Ransomware Trends

Why are Cyber Insurance Requirements Increasing?

  • More Attacks = More Payments
    • Cyber Liability Insurance providers have observed the sharp spike in cybercrime. This increased activity has lead to an increase in payouts. As a result, prices have gone up and requirements have established a new baseline of security.

  • Double Extortion Ransomware
    • Ransomware is a type of malware that encrypts an organization's data and deamands payment in order to restore access.

    • This new strain of ransomware both encrypts and steals user data. By threatening to leak your data to the press and public websites, there is an even greater incentive to pay attackers.

 

  • Critical Security Gaps
    • Organizations are still generally under the impression that simple anti-virus is enough to stop modern attackers. This is no longer the case, and these cybersecurity gaps have reached a critical mass.

Beating the Baseline - New Insurance Compliance Minimums

  • Multi-Factor Authentication
    • If you can remote into the network, you will need to have MFA enabled.
    • Don’t skip on this one – it will likely lead to denied coverage and poses a major security risk.
    • Multi-Factor Authentication on ALL Remote Access and Web Email
  • Endpoint Detection and Response
    • EDR is Better than AV

    • Anti-Virus is no longer enough to secure an environment.

    • EDR is the new standard; these new tools provide prevention, detection, and response ​​​​

  • Perimeter Security​​​​​
    • Perimeter Security is Still Important

    • Intrusion Prevention/Detection Systems, Next-Gen Firewalls, and Sandboxing are critical.

    • Also ensure that your organization has Geo-IP blocking enabled.

  • Monitored and Aggressive Patching
    • Protects against attacks
    • Fixes holes
    • Keeps systems running smoothly
  • Cybersecurity Training
    • Cyber Security Awareness Training and Phishing Simulations are Required

    • Security without user training is ignoring the primary threat vector at most organizations.

    • Test users with phishing simulations to ensure proper security practice.

 

Share this

Related Articles

July 1, 2022

What is a HIPAA Violation? Who is Responsible? What is the Punishment?

June 21, 2022

What is a Managed Security Services Provider (MSSP)?

June 2, 2022

How do Ransomware Attacks Happen and What You Can do to Prevent Them