Derive Tech's 3 Most Critical Cybersecurity Services for Enterprise Businesses
Now more than ever businesses big and small are racing to fortify their cybersecurity defenses to protect themselves against online threats. Russian cyberattacks have recently grown more frequent and pervasive, but the reality is that cyber defense is urgent and necessary every single day . . . not just when it’s topical or once an attack has already taken place.
Much like owning a car, preventative efforts are critical to maintaining the privacy and safety of you and your sensitive data. Reactive measures – in other words, doing damage control after your business has been the victim of a cyberattack – can be incredibly expensive, and in the case of some major enterprise companies, the long-term damage to public relations is immeasurable.
Detecting cybersecurity threats is only half the battle. The other half is remediation, or understanding how to thoughtfully address the threat and safely remove it in a timely manner or with minimal damage.
In recent years, there’s been a major shift in the cybersecurity insurance market, which now requires that any business procuring cyber liability coverage perform a minimal amount of internal due diligence. Insurance providers often need to see proof of 3 major proactive measures to even consider a business eligible for coverage:
1) Two-Factor Authentication (aka 2FA or TFA) on at least admin accounts, but increasingly it’s required for all company logins
2) Extended Detection Response (aka XDR) which allows remote endpoint access and control to optimize security
3) External Vulnerability Scan that shows the company has a clean bill of health and isn’t a “sitting duck” for hackers
What are these proactive measures that insurance providers are now enforcing designed to protect you against? Some of the biggest threats facing organizations in every industry include:
1) Email, which is the largest threat vector and attack surface for businesses of any and all sizes. No channel is more vulnerable or routinely targeted.
2) End Point (Device) Security, which is what XDR seeks to address by offering increased security control and access management
3) Vulnerability Scanning, or both attackers’ and insurers’ ability to audit all of your online assets to determine where the chinks in your company’s armor may be
In the article below, we’ll further outline for you not only some of the biggest cybersecurity threats facing enterprise businesses, we’ll also provide a high-level overview of the current cybersecurity landscape from the perspective of both insurance providers and organizations alike.
Email is the biggest cybersecurity vulnerability facing any business due to how many different ways this channel can be targeted. From phishing, spoofing, and credential-stealing to people pretending to be you or a co-worker, hackers have developed a myriad of attack strategies that continue to cost businesses time, money, and reputational value.
Also known as a Business Email Compromise, or BEC, these attacks are widespread and have the potential to be financially devastating. So, what can you do to better protect yourself and your business?
Enterprise-level email security products and Two-Factor Authentication (aka 2FA or TFA) augmented on all login points are two highly-recommended baseline solutions that will defend against a vast majority of basic email attacks.
Just by taking those two steps, you’ll no longer be “low-hanging fruit” to attackers; these two proactive measures protect against “spray and pray” attacks because they require sophisticated hacking skills to successfully bypass.
Higher profile organizations are naturally bigger targets to attackers, so it’s important to carefully model your vectors of attack by outlining the threats the organization is likely to face. Generally speaking, the more valuable your organization, the bigger the proverbial target on your back is, and the more you’ll need strong, enterprise-level protection.
There are tiers of security awareness, and even basic measures like web security, email security, and 2FA will go a long way in deterring and protecting against the most common attacks businesses face.
While email security defends against external attacks, the second biggest cybersecurity threat to businesses is inside their network.
End Point (or Device) Security has never been more critical (or threatened) in a work-from-home world, which is why XDR (or Extended Detection Response) capabilities are an absolute necessity for all businesses.
XDR not only provides valuable insight into your managed endpoints, it also enables much deeper control over what the endpoint is able to do or access. This means more personalized defenses based on your threat vector models, and a greater ability to remotely remediate any issues that occur.
XDR is a required defense for nearly every major insurance provider. When your business is protected with XDR, they have the confidence that you’re able to proactively monitor and manage the endpoint, detect any threats or attacks in real time, and remediate the problem once it's identified. In other words, it’s full before-during-after attack protection.
Derive takes a multi-layered approach to XDR by deploying an array of different technologies to make endpoints fully defendable. One such technology is an endpoint security agent, which can offer customizable tools that allow you to uniquely manage your devices. Web security filtering is another example, a separate tool that enables greater control over what goes in and out of an endpoint.
Other tools can protect against bad emails or leverage MFA to control who can access an endpoint, allowing you to authenticate whoever is sitting behind that computing device.
The third major cybersecurity issue worth outlining is less a specific threat and more of a generalized vulnerability assessment, a modern requirement by insurance providers that seek to ensure baseline cyber defenses are in place in order for businesses to be eligible for coverage.
What does this mean? It means insurance providers are leveraging vulnerability scanning services to assess all of an organization’s publicly available assets and audit them for cybersecurity vulnerabilities. Obviously, a business isn’t expected to have bulletproof protection against every variety of cyberattacks, but you should be able to (and providers require) that you’re protected against the most common and known attacks.
Vulnerability scans are usually automated and rely on a database of vulnerabilities that is cross-checked against a business’ existing cybersecurity environment. If anything matches, it’s likely you may not be eligible for insurance protection.
External penetration tests take this a step further by performing a scan and then exploiting the vulnerabilities within your assets. Beyond that, competent cyber teams will look beyond all well-known attacks to explore new vulnerabilities by performing internal penetration tests.
Internal tests can involve a “black box” approach where a hired company is treated as an adversary and given a basic network connection to try and further penetrate defenses, or they may be given specific assets to research and attempt to exploit.
Keep in mind: your adversaries have the same ability to conduct these tests themselves. All the more reason to ensure your business stays several steps ahead!
Even before the proliferation of Russian-based cybersecurity attacks this year, insurance companies have been seriously tightening the screws on protocols in a way that every single business is soon to feel (if they haven’t already).
The bad guys are always trying to earn money. Whether through extortion or blackmail, it’s always about ROI. That’s been the motivation behind a huge rise in malware – specifically ransomware – or cyberattacks where your data is held hostage for a price. The rise of cryptocurrency, and the anonymity of financial transactions along with it, has catalyzed a steep rise in ransomware attacks that insurance providers have largely had to cover.
As a result, cyber hackers began exploiting companies with huge, incredibly valuable assets within municipalities that have to carry $10 million insurance policies. (As another aside, never advertise your level of coverage as it will only raise your risk!)
Bad guys can hold your data hostage 2-3 times: once as a traditional ransom, again to prevent that information from being released to the public, and again to allow the victim to understand how they were hacked in the first place. Government agencies, including the NSA, recognized the trend and enacted an executive policy not to pay out these ransoms. As a result, hackers started releasing this stolen data to the world, resulting in catastrophic reputational losses and customer confidence loss, as well as direct financial losses.
Insurance companies realized the inherent issue: it was cheaper for businesses to pay for their policies than it was for the necessary cyber protections to defend against these attacks. So insurance companies changed their formula and are now forcing their customers to perform minimal due diligence to even qualify for coverage.
This minimal level of security involves the 3 controls discussed above: 2FA, XDR, and a clean bill of health. Only then – when you’re not a “sitting duck” in the eyes of insurers – do you qualify for coverage.
To be clear: Derive Technologies is not a security company but an enterprise IT organization that assesses and prescribes crucial cybersecurity best practices, enabling the actual responders to do their jobs to the best of their ability.
Derive ensures its customers have every proactive tool and control in place to confidently address issues as they take place, allowing real-time protection and lowering the risk of threats. We’re also well-positioned to handle cyber defense at any scale thanks to our comprehensive core competencies and partnerships that provide endpoint management and security, 2FA deployment, CyberPeak scanning and testing, and a vast array of broader security offerings via our partner portal, which can align with any business initiative.
Security professionals within the industry are urging organizations to go back to the basics of cybersecurity, which is often responsible for mitigating roughly 95% of cyber threats and reducing a company’s overall risk exposure to an acceptable level. Major defenses are traditionally broken down into 3 cyber defense pillars:
1) Prevention (Preparation) using controls such as Firewalls, IDS/IPS, EDR, Segmentation, and Patch/Vulnerability Management.
2) Detection (& Analysis) using logging and event collection tools such as Logging Services, SIEMs, and other correlation tools.
3) Eradication (& Recovery) is where the tools that can get a system back into good working order come in. Backups, Imaging, snapshots.
Post-Incident Recovery occurs when a business takes the next steps for control implementation to prevent the issue from happening again . . . or at least lower the chance that it could happen again.
Incident Response, on the other hand, is what happens when Prevention fails and other potential threats are identified. The idea is to make sure an organization incorporates all the information available to them to take the best course of action.
A strong cybersecurity defense plan often begins with strong asset management and inventory tracking, including both hardware and software. Backups for both digital and physical assets should all be prioritized.
Privileged access management should also be top of mind. Strong passwords and 2FA are excellent, but it’s equally important to understand through audit capabilities when privileged accounts are accessing data. This allows businesses to identify unusual patterns of activity to prevent attacks before they occur.
Distilling all the modern cybersecurity needs of an enterprise company into one article is nearly impossible, but hopefully, this outline provides a great framework to begin understanding the present landscape and bolstering your defenses before an attack cripples your budget and reputation.
Don’t wait until you’re already compromised. Engage with Derive Technologies today to address existing threats and lower your risk of further attacks. Together, we’ll take an agnostic approach to develop a solution track personalized for your business.
