We’re sure you’ve heard the news: Zurich CEO Mario Greco revealed that cyberattacks will soon be uninsurable. The announcement couldn’t come at a worse time, as cyberattacks increase in sophistication, severity, and volume– and experts are few and far between.
Widespread cyber crimes, with increasingly high stakes and whopping ransoms, have put insurers in an impossible position. How can they possibly guarantee payouts for affected companies when the amount of attacks increases every year, soaring to astronomical levels and costing an average of nearly $9.5 million in recovery per affected company? It’s no wonder that cybersecurity insurance providers are rolling back coverage– or eliminating it entirely.
Two responses are likely after this announcement. Some overconfident companies will take stock of their firewalls, machine learning, and pen test results and claim, “We got this!” Others, however, will take a realistic look at their current security posture and decide to step up their game. With all due respect, the second response is the correct one.
The question boils down to trust– who do you trust with your cybersecurity in this delicate time, and can you trust yourself and your current resources to hold steady? Who do you turn to if your cybersecurity coverage is cut, whether due to the increasing cost to be insured or scarcity in insurance availability? Can you trust your existing partners or providers, or do you need to consider new options to better your security posture? More than anything, organizations need to ask themselves: when things go wrong, who can you fall back on to pick up the pieces?
It’s time to take a proactive approach to cybersecurity. Now that the most popular failsafe of all, insurance, is coming off the table, organizations need more than a few firewalls and a hope that hackers will skip them over and go for the bigger, shinier option. Any company of any size can be attacked, and it’s time we start preparing for it. Here are three ways you can get a head start.
Tip #1: Operate under the assumption that you will be attacked, and plan ahead for it.
If you didn’t think you’d be attacked, you wouldn’t have insurance in the first place, right? Though cybersecurity insurance can be considered a “just in case” measure by many, the reality is that it’s an investment that was considered worthwhile at the time you signed the contract.
Let’s talk for a second about risk versus odds. If the weatherman says there’s a chance of rain, you’re going to take an umbrella with you or risk getting caught in some drizzle – a small measure in the face of a small risk. Or maybe you won’t because the chance of getting a little wet may outweigh the inconvenience of carrying the umbrella.
But if the weatherman says there’s a tornado down the street, you’re going to get down to the basement immediately, right? Greater risks and greater odds of a more disastrous outcome call for greater degrees of preparation and more robust precautions. Cyberattacks are no longer an unlikely and unpleasant possibility, they’re now a virtually unavoidable reality, and they’re more devastating than ever before.
IT and business leaders need to shift their mindsets away from “backup plans” and into future plans. Proactivity is of the essence, and reactivity will leave you high and dry as insurers step back from the plate. It’s not enough to just train employees, to set up firewalls just in case, to take preventative measures that indicate an attack is a possibility– you need to be acting as if you will be attacked. Build a strong posture now, consider cybercrime, not an unfortunate chance but an imminent threat, and take security more seriously than ever before.
This shift in mindset means taking accountability for your preventative security measures in addition to backup measures, considering maybe for the first time if your software, hardware, or services are really protecting your organization, or if they’re gestures of compliance. As you begin to ponder this question, you’ll find a few key points worth addressing– one of the biggest of which is, would you know if you were being attacked right this second?
Tip #2: Make sure you can detect and identify an attack as quickly as possible
The average cybercriminal can go undetected for, as a conservative estimate, 99 days, while many studies suggest quite longer. That’s 99 days or longer of probing for sensitive information, and 99 days or longer of poking around under the radar, 99 days or longer to fully integrate themselves and put an attack into action. This seems impossible to many– you’d think you would know if a bad actor breached your system. Wouldn’t you notice, wouldn’t you be notified, wouldn’t there be a tell? Unfortunately, most organizations don’t have the level of threat monitoring that would detect an attack immediately or even quickly– and unfortunately, that lack of clarity can be disastrous.
One of the main issues is a blind spot in your areas of vulnerability. How much insight do you really have into the vulnerabilities across the full scope of your tech stack? Do you know exactly where bad actors could or are currently attacking ? Failure to discover and record all threats throws a huge wrench in your security plan. It’s a vicious cycle of failure to detect, failure to record, and failure to prepare for the future.
Companies and Threat Actors are growing, changing, and adopting new technologies every day, and chances are you can name quite a few additions to your tech stack made in recent months. It’s critical to ensure that every new avenue for bad actors is monitored and sealed, and that begins with finding a trustworthy partner for seamless and safe implementation. Security is holistic, and your approach to monitoring threats needs to be, too– beginning with the very first step in the process and continuing in an ongoing effort to secure your organization and close off new and existing entry points.
Look at it this way. If you’ve got a mouse in your house, you’re going to take precautions, ensuring food is properly stored, setting traps, and placing them in areas you’ve noticed little critters are attracted to. But, unless you search for, discover, and seal off the areas where mice are entering from, you’re just dealing with the same problem endlessly. As soon as you block one entrance, a mouse will search for and find another…which is precisely what cybercriminals do, too. When one door shuts, they tweak the attack ever so slightly, and find a new way to penetrate your perimeter. It’s the same old cycle, endlessly repeating until you find a true, comprehensive solution.
You can protect your sensitive data behind firewalls, under layers of authorization, and behind encryption, but if you don’t find the holes in your security posture that bad actors slip in through, you’re continually dealing with the same problem– more bad actors entering through the same gaping hole. And not unlike clever mice, hackers will eventually outsmart the measures you put in place to stop them.
Once your points of vulnerability are identified, you’ll need to resolve these specific issues and monitor your evolving technology architecture for more. With every new implementation of a cloud service, an application, or even a new device, there come new threat vectors and new security risks.
Common cybersecurity detection measures can be ineffective, leading to ineffective responses. Firewalls are relatively unsophisticated, with attackable prevention/detection, and detection is limited to prior programming. The same issues plague SIEM / LOGS, which are similarly loaded with a limited data set and can only detect known threats. Unless you can anticipate an exact method of attack, how will you ensure that your firewall is programmed to detect the tools actors will be using? And, do you really have the resources in-house to manage and utilize these technologies properly, or are they just expensive gestures? And often, your event logs are filled with too much white noise and you’re unable to detect the actual signal of a real attack.
Overconfidence in the intelligence of your security and the results of diagnostic measures like pen tests is a high-risk security practice. For this reason, it’s best to leave threat monitoring, recording, and response to the professionals. An expert cybersecurity partner can utilize technology like SIEM in the best possible way, alongside other important security measures, to ensure that you’re not wasting money on technology you’re not confident in your ability to manage and leaving yourself open to attack. An MSSP offers 24/7 monitoring, a huge asset that diverts less attention from your employees’ core competencies while creating a laser focus on, and expert insight into, security at all times.
Now, what if all of this planning fails, and you find yourself under attack?
Tip #3: Have an actual, planned, and practiced remediation plan
The industry standard to resolve a security intrusion is 27 days or longer – yet companies can be tied up in litigation and other fallout for months, if not years, after a successful attack, and can experience financial losses and tanking brand equity that could shutter them forever.
To avoid this worst-case scenario, you need to plan ahead for what will happen when you are attacked– again, operating under the assumption that you will be.
Do you have a practiced disaster recovery plan? Have you designated whose responsibility it is to initiate remediation and response, and are they prepared with the tools and capabilities to do so? Chances are, the current talent shortage and recession-induced budget cuts will prevent your organization from hiring experts and outfitting them with the technology needed to perform, and when you do find yourself fending off a cyberattack, any shortcuts taken will become quite apparent.
It’s vital to take several actions in the event of a disaster: reduce downtime, initiate backups and failover/failback operations, and contain the threat. Several actions need to be put in motion, like spinning up new servers, monitoring traffic, and beginning to notify proper entities– authorities, business leadership, and customers alike.
All in all, the amount of precision needed to pull off a successful disaster recovery plan comes with practice and with preparation, both of which take time, knowledge, and resources that you may not have to spare. It’s best to outsource disaster recovery to a dedicated team of experts who have the knowledge, tools, and experience needed to successfully help your organization contain, eliminate, and bounce back from a threat successfully– because botching this process can spell the end of your organization.
Tip #4: Find yourself a trusted partner in cybersecurity.
Unless you are a cybersecurity expert with years of experience and a deep, evolving knowledge of the current threat and vendor landscape, how do you know that your intuition or thoughts will lead to a successful cybersecurity plan? Are you truly capable of determining the strength of your security posture, and how to improve it? Do you really have the time and expertise to parse through the dozens of cybersecurity widgets, services, and provisions hitting the market daily, and can you guarantee the choices you make will pay off in the event of a disaster?
For many, if not all organizations trying to parse this new cybersecurity landscape, the answer is clear: you need a partner. At TMG, we have fought to stay at the forefront of innovative, effective cybersecurity solutions for more than two decades. In that time, we have protected our clients from attack, offered them cutting-edge solutions at competitive rates and terms, and led them through successful disaster recovery.
Our approach is holistic and proactive. From the assessment and planning phase to active monitoring, and response, all the way down to disaster recovery, we stand strong in the face of cybercrime. We help our clients prevent, remediate, and recover with services like NOC/SOC, SIEM, MEDR, and so much more. Instead of staring blankly at pages of threat logs or struggling to interpret test results, you’ll have access to our team of experts, who can give educated insights and support that makes data and information actionable for your safety.
With insurance becoming obsolete and threats increasing to unseen numbers, it’s time to form a partnership that keeps you safe. Tap TMG today to get proactive about your cybersecurity before it’s too late.