How Tech Companies Can Enhance Their Security: 5 High-Impact Practices
At Corvus, our risk & response experts work with policyholders and cybersecurity partners to implement measures that mitigate risk for their organizations, including with Smart Tech E&O policyholders.
Want to share this guide with your clients and colleagues? Click here for a PDF version.
The threat of ransomware is persisting, and we continue to see attacks launched on organizations of all sizes and industries. The tech sector has a specific draw for threat actors, where companies have rich data and downstream customers, creating opportunities for large ransom payments. Business leaders often feel that with the never-ending stream of news and changing advice, the biggest hurdle is determining how, and where, to start with protecting their own and their customers' IT systems.
Based on Their Experience Working With Technology and Professional Services Firms, We’ve Highlighted Five Go-to Solutions for Covering Your Security Bases:
When it comes to a high impact, relatively low effort security control, multi-factor authentication (MFA) is top of mind. It’s a crucial step for helping to prevent unauthorized access to your company (remote access) and your data (company email, SaaS/cloud applications). When implemented internally, it can help slow attackers from progressing further in your systems and help limit unauthorized access, especially when implemented for admin credentials. In recent years, password compromises have accounted for 81 percent of data breaches, which is why MFA is often one of our first recommendations to protect your organization.
Endpoint Detection and Response
While antivirus software can battle low-hanging fruit, EDR functions as higher-level protection against advanced and emerging threats. With ongoing visibility and advanced monitoring for all of your endpoints, it can quickly pinpoint activity with characteristics of common attacks, and provide forensic teams with more data to ultimately limit downtime in the event of an incident. The right EDR solution deployed properly provides one of the best return on investments for securing your endpoints.
Backup and Recovery
During a ransomware event, recovery can be complex, expensive, and time-consuming. Ransomware threat actors will actively seek out your backups in an attempt to delete them. If you don’t have a robust backup solution with protective controls, offsite backups, and you’ve never tested them — a ransom payout may feel like the only option to resume business operations as normal. To avoid that worst-case scenario, confirm that your organization’s backup strategy includes all of your critical systems, that your local backups are secured, that you have offsite backups, and know how quickly you can restore all of those systems. Preparation here can mean a world of difference in your response strategy.
Incident Response Plan & Vendor Management
An incident response plan (IRP) means your organization has a system in place before there’s a security incident, so you can respond quickly and with intent. It’s clear who’s in charge, team expectations, and what your process is. The incident response process can be a mad dash or scramble - having a known and tested IRP before everything is on fire can help reduce stress levels in a very stressful situation.
Insurance is a crucial step for protecting your organization and transferring risk (we don’t just say that because we love insurance — promise!). Beyond the obvious financial safety offered by insurance, when it comes to cyber risks the relationship between an organization and their carrier should be seen more as a partnership, where your insurance provider shares data reports and services as an ongoing source for risk mitigation. For tech companies, a Tech E&O policy that includes fully-fledged cyber liability (first and third party) coverage is more critical than ever. To highlight an example of how the collaboration between the insurer and insured works, Corvus offers vCISO Services. The collection of consultative services with our security partners makes implementing the best practices we've listed above an easier, more cost-effective decision.
Welcome to another edition of our Cyber Coverage Explained series. This week, we're discussing sub-limits and coinsurance as it impacts our current market. For more coverage explainers, you can find our past posts on Social Engineering and Crime Coverage, Business Interruption, and Contingent Business Interruption.
Back in 2020, we saw ransomware hit the mainstream like never before. The pandemic brought more of us online from our homes, cyberattacks were higher-profile than ever, and news coverage of hefty ransoms encouraged more threat actors to try their hand. But if 2020 was the year that propelled ransomware to center stage, 2021 was the year that organizations began to strengthen their defensive lines against the evolving threat landscape.