January, for many of us, is the month during which we set our personal resolutions for the year ahead.
‘We must be better’ we say. ‘We must focus on our health, and improve ourselves, and be the best version of ourselves we can be!’ Of course, by February, most of us have forgotten these promises to ourselves and have ditched the running gear and extreme diets. However, one resolution for 2021 that organisations should be setting, and sticking to, is to be able to identify areas of cyber exposure and look to mitigate and transfer this risk.
Off the back of increasing cyber claims activity, particularly as a result of ransomware attacks, we are seeing cyber insurers place greater scrutiny on how organisations approach cyber risk, and the controls in place to prevent or mitigate a breach. Therefore, we recommend that our intermediaries advise their clients, both those who currently purchase cyber insurance and those who are considering it, to focus on improving their cyber health. Starting with what we believe to be, in no particular order, the key areas to focus on as follows…
Cyber New Year’s Resolutions for all organisations:
Ensure you have robust business continuity and disaster recovery plans in place and ensure you test these at least annually
In addition, we recommend implementing an exercise as part of the testing for a ransomware scenario and how the organisation will react in this situation.
Put in place a data purging plan
We always recommend an organisation purging any data which is no longer required for standard business purposes, or for regulatory requirements. There are two main reasons for this – if a network is compromised and you are holding legacy personal information, you may have to notify all of these data subjects should their data be compromised – this can of course be minimised by only holding relevant information.
The second reason is that cyber insurance often uses PII (Personally Identifiable Information) as one of the areas to rate and base the premium on. By purging data no longer required, you will have less PII records used for rating purposes, which may then have a positive impact on your cyber liability premium.
Back at the start of 2020, a major global software company announced that a data breach led to 250 million unencrypted records going back 14 years being released into the public domain. If the software company had carried out a purging exercise of this older data, it would have had a material impact on the number of records that had been compromised.
Implement a solid EDR (Endpoint Detection and Response) Solution
An EDR solution is fundamental for an organisation to be able to record and store endpoint behaviours – it will detect suspicious system behaviours, block malicious activity and also provide reporting and remediation guidance in regards to the incidents it identifies. We suggest implementing the best EDR solution possible, as it is an incredibly valuable tool in the mitigation and prevention of malicious attacks.
Regularly carry out reviews of your third party vendors
The recent Solarwinds breach has highlighted even further, the reliance all organisations place on third-party vendors. We recommend undertaking comprehensive reviews of vendors based on ‘risk tiers’, looking to identify and review your ‘higher risk’ vendors at least annually. We also suggest that your business continuity tests are carried out alongside your key vendors.
Identify and minimise those users on the network who have local admin rights/provisions
This is something that we highly recommend reviewing and minimising – the more users with local admin rights/provisions, in our view, the higher the exposure to a breach. Look to reduce the provision only to those who absolutely need to have those rights. Therefore look to mitigate employee’s abilities to download and implement software, either maliciously or inadvertently, which may carry a threat to your networks.
Review End of Life systems
Most organisations will still have legacy hardware or systems in place, but we recommend implementing a strategy to either phase out or migrate these legacy items, and purchase additional support time for those legacy systems in the meantime. We recommend minimising direct connections with the internet for End of Life systems where possible, or segregating these systems from the core network.
Ensure employee cyber awareness
It’s important, particularly in this ‘Covid Era’, that employees are aware of the potential increased risks of phishing attacks, and that they therefore undergo regular training to learn how to identify and avoid these attacks. We recommend that firms do carry out internal ‘phishing drills’ as part of this training exercise – these drills can also help identify users who may need some additional guidance or training on how to spot a phishing attempt.
Alongside your employee training programme, we also recommend using SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) or DMARC (Domain-based Message Authentication, Reporting and Conformance) which all work to authenticate and identify forged email sender addresses, assisting in the detection of phishing emails.
Ensure regular back-ups and protection of data
It’s important that there is a full data back-up strategy in place and that back-ups are regularly taken, particularly critical data. We recommend the encryption of back-ups and that regular testing of the back-up procedures takes place, particularly in line with the organisation’s agreed RTOs (Recovery Time Objective). If possible segregate back-ups from the network and store off-line.
Segmentation and segregation of the network
This is the process of dividing networks into smaller sections, therefore creating barriers between parts of the system that are not required to interact. This can also help prevent or limit lateral flow through a system, should the network be breached, and therefore can look to mitigate full network access.
Implement Multi-Factor Authentication (MFA) across the network
We strongly advise looking to implement MFA for all remote access (particularly important as employees are working from home), and also for access to back-ups. Usernames and passwords are vulnerable to attacks and therefore MFA provides the fundamental additional layer of network security to protect user data. MFA is one of the most important ways in which an organisation can significantly improve their security profile.
Dedicated cyber insurance forms a key part of an organisation’s response to managing cyber risk, but whilst there are areas like the ones above which will assist in improving an organisation’s ‘cyber health’ - evaluating, mitigating and transferring cyber risk is not always a tick box exercise, and requires a trusted and expert advisor to guide you through the process.
Miller’s specialist cyber teams, works closely with our US intermediaries to assist, advise, and place Cyber, Technology E&O and Media E&O coverage within the London and international markets. Using our knowledge and experience to enable us to leverage long-standing relationships to obtain flexible cover on favourable terms.
We are able to deliver tailored solutions for a wide range of organisations, arranging coverage and high levels of capacity that cannot easily be placed elsewhere. We are also able to provide bespoke marketing and claims scenarios based on sectors, to assist our intermediaries in the explanation and selling of cyber insurance to those organisations who are currently not purchasing.