In an ever-expanding world with a fast-changing and complicated insurance coverage landscape, cyber threats inevitably present themselves to any organization with even the most sophisticated environments. In the realm of cyber insurance for your organization, offense is the best defense and Graham wants, and needs, to help you mitigate trouble before it knocks on your door.
In 2020, an estimated $4.1 billion in direct written premiums specifically for cyber coverage were written. Of that number, 68% of the policies were written by the top 10 insurance groups in the country. To combat the inevitability of rising costs in the hardening market as we begin 2022, Graham takes a comprehensive approach to cyber risk management.
So where do you begin to understand the products and services available to you? At Graham, we have implemented Graham Cyber BlueprintSM, which is a detailed investigation and evaluation of your organization’s cyber hygiene. It zeroes in on the most glaring vulnerabilities, urges correction, and provides recommendations to implement the protective controls necessary for insurability.
Business Email Compromise and Ransomware attacks predominated the claims filed in the last 18-24 months and the projections for 2022 are even higher and the Cyber Insurance Market continues to harden. The frequency of the attacks is on the rise and so is the sophistication of the threat actors. Through the use of Graham Cyber Blueprint we can proactively review your organization's control and procedures, and provide recommendations to reduce the potential of a cyber incident and reduce the impact it may have in the unfortunate event of a cyber attack.
The pandemic has been a fertile petri dish for ransomware attacks as remote workspaces opened up more vulnerable pathways for bad actors with a remote workforce often functioning in a compromised cyber landscape. More attacks executed, more ransoms paid, higher claim filings and increased insurance rates are now the norm, rather than the exception. It is imperative now more than ever that you and your organization are prepared to weather an impending cyber storm ahead.
In an initial “hygiene evaluation”, our comprehensive Graham Cyber Blueprint questionniare asks questions of an organization that provide a holistic overview of your connected environment.
Graham Company will help you be prepared to prevent cyber threats by taking the actions necessary to evaluate your cyber hygiene and craft proactive plans to put you in a strong position to combat any potential cyber threats.
Number one, to little surprise, is MFA (Multi-Factor Authentication). It’s prominent in many cases, yet a significant number of organizations still don’t use MFA, citing fear of complicated sign-ins and frustrations for their users. Many insurers start here and will deny coverage without this most rudimentary control.
Next on the list is Secured Remote Connectivity, a pandemic must-have with so much of the workforce still performing remotely. In an effort to make sure that employees are not using personal devices or non-commercial grade software to conduct business, a virtual private network (VPN) can be launched and secured with MFA. Without this, hackers may have a wide-open door to enter through to wreak their havoc.
Segregated Back-Ups Once a hacker gains access to your network, they usually can gain access to your backups since both are almost always stored on and connected via the same network. Best practices include having clients segregate and airgap backups, store them with an external cloud service, or offline through tapes, with access secured via MFA. Functioning and accessible backups can make the difference in paying a ransom demand or not, thus ballooning claims expenses, as the average ransom demand continues to climb over six figures. Regular testing of the backups keeps the integrity of your systems in place.
Employee Training and Phishing Exercises Employees should participate in regular training and testing to be able to identify signs of suspicious activity to reduce risk of compromise and prevent fraud. We often say employees are the first line of defense, and as the threat landscape continues to evolve, employees must remain diligent and educated to do their part to protect an organization and its data. It’s a low cost, easy method and is often overlooked.
Cyber Incident Response Policies The “not if, but when” approach can only help expedite remediation for a company, so it is best to plan ahead for an incident and be prepared on what steps to take and in what order to lessen the negative impact on an organization. Time is of the essence when a cyber incident occurs, and it is pertinent that these policies are continuously updated to account for operational and personnel changes of internal stakeholders (within HR, IT, Legal, Communications, Executive Leadership) as well as external stakeholders including your Insurance Carrier, Broker, Breach Hotline, and other incident response vendors.
Endpoint Detection and Response (EDR) Tools provide for continuous system monitoring and set off alerts when any suspicious activity is spotted. When rolled out across all endpoints in your network, EDR can help isolate and prevent the spread of an attack or threat.
Data Encryption Both data at rest and in transit needs encryption to protect sensitive information in the event an unauthorized user or entity gains access to this information, they will not be able to access and read it if there is encryption. Encryption is a basic, yet vital, component to data privacy and security for an organization to deploy.
Patch Management is the process of distributing and applying updates to software and applications to correct errors (also referred to as “vulnerabilities” or “bugs”). When a vulnerability is found after the release of a piece of software, a patch can be used to fix it, and helps to ensure that assets in your environment are not susceptible to exploitation. This reduces your security risk and enables applications and software to continue to run smoothly. Additionally, with the continued rise in cyber-attacks, organizations are often required by regulatory bodies to maintain a certain level of compliance. A Patch Management policy should address timeframes and scheduling, prioritization, testing, roll-out and deployment, as well as monitoring, measuring, and reporting.
Vulnerability and Penetration Assessments identify, quantify, and analyze weaknesses within your IT infrastructure to better protect assets. Penetration testing provides simulated attacks to map out the paths a threat actor may take to strengthen your defenses. An outside third party should be engaged to perform these assessments to prevent and mitigate possible exploitation.
Removing Local Admin Access significantly reduces a threat actor’s ability to cause catastrophic harm and carry out an attack. When admin rights are enabled, users have the full ability to download, install, and execute programs without managerial oversight, configure system settings which could lead to an unstable OS and slow-downs, and view and edit any file on the computer - including those belonging to other users if the workstation is shared. A best practice is to have a Policy of Least Privilege, which states that users should be given the absolute minimum level of permissions they require to properly do their job. The more privileges given, the greater the responsibility, and thus the greater the overall risk.
Supply Chain Risk exposures are ever more prominent as organizations continue to rely on technology and others to operate their business. With increased dependencies on cloud service providers, vendors, and third parties, organizations must understand who has access to your data and network, and maintain inventory and controls of access privileges. Furthermore, organizations must have continuity plans in place in the event of systemic risk exposures that impact multiple organizations, and a cyber attack can cause a loss that is not limited by time, industry, or geography.
We are seeing an increasingly hard market in 2022 and any organization this is not properly prepared should act quickly to build up their cybersecurity defenses. Don’t get caught without adequate protection or coverage. Assessing your cyber hygiene and creating an action plan to protect your organization against any threats should be the number one priority on every to do list moving into the new year. Contact your Graham Service Team today for access to Graham Cyber Blueprint for your Cyber hygiene check-up and a policy assessment to ensure insurability and cyber resiliency.
