The growing imperative for SMBs to strengthen their IT security
The ever-increasing frequency and severity of cyberattacks is becoming inescapable, with this year seeing mega breaches and record ransomware demands. These included attacks on the Colonial Pipeline Company, JBS US and the Health Service Executive of Ireland – events estimated to have cost tens of millions of dollars each, with the eventual total possibly reaching even more.
Such attacks reflect the growing experience of highly organized criminal groups, which have reached levels of sophistication befitting that of any major technology company or law enforcement agency. According to McAfee’s ‘Hidden Cost of Cybercrime’ report, when the cumulative financial burden of cyber incidents is added to the investment made in security measures, the total cost of cybercrime worldwide was over $1 trillion. dollars last year. This means that cybercrime currently costs more than 1% of global GDP, a significant increase from McAfee’s 2018 estimate of around $600 billion.
Cybercrime is big business and some cybercrime organizations are apparently run like multifaceted and sophisticated Fortune 500 companies, offering ransomware as a service for a fee and running complex call centers to help their victims get the cryptocurrency needed to pay their demands.
Inevitably, the biggest breaches from the biggest companies are the ones that grab the headlines, but the ongoing onslaught of cyberattacks is having a devastating impact on small and medium-sized businesses (SMBs). The lack of reporting of small-scale cybercrime could be a reason why so many people don’t consider themselves important enough to be a target. This is an unfortunate and all too common misconception among many SMBs.
According to a study by Cyber Security Magazine, 43% of all data breaches involve small and medium-sized businesses, with an astonishing 83% of SMBs who are not financially prepared to recover from a cyberattack. When it comes to targeted attacks, SMBs are considered low hanging fruits with vulnerabilities that can be found relatively easily due to outdated software, minimal security protocols, or simply poor cyber hygiene. Attacks deployed indiscriminately often look for such weaknesses to exploit. In this regard, SMEs are doubly vulnerable to targeted and indiscriminate attacks.
Investing in IT security should therefore be a top priority for any SME. As insurers, we see the profound effect this can have; sometimes making the difference between a business being able to recover and continue following an attack or not. There are some highly recommended steps that SMBs can take to significantly reduce the potential of a network intrusion or the impact of such an intrusion:
Multi-factor authentication (MFA)
MFA is increasingly becoming the standard required by cyber insurers to ensure that a company’s security posture is of insurable quality. MFA has been around for several years, but since remote working, it has been adopted much more widely. Its main benefit is to provide additional security protection beyond single-factor login or complex/one-time passwords. It does this by using time-based one-time passwords typically delivered via text message, software authenticator, phone call, or physical security device. While complex passwords are a great tool, MFA makes breaking into networks and apps much more difficult.
Backup, business continuity test and restore
These are major considerations that can make all the difference following a cyberattack. Backup of data and critical systems and applications should be done regularly, ideally at hourly, daily, weekly and monthly intervals.
Backing up data is essential and, if data recovery is needed following a cyberattack, experience shows that it is most effective when backups are stored offline, without connection to any network. While this is an essential step, organizations with greater cyber maturity also frequently test the integrity of these backups. This can include testing recovery time objectives for critical applications, with a tried and tested plan for secondary workarounds to ensure business continuity and operations persist in the event of an attack. It is also essential to assign designated tasks to specific team members, with their roles and responsibilities frequently tested as part of a robust cyber incident response plan.
Segment your networks
Following the implementation of MFA, strong backup and restore hygiene, it is also recommended to explore the benefits of network segmentation. As the name suggests, network segmentation divides a network into smaller parts or network areas, which are separated by routers, VLANs or other devices.
One of the operational benefits of network segmentation is that it can improve performance with less network traffic congestion. Additionally, segmentation can also significantly reduce a network’s attack perimeter by limiting access privileges, which helps protect against widespread attacks in the event of a breach. To make an analogy, if MFA is the lock on a front door, with backup and retrieval of locks on windows, network segmentation acts as dead ends on each interior door to limit deeper incursions.
Application of email authentication protocols
Email fraud and scams, often in the form of phishing attacks, are big business and one of the most common entry points for cybercrime, social engineering attacks and sometimes attacks. large-scale crippling attacks on computer networks and critical systems. Email authentication protocols, for example, Domain-based Message Authentication, Reporting & Conformance (DMARC) can provide additional convenience and security to an organization by helping to prevent unauthorized or fraudulent use of the domain of an organization’s email and also by tracking malicious email activity and traffic.
Endpoint detection software
Endpoint detection software is used to protect corporate endpoints, i.e. desktops, laptops and mobile devices. Grouped under a central management function, this allows multiple devices to be protected by the latest security software such as local firewalls and virus protection. This technology eliminates the need to install software on individual devices, leaving less room for human error or time lags that can cause hardware to go unprotected. Although endpoint detection software features may vary, some systems include password managers, rollback recovery functionality, and encryption software.
Many endpoint detection software vendors also offer a single location to store and update a company’s security policy on its network, as well as useful customizable filtering options to protect IT architecture.
Robust Patch Policy
In order to protect networks and systems from malicious threats and attacks, it is essential to ensure that an organization has a robust patch management policy in place. Patches are software updates designed to improve, modify, or repair a computer program or system. Security patches are especially important because outdated software can be more susceptible to cyberattacks. These patches are intended to fix security or software vulnerabilities that help make an organization’s computer systems more secure. Best remediation practice is to act within 24 hours, which is especially important to protect against zero-day attacks that exploit unknown vulnerabilities in computer software.
While perhaps the most obvious measure, security training can also be the least expensive and one of the most effective in identifying a cyberattack before it begins. Human error can also be the cause of cyber breaches. Although there is no simple solution to this, ensuring employees are aware of the common methods used by hackers and performing regular phishing simulations can be extremely helpful in making IT environments safer.
While the above measures are not silver bullets, and by no means an exhaustive list, many cybersecurity experts agree that adopting them will improve a company’s readiness and resilience. in cybersecurity. These measures, combined with insurance from leading providers offering proactive claims management and assistance from specialist crisis response partners, have proven effective in protecting sensitive data and also mitigating the damage that cyberattacks can cause. They’ve also helped companies avoid potentially costly regulatory investigations and circumvent costly remediation after cybercriminals targeted their businesses.
Sabrina Sexton is a senior cyber and technology underwriter at Optio Group. She has nearly 15 years of experience in senior underwriting positions. In her role as Senior Cyber and Technology Underwriter, Sabrina is responsible for underwriting and placing international cyber and technology risks and contributing to the profitable growth of the existing portfolio. Prior to joining Ascent Underwriting, an Optio company in 2019, Sabrina previously worked at AIG, Zurich and AXA Insurance.
This article is printed here with permission from Optio.