Introduction
Now more than ever, businesses big and small are racing to fortify their cybersecurity defenses to protect themselves against online threats. Russian cyberattacks have recently grown more frequent and pervasive, but the reality is that cyber defense is urgent and necessary every single day — not just when it's topical or once an attack has already taken place. The stakes have never been higher for enterprise organizations seeking to safeguard their most sensitive data and digital assets.
Much like owning a car, preventative efforts are critical to maintaining the privacy and safety of you and your sensitive data. Reactive measures — in other words, doing damage control after your business has been the victim of a cyberattack — can be incredibly expensive, and in the case of some major enterprise companies, the long-term damage to public relations is immeasurable. Detecting cybersecurity threats is only half the battle. The other half is remediation, or understanding how to thoughtfully address the threat and safely remove it in a timely manner with minimal damage.
In recent years, there's been a major shift in the cybersecurity insurance market, which now requires that any business procuring cyber liability coverage perform a minimal amount of internal due diligence. Insurance providers often need to see proof of three major proactive measures to even consider a business eligible for coverage: Two-Factor Authentication (2FA) on at least admin accounts (and increasingly for all company logins), Extended Detection Response (XDR) which allows remote endpoint access and control to optimize security, and an External Vulnerability Scan that shows the company has a clean bill of health and isn't a "sitting duck" for hackers.
In this article, we'll further outline not only some of the biggest cybersecurity threats facing enterprise businesses, but also provide a high-level overview of the current cybersecurity landscape from the perspective of both insurance providers and organizations alike. Derive Technologies takes a consultative approach to helping businesses understand and address these critical threats before they become catastrophic liabilities.
Email is the biggest cybersecurity vulnerability facing any business due to how many different ways this channel can be targeted. From phishing, spoofing, and credential-stealing to people pretending to be you or a co-worker, hackers have developed a myriad of attack strategies that continue to cost businesses time, money, and reputational value. Also known as a Business Email Compromise, or BEC, these attacks are widespread and have the potential to be financially devastating.
So, what can you do to better protect yourself and your business? Enterprise-level email security products and Two-Factor Authentication (2FA) augmented on all login points are two highly-recommended baseline solutions that will defend against a vast majority of basic email attacks. Just by taking those two steps, you'll no longer be "low-hanging fruit" to attackers; these two proactive measures protect against "spray and pray" attacks because they require sophisticated hacking skills to successfully bypass.
Higher-profile organizations are naturally bigger targets to attackers, so it's important to carefully model your vectors of attack by outlining the threats the organization is likely to face. Generally speaking, the more valuable your organization, the bigger the proverbial target on your back, and the more you'll need strong, enterprise-level protection. There are tiers of security awareness, and even basic measures like web security, email security, and 2FA will go a long way in deterring and protecting against the most common attacks businesses face. Derive takes a multi-layered approach to ensuring your email communications remain secure and your business stays protected from compromise.
Threat #2: End Point (Device) Security — Defending Your Network from the Inside Out
While email security defends against external attacks, the second biggest cybersecurity threat to businesses lies inside their network. End Point (or Device) Security has never been more critical — or more threatened — in a work-from-home world, which is why XDR (Extended Detection Response) capabilities are an absolute necessity for all businesses. XDR not only provides valuable insight into your managed endpoints, it also enables much deeper control over what the endpoint is able to do or access, meaning more personalized defenses based on your threat vector models and a greater ability to remotely remediate any issues that occur.
XDR is a required defense for nearly every major insurance provider. When your business is protected with XDR, insurers have the confidence that you're able to proactively monitor and manage the endpoint, detect any threats or attacks in real time, and remediate the problem once it's identified. In other words, it's full before-during-after attack protection. Derive takes a multi-layered approach to XDR by deploying an array of different technologies to make endpoints fully defendable. One such technology is an endpoint security agent, which can offer customizable tools that allow you to uniquely manage your devices. Web security filtering is another example — a separate tool that enables greater control over what goes in and out of an endpoint.
Other tools can protect against bad emails or leverage MFA to control who can access an endpoint, allowing you to authenticate whoever is sitting behind that computing device. In a landscape where remote work has expanded the attack surface exponentially, having robust end point security isn't just a best practice — it's a fundamental requirement. The combination of XDR with strong access management and authentication protocols creates a formidable defense posture that protects your organization from both known and emerging threats targeting your devices and network.
The third major cybersecurity issue worth outlining is less a specific threat and more of a generalized vulnerability assessment — a modern requirement by insurance providers that seek to ensure baseline cyber defenses are in place for businesses to be eligible for coverage. Insurance providers are leveraging vulnerability scanning services to assess all of an organization's publicly available assets and audit them for cybersecurity vulnerabilities. While a business isn't expected to have bulletproof protection against every variety of cyberattack, providers require that you're protected against the most common and known attacks.
Vulnerability scans are usually automated and rely on a database of vulnerabilities that is cross-checked against a business' existing cybersecurity environment. If anything matches, it's likely you may not be eligible for insurance protection. External penetration tests take this a step further by performing a scan and then exploiting the vulnerabilities within your assets. Beyond that, competent cyber teams will look beyond all well-known attacks to explore new vulnerabilities by performing internal penetration tests. Internal tests can involve a "black box" approach where a hired company is treated as an adversary and given a basic network connection to try and further penetrate defenses, or they may be given specific assets to research and attempt to exploit.
Keep in mind: your adversaries have the same ability to conduct these tests themselves. All the more reason to ensure your business stays several steps ahead! Even before the proliferation of Russian-based cybersecurity attacks, insurance companies have been seriously tightening the screws on protocols in a way that every single business is soon to feel. The rise of ransomware — fueled by the anonymity of cryptocurrency transactions — has forced insurers to demand that customers perform minimal due diligence to qualify for coverage. This minimal level of security involves the three controls discussed above: 2FA, XDR, and a clean bill of health. Derive leverages its strategic partners to conduct these scanning and testing services for customers, assisting in the remediation of issues identified and long-term prevention implementation to avoid them in the future.
The Takeaway for IT Buyers
To be clear: Derive Technologies is not a security company but an enterprise IT organization that assesses and prescribes crucial cybersecurity best practices, enabling the actual responders to do their jobs to the best of their ability. Derive ensures its customers have every proactive tool and control in place to confidently address issues as they take place, allowing real-time protection and lowering the risk of threats. We're also well-positioned to handle cyber defense at any scale thanks to our comprehensive core competencies and partnerships that provide endpoint management and security, 2FA deployment, CyberPeak scanning and testing, and a vast array of broader security offerings via our partner portal.
Security professionals within the industry are urging organizations to go back to the basics of cybersecurity, which is often responsible for mitigating roughly 95% of cyber threats and reducing a company's overall risk exposure to an acceptable level. Major defenses are traditionally broken down into three cyber defense pillars: Prevention (Preparation) using controls such as Firewalls, IDS/IPS, EDR, Segmentation, and Patch/Vulnerability Management; Detection (& Analysis) using logging and event collection tools such as Logging Services, SIEMs, and other correlation tools; and Eradication (& Recovery), where the tools that restore systems to good working order come in — including Backups, Imaging, and Snapshots. Privileged access management should also be top of mind: strong passwords and 2FA are excellent, but it's equally important to understand through audit capabilities when privileged accounts are accessing data, allowing businesses to identify unusual patterns of activity to prevent attacks before they occur.
Distilling all the modern cybersecurity needs of an enterprise company into one article is nearly impossible, but hopefully this outline provides a great framework to begin understanding the present landscape and bolstering your defenses before an attack cripples your budget and reputation. A strong cybersecurity defense plan often begins with strong asset management and inventory tracking, including both hardware and software. Backups for both digital and physical assets should all be prioritized. Don't wait until you're already compromised. Engage with Derive Technologies today to address existing threats and lower your risk of further attacks. Together, we'll take an agnostic approach to develop a solution track personalized for your business.