Data breaches are an ever present threat in our current technical climate. Every year, millions of users have their personal data exposed due to these breaches. According to IBM, the average cost of a breach is calculated at 3.86 million. Breached companies have to pay among other things for credit monitoring services for their users, security investigative teams to figure out what happened, and new technology to better protect them in the future. A few thousand a year for cyber insurance coverage seems like a reasonable cost compared to the high chances of getting breached and the millions of dollars a breach might cost your organization.
There are, however, several features and best practices many cyber insurance companies want you to have in place.
Two Most Important Features to Implement
Tracking user activity
Tracking all user activity such as successful and failed login and data access attempts is key to preventing breaches as well as investigating breaches that have already occurred.
Identity and Access Management (IAM)/Customer Identity and Access Management (CIAM) solutions like OneLogin have built in features that track all login attempts to its central portal as well as to any applications it is connected to. Login details such as the time, location, even systems users and customers are logging in from can be viewed from within the IAM/CIAM solution as well as pushed into a central monitoring SIEM solution.
To what extent activities within applications or databases can be tracked will depend upon the capabilities of those solutions. Ideally, they would be able to track user activity especially when particular data is being accessed and those events would be pushed to the same SIEM solution you are using to gather login information. Thus, you would have a full end to end view of user activity to analyze and build alerts from.
Since passwords alone have proven to be vulnerable to cyber attacks, MFA has grown in popularity. Simply requiring that additional authentication factor helps prevent a large percentage of possible breaches.
Cyber Insurance companies want to know if you are protecting access to at least your most valuable assets:
- Privileged Accounts
- Cloud Resources
- Remotely access systems
With an IAM solution like OneLogin you can centrally manage logins to all applications including logins to remote systems through Remote Desktop Protocol. You will then have the option to require that users use MFA to login to the portal that grants them access to those resources and even require MFA again when they are accessing particularly valuable resources.
Best Practices to Implement
In addition to investing in an IAM solution to help fulfill the requirements of your cyber insurance company, there are also a few practices that you might want to consider putting in place.
- Develop a Business Continuity Plan
- Develop and Practice an Incident Response Plan
- Perform Regular Table Top Exercises
- Provide your Users with Security Awareness Training
- Perform Regular Phishing Drills
- Mark All Email From External Users as “External”
A few of these are easy to implement. Most mail servers nowadays have a feature where you can tag all external emails with a simple indicator like putting “EXT” in the subject line.
Phishing Drills can be as simple as sending out a fake email and seeing who responds or clicks on a link you provide within the email. We recently used an email like this in one of our phishing drills. The danger here was accepting PII information from a source that you have not fully vetted. This could be a list of users who had not agreed to have their PII information sold to others.
Other tasks such as establishing a Business Continuity Plan, developing an Incident Response Plan, performing Table Top exercises and providing Security Awareness Training to your users will take time, resources and cross team collaboration. But these are all best practices and whether or not you are purchasing cyber insurance your organization should already have these components in place or be working on establishing them soon.
Every organization is vulnerable to cyber attacks, and everyone should be working to prevent them. It is time to make security one of the highest priorities within your organization. It is time to plan, time to train your users and time to invest in technology like an IAM solution that will provide initial protections such as MFA and tracking capabilities.