Share this article on:
Thomas Fikentscher of CyberArk explains why organisations should diversify their cyber security strategy.
The stakes for businesses taking a gamble on the cyber security front have never been higher: the average cost of a data breach hit a record high of US$4.35 million this year, according to the annual Cost of a Data Breach report.
New findings from the Ponemon Institute report reveal stolen or compromised credentials were responsible for 19 per cent of breaches; phishing was responsible for breaches 16 per cent of the time; and cloud misconfiguration caused 15 per cent of breaches.
Undoubtedly, businesses are vulnerable and at risk, facing an exhaustive list of ever-growing challenges and far greater complexities in how to manage these than ever before.
What’s more, attacks are more sophisticated — just consider that today, one successful zero-day exploit or ransomware attack, for example, has the potential to take down a business completely. Isn’t that a scary thought?
Even scarier is the fact that compromised privileged credentials and identities continue to be the root cause of the most damaging cyber attacks.
Companies need to circumvent obstacles like seasoned professionals, deliver meaningful impact on the cyber risk front, and implement a comprehensive cyber security strategy that’s holistic, and offers a risk-based approach to securing human and non-human identities.
Couple that with the fact that navigating the world of cyber insurance has become even more demanding, it’s truly a pressure cooker.
Take a blended approach
So, what’s the answer? Ensuring companies adopt a blend of advanced security solutions and sink their teeth into a solid cyber security insurance plan is a good “blended” security strategy.
Understandably, opting for a trusty cyber insurance policy is a smart move — it can help minimise post-incident business disruption, speed-up recovery efforts and curb related costs to the organisation and its partners — but it’s not the panacea for all corporate ills.
If anything, a company’s foundational pillars, most valuable data, systems and defences need to be fortified first — and that’s why adopting a strong identity security program centred on intelligent privilege controls as part of a foundational cyber security strategy is more important than ever.
Indeed, there are four core foundational cyber security strategy pillars to consider, including:
Better still, companies need help controlling, managing and auditing privileged accounts, credentials and secrets for human and non-human users in order to reduce risk while also improving operational efficiency and compliance.
And security starts with identity. To put it mildly, there’s been an explosion in human and machine identities with the rapid acceleration of major initiatives such as digital transformation, cloud migration, among others.
And while cyber insurance should be an integral piece of every organisation’s proactive risk mitigation strategy — as it provides essential financial protection and operational support — foundational and security best practice should be in place, especially as insurers are asking for application control and password protection.
Cyber insurance upsurge
Still, let’s examine the cyber security insurance landscape. Needless to say, the pandemic changed everything, shaking up the world of security like a Category 5 hurricane.
According to the US Government Accountability Office (GAO), the number of enterprises electing to adopt new cyber insurance policies nearly doubled from 26 per cent to 47 per cent.
As more pandemic-driven cyber risks persist, we expect demand will grow. The cost of coverage is also rising. AIG, for its part, increased pricing by 40 per cent globally, according to Reuters.
Locally, many Australian firms say the cost of their cyber insurance policies have increased by 300 per cent — with some plans excluding ransomware and phishing, the most common attacks which spiked between January and June this year to more than 1.2 million per month, according to recent Barracuda Research.
The huge spike in costs comes amid hefty payouts — high-profile attacks have wiped out the billions generated via premiums by cyber insurance companies. As such, insurers have clamped down on their terms and conditions to address hefty cyber loss trends.
Adding “fuel to the fire”, many insurers are applying more stringent pre-audit requirements and demanding a stronger security posture both in terms of controls and incident response plans.
What all these signals is it’s never been more important to ensure an organisation’s security controls are up-to-date and firmly in place — to keep and maintain proper cyber insurance coverage and safeguard the company’s crown jewels.
Instead of “putting all of your eggs in one basket”, think big: implement a range of security solutions that address compliance concerns and help customers reduce privilege-related risk, but also confidently and securely move your business forward.
Now, that’s just good business protection.
Thomas Fikentscher is the regional director, ANZ at CyberArk.