New Articles

Understanding Cyber Liability Insurance: Securing System Access to Secure Coverage

insurance

Understanding Cyber Liability Insurance: Securing System Access to Secure Coverage

Organizations purchase cyber liability insurance as a way to mitigate the impact of data security incidents. However, as with any liability policy, cyber risk insurance incorporates a set of exclusions that allow insurance companies to deny coverage. While most policyholders and insurance professionals assume that external monitoring acts as the only way to ensure coverage and reduce the likelihood of costly coverage litigation, digital transformation has shifted the perimeter away from external controls such as firewalls towards a more focused approach on identity and access.

Understanding Cyber Insurance Exclusions

Everyone reads the Insuring Agreement, or the part of an insurance policy that provides coverage. Typically, this section lists out all of the events for which an organization can submit a claim. For example, many cyber insurance policies will cover unauthorized access to systems, networks, and software that leads to a data security event.

However, as in life, all promises come with conditions. In the insurance world, conditions are called the exclusions, or the activities that are reasons allowing an insurance company to deny coverage. Generally located at the end of a policy, these may seem logical. For example, in a cyber-risk policy, an insurer does not need to cover the loss if the policyholder failed to enforce reasonable security practices and systems maintenance procedures.

In other words, if a data security event is the result of failure to enforce best security practices, the insurance company can deny the claim.

Why Identity and Access Matter to Data Security

As evidenced by the recent Twitter breach, cybercriminals increasingly target users as a way to gain unauthorized access to privileged locations in an organization’s IT ecosystem. This tactic makes sense in many ways because privileged accounts traditionally have universal access to an organization’s most important services and data.

For example, to do their job, IT administrators need nearly unfettered access to an organization’s ecosystem. They need to create accounts and grant access to other users. However, that also makes them a high-risk user. They could conceivably create fake accounts and grant themselves privileged access then engage in malicious data theft or credential theft, moving around in the organization’s systems and networks without looking suspicious.

Similar to the Twitter breach, this type of activity is hard to recognize unless the organization is actively monitoring who has access, how they use their access, what they access, and why they need it.

Enforcing Identity and Access Controls as Data Security Best Practices

Data security best practices pose problems for organizations as no set definition exists because cybercriminals continue to evolve their methodologies. With most organizations embracing remote workforces for the foreseeable future, on-premises security controls no longer provide the necessary protection. In order to secure data and protect privacy, companies should look to the Identity perimeter to limit access and monitor privileged access within their ecosystems.

Enable Zero Trust

Zero trust, aka “never trust, always verify,” is a cornerstone of enforcing identity. This is widely becoming not just best practice, but a table stakes identity and access management strategy – especially for users with elevated privileges. In a business application landscape overrun by phishing and brute force attacks, there is little confidence in usernames and passwords being the primary driver for identity and access management. That’s not to say that usernames and passwords don’t have their seat at the table, but they can’t be sitting alone. Combining them with dynamic controls that evaluate the context of access to determine risk is critical. Trusting the same access privileges, no matter what the circumstances, will lead to security threats. IT leaders must assume that cybercrime can circumvent their perimeter identity controls and be acting accordingly.

Apply the Principle of Least Privilege (PoLP)

The first step to creating best Identity and Access Management (IAM) practices is to ensure all users have only the access they need to fulfill their job functions and nothing more. For example, someone in human resources (HR) might need access to an employee’s address, but that individual may not need all the banking information attached to the record if they are not in the payroll area.

Enabling PoLP Using Attribute-Based Access Controls

For legacy business applications, PoLP is a non-starter because access governance is dictated by static, roles-based access controls (RBAC). For example, an HR manager needs a certain set of rights within the organization’s system. However, RBAC only limits access based on what the user does in the company (unless manually changed). With attribute-based access controls (ABAC), organizations can set additional contextual attributes such as geographical location, IP address, or time of day. This additional context allows the organization to limit access to high-risk resources on a more detailed level. With the explosion of remote work, ABAC provides a way to limit users’ access when the organization has determined that a location or time of day would be considered riskier. For example, someone using a public WiFi is at a higher risk of a man in the middle attack than someone using their home WiFi. If the organization sets trustworthy IP addresses, users cannot access sensitive information from public WiFis, reducing the attack surface.

Continuously Monitor Access

The same continuous monitoring mantra that exists at the network perimeter also holds true at the Identity perimeter. With user access monitoring, organizations can review the resources accessed to ensure they are appropriate to the users’ needs. Organizations need a way to detect suspicious access to sensitive information. For example, if an HR representative is accessing healthcare information at 2:00 AM, the organization needs to know whether that employee typically works late at night or whether this is an outlier signaling a potential data security incident. Without visibility into when and how users interact with data, organizations cannot prove that they enforced their access policies as a best practice.

Digital Transformation, Remote Work, and Securing Coverage

Digital transformation, accelerated by the rapid move to remote workforces, streamlines productivity but also increases risks. With more users connecting more devices from more places at less regular times, identity and access is an integral part of an organization’s data security.

Establishing and enforcing strict access policies is now more important than ever before. Malicious actors will continue to look for user accounts that act as back doors to organizations’ systems, networks, and software. In order to secure cyber liability coverage, companies need to be more actively engaged in monitoring access and mitigating potential threats arising from compromised accounts.

____________________________________________________________

Piyush Pandey, CEO at Appsian (www.appsian.com) is a technology executive with 19 years of global experience in strategy, sales, mergers & acquisitions, and operations within software companies. Over the last 10 years, he has worked with enterprise software companies including Oracle, Epicor, Concur, Citrix and Microsoft on various transactions. He has held various leadership positions at Procera, Deutsche Bank, Stifel, Wipro Technologies and a wireless startup.

A 5-step guide to managing cyber threats in the supply chain

When Danish shipping giant A.P. Moller-Maersk was attacked by the NotPetya malware in 2017, access to its electronic booking systems was blocked and ultimately forced a 10-day overhaul of its entire IT infrastructure.

The malicious attack still remains one of the largest disruptions to affect the global shipping industry to date. As a result of lost bookings and terminal downtime, Maersk incurred a massive US$300 million (€264 million) loss.

With the increasing sophistication of cyber threats, companies worldwide have to brace themselves for a new reality where supply chain disruptions are no longer restricted to those of a physical form. Cyber-attacks have the potential to disrupt or, at its worst, cripple the logistics and supply chain operations of an entire business across different geographies.

Instead of adopting a reactive approach to cyber security, companies should actively prevent and manage such cyber risks by devising a response plan with the following five steps.

Identify third-party risks

To successfully thwart future cyber-attacks, companies have to first determine which vendors or third-party entities have access to their firewall and could have the largest impact to the organization in a worst-case scenario.

When selecting possible vendors to work with, it is best to consider the amount of sensitive data that the vendor is handling, such as personally identifiable data, protected health information or financial transactions. With this knowledge, suitable mitigation measures must then be introduced to safeguard the sensitive data.

Monitor the cyber threat environment

As cyber threats are continuously evolving and news reports of a cyber-incident become known, it is a continuous effort to assess and understand events impacting the vendors or third-party entities that your organization works with.

The ability to persistently monitor one’s supply chain and the cyber threat environment will be the best determinant in responding adequately to a cyber-incident.

For instance, a year on from the cyber-attack on Maersk, Chinese state-owned shipping conglomerate COSCO Group managed to contain the damage and limit the length of disruption when its shipping operations in the Americas suffered a ransomware attack.
Though its shipping operations in the Americas came to a momentary standstill, the company’s swift response efforts and preemptive network segmentation prevented the escalation of the attack, allowing regular operations to resume within a week without significant damage.

Assess potential impact

Organizations should possess the capability to gauge the extent of the potential impact a cyber-attack can have on its business operations.

Knowing the nature of each cyber-attack can better equip companies by facilitating understanding, communication and coordination along its supply chain.

Types of cyber attacks

·Data breach: Release of secure information to an untrusted environment, including trade data, schematics, manufacturing systems, shipping data, and other confidential company information
·Ransomware: A form of malware which encrypts a user or end system, rendering all data within inaccessible, and demanding the payment of ransom to decrypt
·Denial of service: A cyber-attack performed by many actors to render a firm’s website or system unavailable to users
·Vulnerability: The discovery of a weakness, known or unknown, which may be exploited by a threat actor to perform unauthorized actions on a system
·Phishing: A fraudulent attempt to obtain security credentials from entry to executive levels for malicious purposes

Conducting a risk assessment on the areas of vulnerability from multiple angles will help companies measure the potential risk and threat of a sudden attack on its supply chain.

Develop risk scenarios and emergency protocols

Without emergency protocols established or adhered to in the event of a cyber-attack, it will likely cause confusion that leads to disruption in the supply chain. Companies need to train its employees on potential threat scenarios and develop corresponding response plans to tackle different situations.

Often, these response processes might involve the use of advanced technology and human intelligence analysis. Having established the protocols and trained employees on their respective emergency response roles, the company will then be well-prepared to implement the appropriate measures to mitigate the potential damage inflicted by a cyber-attack.

Communicate relevant actions to stakeholders

When a threat has been identified, it is imperative to investigate the matter internally and cascade information in a timely manner within the organization before alerting the relevant authorities. Once more details emerge and the nature of the threat is confirmed, organizations should pro-actively inform all stakeholders who have been affected, while activating the emergency response teams to rectify the issue.

With the threat of cyber-attacks looming large, companies need to take control and ready themselves with a proper response plan and top-notch cyber security practices to protect their supply chain.

Shehrina spearheads the supply chain risk monitoring capabilities for Resilience360. Resilience360 offers end-to-end supply chain risk management, alerting customers about supply chain incidents globally and risks to their global supply chain in almost real time. The platform helps companies handle an ever-changing world by assessing the impact of natural disasters, changing regulatory environments, and other supply chain risks. With Resilience360, businesses can visualize their supply chains end-to-end, use machine learning capabilities to detect early warnings of incidents that can disrupt their supply chain and it will allow customers to preemptively respond and minimize business interruption.

This article was originally published on DHL’s Logistics of Things. Read more on how logistics impacts business, builds lasting connections and drives innovation.