While ransomware showed signs of slowing down in 2022, according to Delinea’s latest State of Ransomware Report, the devastating fallout means there’s no pause in the need for cyber insurance.
The report found that only 25% of the companies surveyed fell victim to ransomware attacks in 2022. This is a stunning decrease from the previous 12 months when 64% of respondents said they were victims.
But the consequences of ransomware attacks are now more tangible, with more respondents reporting lost sales (56%) and customers (50%) in 2022 compared to the previous year.
The bottom line is that most organizations still need coverage. Another Delinea report shows that around 70% of the companies surveyed have applied for cyber insurance. Almost 80% of organizations with cyber insurance have had to use it, and more than half of those have used it multiple times.
But getting cyber insurance is not a one-size-fits-all solution. Insurance companies evaluate each organization individually. They want to understand the risks, potential damage, and how well the organization is protected against cyberattacks.
With cyber insurance prices rising even faster than inflation – and the risk is that some companies will struggle to get insurance at an affordable price – potential insurance seekers need to be prepared.
1. Identify risks and train employees
Insurers want customers to understand their risks and have risk management processes in place, possibly including a cybersecurity risk assessment. Identifying vulnerabilities also helps assess an organization’s cyber risk tolerance.
Insurers also want regular cybersecurity training beyond simple online testing or security policy approvals. Make cybersecurity awareness training a part of company culture and incorporate it into any company-wide or departmental training.
2. Track assets and privileged accounts
Organizations should have an inventory of all devices, software, and privileged accounts that attackers can target, including those used by remote workers. Identify all threat vectors and determine the value and scope of assets to be insured.
Active Directory account and password detection tools, service accounts, and local accounts and applications make this much easier.
3. Automate passwords and use MFA
The use of manual spreadsheets for password management is a red flag for insurers. Implement a privileged password management solution like a password vault to track credentials and generate and rotate complex passwords so users don’t have to type or remember them. Use automation to apply policies consistently and eliminate human error.
Multi-Factor Authentication (MFA) adds another layer of security. Show insurers the right steps have been taken to mitigate credential-based cyberattacks by using MFA for both enrollment and elevation of privilege.
4. Implement PAM and Defense-in-Depth
Hackers often hide their activities under the guise of a legitimate administrator. A comprehensive PAM solution helps to control access to systems and data and to comply with regulations. Look for software that can automate risk identification and analysis for privileged accounts, along with vaulting, continuous monitoring, and session recording.
Demonstrate that additional measures are taken to protect against malware attacks by implementing defense-in-depth. This includes implementing and enforcing least privilege access, restricting or removing local administrative privileges, and injecting threat intelligence and endpoint protection solutions.
5. Secure accounts and use endpoint security
When a disaster strikes, it’s important to recover quickly. Ensure that all secrets (passwords and other credentials) are not tied to a single location and can be moved to a secure location. A successful password management or PAM solution should have infrastructure redundancy for break-glass access.
An endpoint security tool also makes it easier to detect and respond to attacks. Choose a solution that provides comprehensive monitoring, alerting, and reporting of privileged behavior on workstations and servers. IT security teams should be able to detect unexpected behavior and perform forensic analysis when a breach occurs.
6. Monitor credential usage
Keep an eye on employee use of credentials: 82% of data breaches involve the human element, including social attacks, error and abuse, according to Verizon’s 2022 Data Breach Investigations Report.
Leverage a PAM solution that can monitor remote sessions, extend remote monitoring to cloud sessions, and use privileged behavior analytics to audit which digital identities are being accessed to detect anomalies and stop attacks.
7. Create an incident response plan
An incident response plan can prevent a cyber break from becoming a disaster. It helps IT operations, security, and incident response teams form a united front against an attack, coordinate a rapid response, and maintain business continuity.
Use a customizable template to create an incident response plan. Include a checklist of roles and responsibilities and actionable steps to measure the magnitude of a cybersecurity incident and contain it before it damages critical systems. Run incident simulations to identify areas for improvement and show that responsiveness is more than theoretical.
While not a substitute for a solid, up-to-date cybersecurity program, organizations should definitely consider cyber insurance to protect themselves against the increasing consequences of ransomware and other attacks. The better prepared an organization is, the easier it is to get and the less it costs.
