prevalent, impacting organizations of all sizes and industries. Such incidents have largely been brought on by additional
cyberthreat vectors and growing attacker sophistication. As these incidents continue to rise in both cost and frequency, it’s
crucial for organizations to take steps to address their cyber exposures and bolster their digital security defenses.
Doing so not only helps organizations prevent cyber incidents and associated insurance claims from happening, but can also
help them secure adequate cyber coverage in the first place. After all, the heightened severity of cyber incidents has motivated
most cyber insurers to increase their premiums and be more selective regarding which organizations they will insure and the
types of losses they will cover. As such, many underwriters have begun leveraging organizations’ documented cybersecurity
practices to determine whether they qualify for coverage—whether it’s a new policy or a renewal—as well as how expensive
their premiums will be.
With this in mind, here are 10 essential cybersecurity controls that organizations can implement to help manage their cyber
exposures.
1. Multifactor Authentication (MFA)
access to employees’ accounts and using such access to launch potential attacks, MFA is key. MFA is a layered approach to
securing data and applications where a system requires a user to present a combination of two or more credentials to verify
their identity for login. Through MFA, employees must confirm their identities by providing extra information (e.g., a phone
number or unique security code) in addition to their passwords when attempting to access corporate applications, networks
and servers.
This additional login hurdle means that cybercriminals won’t be able to easily unlock accounts, even if they have employees’
passwords in hand. It’s best practice for organizations to enable MFA for remote access to their networks, the administrative
functions within their networks and any enterprise-level cloud applications.
2. Endpoint Detection and Response (EDR) Solutions
of malware. They provide visibility into security incidents occurring on various endpoints—such as smartphones, desktop
computers, laptops, servers, tablets, and other devices that communicate back and forth with the networks in which they are
connected—to help prevent digital damage and minimize future attacks.
Specifically, EDR solutions offer advanced threat detection, investigation and response capabilities—including incident data
search and investigation triage, suspicious activity validation, threat hunting, and malicious activity detection and containment
—by constantly analyzing events from endpoints to identify suspicious activity. Further, these solutions provide continuous
and comprehensive visibility into what is happening in real time by recording activities and events taking place on all
endpoints and workloads. Upon receiving alerts regarding possible threats, organizations and their IT departments can then
uncover, investigate and remediate related issues.
As a whole, implementing EDR solutions is a critical step in helping organizations enhance their network visibility, conduct
more efficient cybersecurity investigations, leverage automated remediation amid potential incidents and promote more
contextualized threat hunting through ongoing endpoint data analysis.
3. Patch Management
Patches modify operating systems and software to enhance security, fix bugs and improve performance. They are created by
vendors and address key vulnerabilities cybercriminals may target. Patch management refers to the process of acquiring and
applying software updates to a variety of endpoints.
The patch management process can be carried out by organizations’ IT departments, automated patch management tools or a
combination of both. Steps in the patch management process include identifying IT assets and their locations, assessing critical
systems and vulnerabilities, testing and applying patches, tracking progress and maintaining records of such progress. Patch
management is necessary to ensure overall system security, maintain compliance with applicable software standards set by
regulatory bodies and government agencies, leverage system features and functionality improvements that may become
available over time, and decrease downtime that could result from outdated, inefficient software.
From a cybersecurity standpoint, a consistent approach to patching and updating software and operating systems helps limit
exposure to cyberthreats. Accordingly, organizations should establish patch management plans that include frameworks for
prioritizing, testing and deploying software updates.
4. Network Segmentation and Segregation
When organizations’ networks lack sufficient access restrictions and are closely interconnected, cybercriminals can easily hack
into such networks and cause more widespread operational disruptions and damage. That’s where network segmentation and
segregation can help.
Network segmentation refers to dividing larger networks into smaller segments (also called subnetworks) through the use of
switches and routers, therefore permitting organizations to better monitor and control the flow of traffic between these
segments. Such segmentation may also boost network performance and help organizations localize technical issues and
security threats. Network segregation, on the other hand, entails isolating crucial networks (i.e., those containing sensitive data
and resources) from external networks, such as the internet. Such segregation gives organizations the opportunity to leverage
additional security protocols and access restrictions within their most critical networks, making it more difficult for
cybercriminals to penetrate these networks laterally.
Both network segmentation and segregation allow organizations to take a granular approach to cybersecurity, limiting the risk
of cybercriminals gaining expansive access to their IT infrastructures (and the vital assets within them) and causing significant
losses. When implementing network segmentation and segregation, it’s imperative for organizations to uphold the principle of
least privilege—only allowing employees access to the networks they need to perform their job duties—and separate hosts
from networks based on critical business functions to ensure maximum infrastructure visibility.
5. End-of-Life (EOL) Software Management
At some point, all software will reach the end of its life. This means manufacturers will no longer develop or service these
products, discontinuing technical support, upgrades, bug fixes and security improvements. As a result, EOL software will have
vulnerabilities that cybercriminals can easily exploit.
Organizations may be hesitant to transition away from EOL software for a number of reasons, such as limited resources, a lack
of critical features among new software or migration challenges. This is especially true when EOL systems are still functioning.
However, continuing to use EOL software also comes with many risks, including heightened cybersecurity exposures,
technology incompatibilities, reduced system performance levels, elevated operating costs and additional data compliance
concerns.
As such, it’s clear that proactive EOL software management is necessary to prevent unwelcome surprises and maintain
organizational cybersecurity. In particular, organizations should adopt life cycle management plans that outline ways to
introduce new software and provide methods for phasing out unsupported software; utilize device management tools to push
software updates, certifications and other necessary upgrades to numerous devices simultaneously; and review the EOL status
of new software before selecting it for current use to avoid any confusion regarding when it will no longer be supported and
plan for replacements as needed.
6. Remote Desk Protocol (RDP) Safeguards
RDP—a network communications protocol developed by Microsoft—consists of a digital interface that allows users to connect
remotely to other servers or devices. Through RDP ports, users can easily access and operate these servers or devices from any
location. RDP has become an increasingly useful business tool—permitting employees to retrieve files and applications stored
on their organizations’ networks while working from home, as well as giving IT departments the ability to identify and fix
employees’ technical problems remotely.
events occur each day, with RDP reigning as the top attack vector for ransomware incidents. To safeguard their RDP ports, it’s
important for organizations to keep these ports turned off whenever they aren’t in use, ensure such ports aren’t left open to
the internet and promote overall interface security through the use of a virtual private connection (VPN) and MFA.
7. Email Authentication Technology/Sender Policy Framework (SPF)
fraudulent senders claiming to be trustworthy parties and providing malicious attachments or asking for sensitive information.
To protect against potentially harmful emails, it’s paramount that organizations utilize email authentication technology.
This technology monitors incoming emails and determines the validity of these messages based on specific sender verification
standards that organizations have in place. Organizations can choose from several different verification standards, but the
most common is SPF—which focuses on verifying senders’ IP addresses and domains.
Upon authenticating emails, this technology permits them to pass through organizations’ IT infrastructures and into
employees’ inboxes. When emails can’t be authenticated, they will either appear as flagged in employees’ inboxes or get
blocked from reaching inboxes altogether. With SPF, unauthenticated emails may even be filtered directly into employees’
spam folders. Ultimately, email authentication technology can make all the difference in keeping dangerous emails out of
employees’ inboxes and putting a stop to cybercriminals’ tactics before they can begin.
8. Secure Data Backups
frequent and secure backups. First and foremost, organizations should determine safe locations to store critical data, whether
within cloud-based applications, on-site hard drives or external data centers. From there, organizations should establish
concrete schedules for backing up this information and outline data recovery procedures to ensure swift restoration amid
possible cyber events.
9. Incident Response Planning
remaining operational and mitigating losses in a timely manner amid cyber events. Successful incident response plans should
outline potential attack scenarios, ways to identify signs of such scenarios, methods for maintaining or restoring key functions
during these scenarios and the individuals responsible for doing so.
These plans should be routinely reviewed through various activities, such as penetration testing and tabletop exercises, to
ensure effectiveness and identify ongoing security gaps. Penetration testing refers to the simulation of actual attacks that
target specific workplace technology or digital assets (e.g., websites, applications and software) to analyze organizations’
cybersecurity strengths and weaknesses. In contrast, tabletop exercises are drills that allow organizations to utilize mock
scenarios to walk through and test the efficiency of their cyber incident response plans. Based on the results of these activities,
organizations should adjust their response plans when necessary.
10. Employee Training
staff mistake to compromise and wreak havoc on an entire workplace system. In light of this, it’s crucial for organizations to
offer cybersecurity training. This training should center around helping employees properly identify and respond to common
cyberthreats. Additional training topics may also include organizations’ specific cybersecurity policies and methods for
reporting suspicious activities.
Because digital risks are everchanging, this training shouldn’t be a standalone occurrence. Rather, organizations should
provide cybersecurity training regularly and update this training when needed to reflect the latest threats, attack trends and
workplace changes.
Conclusion
measures to decrease their exposures. By leveraging proper cybersecurity controls, organizations can help safeguard their
operations from a wide range of losses and reduce the likelihood of related insurance claims. Furthermore, documenting these
controls can allow organizations to demonstrate to cyber insurers that they consider cybersecurity a top priority, potentially
increasing their ability to secure coverage. For more risk management guidance, contact us today.