Controls are key

As Cyberattacks have skyrocketed, and Insurers and business partners are increasingly questioning cyber operating environments and the controls in place to become cyber resilient.

Some Organisations are still struggling to adopt best practices – most often because of cost or don’t see the need for controls. Even in regulated industries, cyber resilience controls were often more about checking a box than enhancing security. 

Organisations across the board, from the very big to the micro should make a concerted effort to adopt controls that mitigate ransomware risks and improve their cybersecurity posture and resilience. 

Five controls to adopt now 

As a starting point, prioritise the following five cyber hygiene controls to have the most impact on insurability, mitigation and resilience:

  1. Multifactor Authentication (MFA)
    Technology can break user passwords, even ones considered strong.

Organisations should bolster their security through MFA, which requires at least two pieces of evidence (factors) to prove the user’s identity. Usually, the two factors are something you know and something you have.

For example, a time-sensitive pin code delivered either through an app or via text message is often a second factor on top of the user’s password. Although no cybersecurity tools are perfect, MFA provides a substantial barrier to entry. 

  1. Endpoint Detection and Response (EDR)
    Up-to-date information about the security posture of any devices employees use to receive corporate information, whether it’s a laptop, desktop, or mobile device is important for businesses to know.

Widely available software gathers critical information, such as the location of the device, the last time it was updated, current software version, and any attempts to download new software. EDR offers continuous monitoring and more advanced detection and automated response capabilities.

It will watch for any suspicious or irregular activities and facilitate rapid incident response across an organisation’s environment.

  1. Secured, Encrypted, and Tested Backups
    Ransomware activity underscores the need for organisations to have a robust backup strategy.

Backup intervals will depend on how often the data changes, but most organisations run periodic full backups regularly.

Backups should be encrypted so that they cannot be tampered with.

It is a best practice to logically separate backups from the network to ensure they’re not easily accessible to any threat actors. Immutable backups, which lock up previous versions of your backup to prevent it from being altered or deleted, offer a similar layer of security.

The IT / IS department or outsource should establish a data restoration testing schedule during which backups are restored to ensure that they are working as intended.

  1. Privileged Access Management (PAM)
    Users should be required to use higher security login credentials to access administrator or privileged accounts.

Special users — such as IT, network, or database administrators — should only be allowed to carry out specific tasks through their privileged access. Users with privileged or administrator accounts should be required to log out of their privileged accounts to conduct any non-privileged tasks.

A system administrator that logged in through his or her privileged account to change security settings should log out after that task is completed and be required to use “standard user” credentials to check email or browse the web, even if these are work-related tasks.

Many organisations implement privileged access management solutions to automate privileged credential management and session management.

  1. Email Filtering and Web Security
    Email and web browsers are full of pitfalls and need to be controlled to avoid threat actors gaining an initial foothold into your network.

Email filtering seeks to identify any messages that include links or attachments. Advanced systems will screen links and attachments to identify any potential malware or other malicious content. Flagged attachments can be opened in a “sandbox” to be thoroughly checked for malware.

Organisations should block access to any web pages that are deemed inappropriate and those that may contain malware.

These security controls should be active at all times, whether a user is working at the office or remotely, to prevent exposure to websites where bad actors may be seeking to take advantage of unsuspecting web browsing activity.

Having these cyber hygiene controls in place can help organisations achieve their risk transfer goals, provide a higher level of security, a better ability to identify threats, and ideally allow them to recover more quickly, and at less cost, from an attack.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get a quote started today

Use the Online form, call 08081753050 or email Mark at m.kreling@fdbltd.co.uk