Enhancing Cybersecurity for Improved Insurability and Risk Management

Slide Note
Embed
Share

In this resource, cybersecurity experts provide insights on improving cybersecurity insurability and minimizing rates. The content covers topics such as the cyber risk landscape, cyber insurance landscape, ransom payments, and ways to enhance cybersecurity measures. Key points include assessing information security, implementing multi-factor authentication, creating incident response plans, and conducting vulnerability scanning.

trac_745
trac_745 Follow

Uploaded on Sep 27, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. 10 Ways to Improve Cybersecurity Insurability & Minimize Rates

  2. Presenters David Wasson Vice President, Cyber Practice Leader RPLU | CIPP/US | CIPM | FIP | CCIC Hays Companies Randy Anderson Manager, Cybersecurity and IT Consulting CISSP Loffler Companies

  3. Agenda The Cyber Risk Landscape Risk Management Paying Ransoms

  4. The Cyber Insurance Landscape Increasing Losses Rate Increases Capacity Limitations Coverage Limitations Increased Underwriting Standards

  5. The Cyber Risk Landscape The Cyber Timeline Ransomware Business Email Compromise Systemic Risk

  6. Average Ransom Paid By Type

  7. The Cyber Risk Landscape

  8. The Cyber Risk Landscape

  9. The Cyber Risk Landscape

  10. 10 Ways to Improve Cybersecurity Assess Your Information Security Implement Out of Band Authentication Create a Set of Information Security Policies Create and Practice an Incident Response Plan Review Recovery Time Objectives Disable RDP Access Enable Multi-Factor Authentication Implement Effective Logging Perform Vulnerability Scanning Implement Endpoint Detection and Response Tools

  11. Assess your Information Security Vulnerability Scan Penetration Testing Free/included assessments with M365 and Azure Business Impact Analysis Asset-based risk assessment Scenario-based risk assessment Begin with a formal Assessment Administrative controls (people, policies and processes) Physical controls (cameras, locks, lighting...) Internal technical controls (servers, workstations, wireless ) External technical controls (firewall, DNS, social media, file sharing sites )

  12. Implement Out of Band Authentications Social Engineering Fraud (SEF) losses estimated at $1.9B in 2019 Out of band authentications most effective in stopping SEF Additional considerations: Dual authorizations Phishing simulation tools SPF DMARC DKIM

  13. Create a set of information security policies Policies guide the organization Procedures and plans are more specific Be aware of the shared risk model of cloud computing Who is responsible for data backup, how long are backups retained Azure PaaS Microsoft managed the infrastructure, someone else manages the OS What are the SLAs Consider compliance requirements Consider insurance underwriting standards Most organizations will end up with 15-25 separate policies

  14. Create and practice an incident response plan Inter-related with the overall Business Continuity plan Include key contacts Write it Practice it tabletop exercises Improve it lessons learned Review it at least annually If encrypting malware hits, can you get to your IR plan?

  15. Review Recovery Time Objectives What is an RTO? Are RTOs realistic? How to plan for exceeded RTOs

  16. Disable RDP access Open RDP (a.k.a. Windows Terminal Services, Remote Desktop Services) is a major attack vector Even if you change the port Even if you don t have a DNS name associated with it Even if you ve patched Even if you have good passwords Even if you don t think you re a target Must be secured behind a VPN to be safe

  17. Enable Multi-Factor Authentication What is it? When is it needed? What s the impact?

  18. Implement effective logging Implement effective and appropriate logging, log file aggregation and alerting Make sure that all systems are synchronized for time Make sure that logs are kept for at least 90 days Who is watching the logs? A human or a computer? SIEM - Security Information and Event Management Allows machine learning algorithms to watch the logs Allows for event correlation

  19. Perform Vulnerability Scanning This is important for checks and balances May be required for compliance Uses a tool that detects and enumerates devices on the network Identifies the device Probes for vulnerabilities Summary report of CVEs Critical, high, medium and low

  20. Implement Endpoint Detection and Response Tools Used in addition to antivirus tools Varying levels of products available More expensive than other options

  21. Paying Ransomware Discussion

Related


Comprehensive Airport Cybersecurity Quick Guide and Assessment Tool

Comprehensive Airport Cybersecurity Quick Guide and Assessment Tool

emmitt
Risk Management & MPTF Portfolio Analysis at Programme Level for UN Somalia

Risk Management & MPTF Portfolio Analysis at Programme Level for UN Somalia

jud_l
Shovel-Ready Projects Initiative for Cybersecurity Innovation in Canada

Shovel-Ready Projects Initiative for Cybersecurity Innovation in Canada

aberm
Cybersecurity Career Path Overview

Cybersecurity Career Path Overview

rusty
Ensuring Business Security: Cybersecurity Webinar Insights

Ensuring Business Security: Cybersecurity Webinar Insights

amelia
Understanding Risk Concepts and Management Strategies in Finance

Understanding Risk Concepts and Management Strategies in Finance

ybre
Cybersecurity Workforce Management: Engage, Empower, Elevate

Cybersecurity Workforce Management: Engage, Empower, Elevate

dena835
Cybersecurity and Supply Chain Risk Management Best Practices

Cybersecurity and Supply Chain Risk Management Best Practices

crew
Understanding Risk Management in Environmental Geography and Disaster Management

Understanding Risk Management in Environmental Geography and Disaster Management

duke
Cybersecurity and Computer Science Education Projects at UH Maui College

Cybersecurity and Computer Science Education Projects at UH Maui College

karm_14
Workshop on Cybersecurity Professionalism & Ethics

Workshop on Cybersecurity Professionalism & Ethics

acke_ddy
Cybersecurity and Supply Chain Risk Management: Best Practices for Procurement

Cybersecurity and Supply Chain Risk Management: Best Practices for Procurement

yousef
Enhancing California's Election Cybersecurity Readiness

Enhancing California's Election Cybersecurity Readiness

mallory
C2M2 Version 2.1 Cybersecurity Model Overview

C2M2 Version 2.1 Cybersecurity Model Overview

giana
Project Risk Management Fundamentals: A Comprehensive Overview

Project Risk Management Fundamentals: A Comprehensive Overview

franky
National Industrial Security Program (NISP) Risk Management Framework (RMF): Cybersecurity Overview

National Industrial Security Program (NISP) Risk Management Framework (RMF): Cybersecurity Overview

fredrick
Empowering NNSA Cyber Professionals Through Enterprise Tools and Data Analytics

Empowering NNSA Cyber Professionals Through Enterprise Tools and Data Analytics

bloom
Cybersecurity Risk Management in K-12 Education: Challenges and Strategies

Cybersecurity Risk Management in K-12 Education: Challenges and Strategies

betsy
Risk and Return Assessment in Financial Management

Risk and Return Assessment in Financial Management

chey888
Understanding the Basics of Insurance Risks

Understanding the Basics of Insurance Risks

ismaeel
Cybersecurity Entrepreneurship Workshop Highlights

Cybersecurity Entrepreneurship Workshop Highlights

flint
Risk Management and Security Controls in Research Computing

Risk Management and Security Controls in Research Computing

aima_39
Cybersecurity Expert Shiva V. Parasram - Profile and Advice

Cybersecurity Expert Shiva V. Parasram - Profile and Advice

deniz
Cybersecurity and Personal Finance: A Tale of Appily Ever After

Cybersecurity and Personal Finance: A Tale of Appily Ever After

elspeth

More Related Content

Automated Signature Extraction for High Volume Attacks in Cybersecurity
Automated Signature Extraction for High Volume Attacks in Cybersecurity
Adversarial Machine Learning in Cybersecurity: Challenges and Defenses
Adversarial Machine Learning in Cybersecurity: Challenges and Defenses
Which and How of Cybersecurity Frameworks
Which and How of Cybersecurity Frameworks
Exploring Adversarial Machine Learning in Cybersecurity
Exploring Adversarial Machine Learning in Cybersecurity
Cybersecurity Tabletop Exercise Overview
Cybersecurity Tabletop Exercise Overview
Professionalism in Cybersecurity: Developing Essential Skills
Professionalism in Cybersecurity: Developing Essential Skills
Instrument human capital cybersecurity mkb bedrijven
Instrument human capital cybersecurity mkb bedrijven
Challenges in Cybersecurity Implementation: A Philippine Perspective
Challenges in Cybersecurity Implementation: A Philippine Perspective
Empowering Women in Cyber: CyberFirst Girls Competition
Empowering Women in Cyber: CyberFirst Girls Competition
REWIRE Cybersecurity Skills Alliance
REWIRE Cybersecurity Skills Alliance
CYBERSECURITY AWARENESS MONTH 2023
CYBERSECURITY AWARENESS MONTH 2023
Cybersecurity Risks for Remote CISTAR Facilities Study
Cybersecurity Risks for Remote CISTAR Facilities Study
Cybersecurity Industry Call for Innovation (CyberCall)
Cybersecurity Industry Call for Innovation (CyberCall)
Principles of Risk Management in Therapeutic Innovation
Principles of Risk Management in Therapeutic Innovation
The Actuarial Association of Europe and Its Risk Management Committee
The Actuarial Association of Europe and Its Risk Management Committee
Comprehensive Overview of Information Security Risk Assessment
Comprehensive Overview of Information Security Risk Assessment
Comprehensive Overview of Security Risk Analysis and Management
Comprehensive Overview of Security Risk Analysis and Management
Comprehensive Guide to Risk Management Processes
Comprehensive Guide to Risk Management Processes
Risk Analysis in Environmental Management: A Comprehensive Overview
Risk Analysis in Environmental Management: A Comprehensive Overview
DNS Research Federation: Advancing Understanding of Cybersecurity Impact
DNS Research Federation: Advancing Understanding of Cybersecurity Impact
Introduction to Flood Risk Assessment with HEC-FDA Overview
Introduction to Flood Risk Assessment with HEC-FDA Overview
Understanding Country Risk Analysis in International Business
Understanding Country Risk Analysis in International Business
Alcohol and Cancer Risk: Understanding the Links
Alcohol and Cancer Risk: Understanding the Links
Understanding Risk Concepts in the Mathematics Classroom
Understanding Risk Concepts in the Mathematics Classroom