Why are Cyber Insurance Requirements Increasing?
- More Attacks = More Payments
- Cyber Liability Insurance providers have observed the sharp spike in cybercrime. This increased activity has lead to an increase in payouts. As a result, prices have gone up and requirements have established a new baseline of security.
- Double Extortion Ransomware
Ransomware is a type of malware that encrypts an organization's data and deamands payment in order to restore access.
This new strain of ransomware both encrypts and steals user data. By threatening to leak your data to the press and public websites, there is an even greater incentive to pay attackers.
- Critical Security Gaps
- Organizations are still generally under the impression that simple anti-virus is enough to stop modern attackers. This is no longer the case, and these cybersecurity gaps have reached a critical mass.
Beating the Baseline - New Insurance Compliance Minimums
- Multi-Factor Authentication
- If you can remote into the network, you will need to have MFA enabled.
- Don’t skip on this one – it will likely lead to denied coverage and poses a major security risk.
- Multi-Factor Authentication on ALL Remote Access and Web Email
- Endpoint Detection and Response
EDR is Better than AV
Anti-Virus is no longer enough to secure an environment.
EDR is the new standard; these new tools provide prevention, detection, and response
- Perimeter Security
Perimeter Security is Still Important
Intrusion Prevention/Detection Systems, Next-Gen Firewalls, and Sandboxing are critical.
Also ensure that your organization has Geo-IP blocking enabled.
- Monitored and Aggressive Patching
- Protects against attacks
- Fixes holes
- Keeps systems running smoothly
- Cybersecurity Training
Cyber Security Awareness Training and Phishing Simulations are Required
Security without user training is ignoring the primary threat vector at most organizations.
Test users with phishing simulations to ensure proper security practice.