Qualifying for cyber security insurance – Part 3: Staying in compliance


Matsumoto Castle88% of companies now consider cybersecurity a business risk. The time may come when the executives of a firm want to draw up their battle plans. They might have heard of a competitor who got affected and lost significant revenue. They might have seen or read a story in the news which raised an alarm, as so many stories around cyber attacks do these days. The time for action is now.
So how can a business get from a house built with straw and clay to a full-blown fortress with solid walls, watch towers and a strong roof? Below are some suggestions our team of consultants compiled to go from here to there.
STAYING IN COMPLIANCE: THE MOAT, THE DRAW BRIDGE AND THE FLAG.

Before we dive in, let’s step back for a moment. How do data breaches happen? What are the hacker’s strategies? What are the weaknesses they are looking for? Once we learn their tricks – we can better prepare and put the right security measures in place that will simultaneously protect our business while staying within budget and compliance. If done right – we can fight fire with fire.

  1. Research: The  criminals looks for weaknesses within the network. These include:
    • Unsecured network.
    • Unsecured communication channels such as unencrypted emails.
    • Software that has not been updated to the latest version with the necessary patches.
    • Attempt to hack into user account through bugs within an applications.
    • Taking possession of credentials and passwords. The hacker can be aided in this by software that run through millions of the most popular credentials and tries them out on the system (think “12345” or “password).
  2. Attack: The cyber criminal contacts the network or performs a social attack.
    • Network: take advantage of any or all of the weaknesses described above.
    • Social: tricking or baiting employee via email to giving out their password or opening a malicious attachment/link.
    • Prepare for extraction of data or control of the network: Once inside, The criminal plants a piece of malicious software or malware on the network.
  3. Control of your Network: Once they gain access, the hackers are in your network planting malicious software and or malware.
  4.  Exfiltration: The criminals now can track all your web traffic including sensitive information. They have the means to lock down any and all machines within your network including the server. Then they will demand a ransom – typically a financial payment of a significant proportion. This is a “Ransomware attack”. They can start deleting files if you do not that ransom within their demanded time frame. This is really bad news.

Now that we have gained insight into what cyber criminals are looking for and will do when attacking an organization, we can come up with a list of components a business must implement to build a castle that does not look appealing to pillagers.

  1. Network security: Fully managed Firewall with anti-malware and anti-spyware that will include MDR or Managed Detection & Response. 
  2. Internet security which is designed to monitor incoming internet traffic for malware as well as unwanted traffic. This protection may come in the form of firewalls, anti-malware, and anti-spyware.
  3. Applications, data, and identities are moving to the cloud – traditional on premise security stack is simply not intelligent enough to counter the latest threats. Only Cloud Security can deliver maximum and the most up to date protection. It can help secure the usage of Software-as-a-Service applications and the public cloud.
  4. Application security diminishes the likelihood criminals can gain access. It helps prevent is an added layer of security which involves evaluating the code of an app and identifying the vulnerabilities that may exist within the software. This coded into the software itself.

Also: Qualifying for cyber security insurance – Part 2: Going Down The Checklist


Going Beyond ComplianceGirl goes over the bridge
The role of IT staff, CTOs and IT-Directors is changing yet again.

When going down memory lane, some of us may recall the role of an IT staff member in the 80s and 90s – it was a very hands-on position, this team member was an all-rounder and had the skills to mostly manage on-site devices themselves. In the early 2000s even more technical knowledge to manage the network was required and very specific skills were needed. The IT team would start engaging and leveraging their partner carriers and IT manufacturers more and more. In the 2010s, a shift took place where IT executives needed to become advisors to the other c-suite members: IT technology had become something that started to shift away from the local area network to the wide area network, managed by the cloud provider. Fast forward to the here and now, the 2020s: IT technology is now a core business driver, and most businesses have various IT projects ongoing all at the same time.

This brings us to cloud based and managed security solutions and why it seems wise right now to make a shift to managed security services.

Increased requirements to provide adequate cybersecurity can not be done by internal staff alone.
    1. The majority of breaches happen in the weekend and during holidays. Internal IT staff often can not work around the clock. This matters because the average time to contain a breach is 80 days (IBM).
    2. It takes an average of 287 days to identify a data breach (IBM). Businesses deserve 365/24/7 monitoring by a network operations center.
    3. Organizations with more than 60% of employees working remotely had a higher average data breach cost than those without remote workers (IBM). It’s harder for IT teams to monitor remote workers.
Internal staff benefits from managed and cloud based security services:
    1. More time to spend on core initiatives that drive revenue rather than worrying about security.
    2. It’s challenging to keep up with certifications and monitoring when attacks are becoming more and more sophisticated.
    3. Focus on staff education, communication and design of virtual desktop space to prevent breaches from happening in the first place.
Compliance is becoming more stringent.
  1. All business in NY state for example need to be in compliance with the SHIELD Act. Businesses in the financial and healthcare industry require compliance to continue to do business. Managed security providers will explain what compliance are met when a new subscriber considers enrolling with their service.
  2. Fines and penalties for non-compliance are an avoidable expense.

Water lily moat


Scroll to top
Cloud 9 - Delivered!

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Cloud 9 - Delivered! will use the information you provide on this form to be in touch with you and to provide updates and marketing.