Having proper Multi-factor Authentication (MFA) protocols in place does not eliminate the need for insurance but it can lessen the cost and loss potential dramatically. With ransomware attacks and business email compromise scams making headlines and impacting companies of every size, organizations need to be proactive in protecting their cybersecurity posture and preparing for their cyber insurance renewal.
At Graham, we are committed to helping our clients implement mitigation measures to prevent catastrophic ransomware attacks and ensure coverage availability given the significant uptick in these claims over the last year and a half. It is becoming universally acknowledged that MFA measures are necessary to safeguard every level of security and privacy for small, mid-sized and large corporations. While cyber attacks are undoubtedly multiplying and the threat actors are growing more brazen because of their hacking successes and financial gain, there are ways to stop them in their tracks with proactivity, teamwork and ultimately, compliance.
MFA involves a two-pronged approach to access which includes a minimum of two verification factors beyond a username and password. Examples such as a one-time password (OTP) sent to your known device, fingerprint ID or voice recognition are common. Adaptive Authentication is a subset of MFA, also known as “Risk-Based Authentication” which analyzes other factors considering context and behavior (if you normally do not log in to your account from a coffee shop after hours, the system would flag that activity and look for ways for you to prove your identity that are not used when your IP address is connected to your place of business). In the case of the Colonial Pipeline cyber incident, just one password was needed for the threat actors to compromise the entire company’s IT infrastructure. In a high-profile and wide-ranging destructive example such as the Colonial Pipeline making headlines, there are fundamental lessons to be learned to help prevent these attacks from occurring.
The Colonial Pipeline and JBS ransomware attacks are in the news but some observers are projecting as many as 100,000 businesses of all shapes and sizes falling victim to this recently amped-up cyber threat in 2021. In the larger and more newsworthy cases, we are beginning to see government intervention. Agencies like Homeland Security and the FBI can be summoned to investigate and in particular they will try and determine if a cyber attack on an agency or company can be classified as terroristic. Additionally, the U.S. Department of the Treasury can use The Office of Foreign Assets Control ("OFAC") sanctions to punish foreign bad actors deemed responsible for these attacks, and organizations and make payments to sanctioned countries and entities. It is important that when an organization is working through a cyber incident, they are engaging experienced vendors to assist in notifying the government and complying with advisories regarding ransom payments. Government agencies can then better track the threat actors, hopefully at their source, and recognize patterns. It sounds simple, but it’s not always done.
Some companies may find the extra steps of adding a layer of protection an undue burden on their IT departments. There can also be resistance from employees themselves who may see this as a time-waster and a barrier to their individual productivity. The truth is, these steps, if implemented properly and with help from knowledgeable sources, can be quickly executed while providing a great deal of protection. These measures can slow or even prevent a network compromise but are often perceived to be overkill by the people who must use them. A good IT department will simplify any difficulties with the set-up process and point out that an underestimated risk can wreak havoc. “It can’t happen here” until it does.
The proliferation of attacks and subsequent claims has, of course, led to an increase in premiums for policyholders across all industry segments. In February of this year, some estimates projected increases anywhere from 20 to 30%. As we approach the Summer, policy premium increases have approached something closer to 50%. This has to do with both the increase of reported cyber infiltrations for security damage inflicted on a company as well as the increased costs associated with ransom demands that have been paid. One way to help bring down these costs is to have full implementation of MFA protocols (for email access, remote access, and administrative controls) to prevent attacks or slow attempted ones before too much damage is done. Graham Company recommends MFA implementation for all organizations, as an additional layer of protection, in addition to a cyber insurance policy.
Having proper MFA protocols in place does not eliminate the need for insurance but it can lessen the cost and loss potential dramatically.
Please reach out to your Graham Company Service Team with any questions or for assistance in making your cyber hygiene more efficient and complete.