Key Considerations in Preparation for Your Cyber Renewal - Risk Strategies
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Key Considerations in Preparation
for Your Cyber Renewal
Speakers
Leslie Gravel, Mike Makowka, Reuben Vandeventer,
National Account CISO, Tracepoint CEO SecondSight
Director, RSC
© 2021 Risk Strategies Company. Proprietary & Confidential 2
Agenda
• State of the Market
• Top Risk Management Concerns
• Remediation Strategy
3
© 2021 Risk Strategies Company. Proprietary & Confidential
State of the Market
Factors of a Hardened Market
•Targeted Industry Classes
•Systemic Exposure
•Ransomware- an Industry of
Profits
•Double and Triple Extortion
Techniques
•Heightened Regulatory Scrutiny
•200-600% Loss ratios with
carriers Data from Advisen
© 2021 Risk Strategies Company. Proprietary & Confidential 5
Ransomware Trends
150% Increase in Frequency
Uptick in ransomware incidents since 2018
70% of Ransomware Attacks
Involved Data Exfiltration Threat
Up 43% from Q3 2020
21 Average Days of Downtime
Up 11% from Q3 2020
83% of Incidents
Impacting business under $300m in revenues
67.8% Industry-wide loss ratio
Up from 44.8% in 2019
© 2021 Risk Strategies Company. Proprietary & Confidential 6Recent Events
Colonial Pipeline
• May 6: Attack launched
• May 7: Ransomware payment of $4.4M ($2.3M
later recovered) Microsoft Exchange
• May 12: Pipeline restarted • Behind the scenes email and calendar software
• Could have been prevented with MFA
• March 2, 2021 – Emergency Security Update & patches
SolarWinds
released
• September 2019- gained access • 30,000+ businesses noted by Krebs Security
• March 26 2020- Software update “Orion”
• 250,000 Estimated by Wall Street Journal
• December 13, 2020- Discovered
• 18,000+ customers affected • Allowed threat actors access to email accounts
• Coordinated response by government agencies
• Threat actors spent 1+ year in their system
• Could have been detected with EDR
JBS
• June 1, 2021
• Paid $11M in Bitcoin Ransom
• No customer data was compromised
• Affected facilities United States, Canada and
Australia © 2021 Risk Strategies Company. Proprietary & Confidential 7Underwriting Standardization
Subjects Specifics
• Carrier Requirements:
For remote access? Cloud access? Back
Multifactor Authentication up access? Privileged accounts? Vendor • Full Submissions - Supplemental
access to network? Ransomware applications
Close Remote Desktop Protocol (RDP)
ports • Specific Systemic Breach questions
Offline, Air-Gapped, encrypted, • 5-year loss runs
Backups
segmented, how often are they tested?
Privileged Accounts How many controls around them • Claims related data - Remediation steps,
costs incurred, event details
Employee Training Phishing awareness, et.
Controls, authentication & permissions,
Use of Active Directory
purpose
Response time for critical patches,
Common Vulnerabilities and Exposures
Patching cadence
(CVE) maintenance- how are they
handled on a scale from high-low
Tools implemented, what percentage of
Endpoint Security the organization, is there an incident
response team, exposed web browsers
Application Security HTTPS encryption, etc.
Business Continuity Plan, Incident How often is it tested? Does it include
Response Plan Ransomware?
© 2021 Risk Strategies Company. Proprietary & ConfidentialTop Risk Management Controls
We all have to Underwriting process is getting more technical, and will
only get more technical.
adapt to a
new world
Underwriters ask for more accurate quantification of
what data exist inside the company to understand the
real risk.
As risk grows, so does complexity, making it harder to
obtain cyber insurance to hedge against those risks.
© 2021 Risk Strategies Company. Proprietary & ConfidentialEvolution
Previously Current State
Market Forces Soft market (everyone gets coverage) Hardened Market (80%) get declined
Methodology Outside In Inside Out
Focus Area Perimeter and Network Security Digital Assets
Goal Appropriate Cyber Coverage Net Zero Digital Risk
© 2021 Risk Strategies Company. Proprietary & Confidential1. Multi-Factor Authentication (MFA)
Implementing MFA (For Remote and Administration
Access)
• Evaluate your environment and determine MFA
requirements
• Evaluate vendors; both product providers and
integrators
• Pilot implementation "89% of the Hacking varieties in
• Verify pilot solution
• Communicate release to user base web applications involved some
• Implement for all users
• Privileged Accounts sort of credential abuse." – 2021
Security Practice
Verizon Data Breach Incident
• Use passphrases instead of passwords
• Review access logs regularly
Report
• Use dedicated privilege accounts
• Use multi-factor authentication wherever possible
© 2021 Risk Strategies Company. Proprietary & Confidential 123. Add Visibility in your Environment
• Visibility is key contributor to the success of your security posture.
• Visibility and monitoring should include these 5 areas of your security posture
• Endpoints - Endpoint Detection and Response tool (ex: Crowdstrike, Cybereason, Carbon Black, etc)
• Email – Email security tool (ex. Proofpoint, Mimecast, Avanon, etc.)
• Internet - Url Gateway (ex. Zscaler, Palo Alto, etc.)
• Cloud and Software as a Service (SaaS) – Cloud Access Security Broker (CASB) (ex. Netskope, Microsoft Cloud App Security,
Bitglass, etc.)
• Network - Network monitoring tools (ex. DarkTrace, Firemon, CyberX, etc)
Having tools with no one monitoring them is like having no tools at all.
© 2021 Risk Strategies Company. Proprietary & Confidential 134. Business Continuity Plan (BCP) and Incident Response Plan (IR)
• IR plan is a playbook focused on how organization responses to incident (such as cyber event)
• Key things to think about when creating an IR plan
• Who is involved (C-suite, legal, IT, PR, etc.)
• What does the change of communication look like
• What steps are to be taken (avoid the IT hero)
• Do you have an IR retainer, a breach coach, etc.
• BCP are playbooks are for when the organizations have an interruption in service or operations (ex: Ransomware
Event)
• Key things to think about when creating an BCP
• What are your most crucial assets
• What should systems or data be backed up (Hot, Warm, or Cold sites)
• What order should systems be brought back online
• What are your Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO)
• Most important thing to do with IR plan and BCP is: TEST, TEST, TEST, and then TEST some more.
© 2021 Risk Strategies Company. Proprietary & Confidential 14How can you insure and manage what you can’t see.
5. Quantification
© 2021 Risk Strategies Company. Proprietary & Confidential 166. Backup Strategy
• Create an inventory of assets prioritized by the criticality to the business operation- avoid “blanket approaches” to
backup strategy.
• Identify the company’s digital assets and their correlation to the business operations- establish an operational
backup cadence.
• Critical assets should be more frequent than non-critical.
• Implementation:
• Focus on the technicalities
• Off-network: backups should be 100% physically segmented from the existing infrastructure and network
• Immutable: stored digital data that, once saved, is fixed and unchangeable—and cannot be changed, overwritten, or deleted
• Air-Gapped: Air-Gapping is the process of creating a layer of separation between one environment and another.
• Return to the beginning: what assets matter? Your backup capabilities should be asking this question everyday, and
repeating all subsequent steps. This is the only way to ensure that your backup of digital assets (servers, data,
metadata, etc.) are truly indicative of your organization’s current operation. This, also, is the only way to ensure the
least downtime should an event occur.
© 2021 Risk Strategies Company. Proprietary & Confidential 17Air Gapping
One of the most effective ways is to Airgap your critical assets.
“Separating a computer from • Claim size can be reduced up to
other networks is called air 88% with a Airgap
gapping; the “airgap” isolates • Airgap Reduces cycle time to
recovery
the digital assets, providing an • Airgap Removes leverage from
extra layer of security.” the bad actors
© 2021 Risk Strategies Company. Proprietary & ConfidentialBasic Security Measure Checklist
✓ Multi-Factor Authentication Enterprise Wide ✓ Implement Visibility Tools Like Endpoint Detection
and Response (EDR)
✓ Minimize non-necessary network and internet
connectivity. ✓ You must train employees to be vigilant against
phishing attacks. These attacks are designed to
✓ Shutdown remote access connections, such as RDP. compromise user credentials and harvest sensitive
✓ Shutdown all non-US based IP address connections data.
(geofence) at the firewall level if feasible. ✓ Prioritize patching efforts based on your exposure,
✓ Separate user and admin accounts and remove local most critical systems, and highest risk vulnerabilities.
admin from user’s computers. ✓ Segment your network environment.
✓ Conduct and audit of your company’s Active Directory ✓ Segmentation can restrict unauthorized movement
for any unauthorized or unnecessary accounts. across your environment. If attackers can breach
✓ Perform regular vulnerability scanning. Evaluate your back-end servers, they may be able to move laterally
own environment regularly, track all discovered to access other portions of your network, doing
vulnerabilities, and prioritize and patch them in an further damage, and possibly gaining a foothold
aggressive manner. across multiple systems.
✓ Conduct an audit of your company’s GPO policy.
© 2021 Risk Strategies Company. Proprietary & Confidential 19Cyber Insurance As A Service
Autonomous Digital Asset & Risk Profile
Security Posture Assessment
An AI-based digital asset profile allows you to see your
Report from Tracepoint with maturity levels on key cyber security domains
digital assets and risk with complete clarity for the first
with recommendations for immediate action
time, autonomously. A deeper dive profile will identify all
Endpoint Detection & Response
of the sensitive and regulatory related assets to calculate
Phishing Testing & Security Awareness Training the monetary value of your digital risk.
Table Top Exercise
AirGap Back-up Technology to Preserve Business
Stress test incident response plan by simulating two data breach scenario
Continuity
with internal stakeholders
SecondSight has pre-built AirGap technology and leading
Penetration Testing-
backup providers so the asset and risk profile will
White hat hackers attempting to gain access to identify vulnerabilities for continuously send signals to the Airgap solution to back-
remediation
up the most critical digital assets as your business
evolves.
© 2021 Risk Strategies Company. Proprietary & Confidential 20Q&A This presentation is proprietary and confidential and is not to be duplicated or distributed to the public or any third party without the written consent of Risk Strategies Company . The contents of this presentation are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained in this presentation are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.
Thank You! This presentation is proprietary and confidential and is not to be duplicated or distributed to the public or any third party without the written consent of Risk Strategies Company . The contents of this presentation are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained in this presentation are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.
You can also read
