As the month of October is still #NationalCyberSecurityAwarenessMonth, here are some basic explanations and terminology for #cybersecurity and #cyberpolicy:
Cyber coverage is going to be an insurance policy that kicks in when your company is the victim of a cyber attack. (Ransomware, phishing, DDOS, malware.) This policy will employ cybersecurity professionals to relieve this pain for you. There are lawyers who specialize in these types of crimes and there are sub limits in the cyber policy to cover those costs. There are also “hostage negotiators” who will negotiate with hackers who may be holding your data, or network for ransom.
Cybersecurity is the protection of your company’s network and data from cyber-attacks or unauthorized access. This includes a firewall, anti-virus, multi-factor authentication and a detection response system. (EDR, XDR.)
Your cyber coverage and the strength of your cybersecurity measures do not exactly work in tandem. Rather, they are two necessary ways to provide your business with protection from cyber-attacks. Even the best cybersecurity practices can be outmaneuvered by an employee opening an email attachment from a phishing attack which then installs a malware into the network. This is where your cyber coverage comes in to provide you with the professional resources to get your day-to-day back on track.
XDR is Extended Detection and Response, which monitors for unusual activity coming from your endpoints, your cloud, your mobile devices, and network data, then secures your network by containing the threat. (The latest and greatest. Most protection possible.)
Multi-factor Authentication is a login procedure that requires a user to verify their identity through more than just a password. (Authenticator apps, Biometrics. Ect.)
Attack surfaces refer to the total possible entry points (also known as attack vectors) for unauthorized access into any system. The recent increase in remote and hybrid work combined with the shift to the cloud and widespread implementation of software-as-a-service (SaaS) applications have made attack surfaces increasingly large, complex and difficult to defend against cyberattacks. As a result, organizations face the challenge of continuously monitoring their attack surfaces to identify, block and respond to threats as quickly as possible. That’s where attack surface management (ASM) can help. This article provides more information on ASM and explains how it works.
What Is ASM?
ASM involves continuously discovering and monitoring potential attack vectors, including any pathway or
method a hacker may use to gain access to a company’s data or network to facilitate a cyberattack. A company’s attack surface is constantly changing and generally includes four main surfaces:
1. On-premises assets, such as hardware and servers
2. Cloud assets, such as workloads, cloud-hosted databases or SaaS applications
3. External assets, such as an online service provided by an external vendor that may be integrated with the company’s network or is used to store its data
4. Subsidiary networks shared by more than one organization
How ASM Works
ASM aims to provide a company’s security team with a current and complete inventory of exposed assets to accelerate responses to threats and vulnerabilities that put the company at risk. ASM includes four automated core processes that must be carried out continuously as the size of the digital attack surface is constantly in flux. These processes include the following:
1. Asset discovery—Asset discovery is a continuous process that scans for potential entry points for a cyberattack. These assets may include subsidiary assets, third-party or vendor assets, unknown or
non-inventoried assets, known assets, or malicious or rogue assets.
2. Classification and prioritization—Assets are analyzed and prioritized by the likelihood that hackers could use them as a target. They’re inventoried by their connections to other assets in the IT infrastructure, IP address, identity and ownership. Assets are also analyzed for exposures such as missing patches, coding errors and potential attacks, including spreading ransomware or malware. Each vulnerable asset is assigned a risk score or security rating.
3. Remediation—Potential vulnerabilities are remediated in order of priority. It may be necessary to apply software or operating system patches, debug application codes or use stronger data encryption. Previously unknown assets may need new security standards, or it may be necessary to integrate subsidiary assets in the company’s cybersecurity strategy.
4. Monitoring—Security risks change whenever a new asset is deployed or existing assets are used in new
ways. The network and its inventoried assets are continuously monitored for potential vulnerabilities to
allow ASM to find attack vectors in real time. Security teams can then act quickly to neutralize the
threat.
For additional cyber risk management information and insurance solutions to help protect your company from the financial effects of a cyberattack, contact us today at (505) 883-3683 or visit mianm.com/contact
Comments