to have a security posture solid. Therefore, insurers today not only take into account the risk of ransomware, but also the current volatility of the markets and the continued geopolitical tensions. Especially since incidents such as MoveIt Transfer, Accellion, SolarWinds and Log4j have raised concerns about the risks software supply chain.
Cyber insurance requirements increase
Get one policy or renewing cyber insurance with the right conditions can be difficult, but not impossible. Insurers are responding favorably to companies that put in place robust security controls and incident response plans, especially those that are prepared to delve deeper into their cybersecurity architectures and planned roadmaps. Therefore, it is essential to be proactive in implementing basic security measures and articulating a risk-based approach to cybersecurity. As? Let’s analyze the 5 main points:
1. Privilege security on the endpoint
Since ransomware attacks typically begin on workstations and servers, security of user privileges endpoint will be under the magnifying glass. Initially, insurers wanted to see a company train its employees in phishing and credential theft techniques, and use endpoint detection and response (EDR/XDR) solutions to help identify and remediate suspicious activity.
As companies’ dependence on vendors and contractors increases, third-party involvement increases the average total cost of a data breach by approximately 5%, to nearly $4.7 million.
Today, even these measures are not considered sufficient on their own. Attackers find ways to disable or bypass EDR/XDR by abusing administrative credentials, as seen in the SolarWinds attack. This has led to increased scrutiny around endpoint privilege controls, especially a company’s ability to remove local administrator rights from all users. To demonstrate effective risk reduction, organizations must prioritize between reduced privilege control and operational efficiency.
2. Multi-factor authentication (MFA)
The requirements for the MFA They are also growing. Insurers began to dig deeper as they discovered significant gaps in coverage for privileged accounts, which are typically not tied to a specific person (for example, the administrator account on each server), but are used by system administrators and other privileged users to protect sensitive data.
3. Privileged Access Management (PAM)
Insurers have begun to require PAM for privileged accounts not tied to specific users (i.e. local administrator, root, and service accounts), to achieve MFA and isolate high-value assets. Adopting modern use cases for PAM programs, such as the emerging concept of zero persistent privileges (ZSP), in which high-risk access is elevated on the fly, restricted to minimum permissions, and protected from malware, can also help demonstrate to insurers that an organization is defending against credential theft.
Also, a defense-in-depth approach can help here. Again, efficiency is key, as minimizing friction for end users is key to driving adoption of the security controls that auditors and insurers want to see.
4. Third Party Access Controls
Insurers are also studying how organizations authenticate third-party privileged users. As companies’ dependence on vendors and contractors increases, third-party involvement increases the average total cost of a data breach by approximately 5%, to nearly $4.7 million. Suppliers require the same security, but are rarely given the same attention as employees. In this regard, organizations should fully isolate and monitor privileged sessions with full auditing capabilities, similar to how they protect the access and actions of internal privileged users.
5. Security for non-human identities
The increased focus on privileged access management extends to machine identities, which outnumber human identities by a ratio of 45:1. These identities can be service accounts, encrypted secrets, or any business solution that requires credentials to perform its function (i.e., configuration management database platforms and orchestration tools DevOps), along with processes such as automation process robotics (RPA). Insurers are looking for stronger privilege controls around existing automated patch management systems, vulnerability scanners and other security tools that attackers may try to disable.
#Cyber #insurance #policy