TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Crypto Data Firm Kaiko Raises $53m from Investors Led by Eight Roads

    June 29, 2022

    Hong Kong elite descends on Tokyo for bargain property buys

    June 29, 2022

    Sony’s InZone gaming monitors and headsets are for more than just PS5 gamers

    June 29, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Sony’s InZone gaming monitors and headsets are for more than just PS5 gamers

      June 29, 2022

      Pinterest has a new CEO, who has one job: to build the internet’s shopping mall

      June 29, 2022

      Montblanc Summit 3 will be the first Wear OS 3 smartwatch for iOS

      June 29, 2022

      Gmail’s new look is about to appear for more people, even if they didn’t ask for it

      June 29, 2022

      Are Hyper’s stackable USB-C chargers melting?

      June 28, 2022
    • Business
    • Cyber Security

      Hybrid work transition reveals low enterprise cybersecurity confidence

      June 28, 2022

      Ransomware in Q1 2022 doubled total 2021 volume

      June 28, 2022

      Lithuania hit by DDoS cyberattack

      June 28, 2022

      2 out of 3 European citizens welcome digital ID wallet

      June 28, 2022

      87% of executives have no cybersecurity tools on personal devices

      June 27, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Cyber insurers are starting to require lateral movement defense. Here’s why
    Cyber Security

    Cyber insurers are starting to require lateral movement defense. Here’s why

    June 23, 2022Updated:June 23, 2022No Comments5 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email

    We often define the risks of cyber threats with huge numbers, like the $4.62 million average payment after a ransomware breach or the 623.3 million ransomware events in 2021, by one report’s estimate, which it said was a 105% increase over 2020. Those big figures aren’t the only consequence of lax security.

    Cyber insurers are ready to drop coverage and stop writing new policies if companies don’t up their security game. 

    We have already seen insurers halve the amount of cyber coverage they provide to customers as a result of big ransom payouts. According to the most recent report on cyber insurance by the National Association of Insurance Commissioners, the loss ratio for the top 20 insurance groups in 2020 averaged 66.9%, up from 44.6% in 2019. 

    As a result of their big losses, insurers are raising premiums and starting to require customers to defend against lateral movement — when an attacker breaches a network, then uses privileged credentials to propagate — with tools like multi-factor authentication (MFA) on internal assets and endpoint detection and response (EDR).  

    EDR is only part of the solution — it is the minimum requirement. Most companies don’t know they need lateral movement defenses or how they might be tied to their insurance coverage; many believe having EDR and MFA is enough. If organizations want to purchase or keep cyber insurance, here’s what security leaders should know and put in place.

    How threat actors move laterally

    Lateral movement is involved in just about every security breach. Threat actors land on an endpoint, harvest the most privileged credentials and leverage them to move throughout the environment, hopping from servers to storage infrastructure and finding whatever sensitive data they can. 

    PrintNightmare, the Microsoft print spooler remote code execution vulnerability, is one example. As the Cybersecurity and Infrastructure Security Agency (CISA) explained in an advisory, Russian state-sponsored hackers exploited the vulnerability and a misconfigured account with default MFA settings to breach a non-government organization.  

    Threat actors are also harvesting privileged credentials through password caches that live on endpoints. Very few companies are limiting endpoints’ password caches, giving attackers an easy means to collect sensitive credentials. Once attackers access the endpoint, they crack those caches and start logging into servers and moving wherever they’d like. 

    Cyber insurance carriers are now requiring customers to have MFA not just on network ingress points, but also to access critical assets internally. If organizations have proper lateral movement defense, zero day vulnerability risks will be limited in their ability to allow threat actors to move laterally because any authentication event to gain administrative control will prompt an MFA challenge even though they’re already inside the network.

    How companies can fight back

    There are two ways to satisfy the requirements that insurance carriers are starting to make, but organizations and their security teams should be doing both. 

    The first is to deploy MFA not just on endpoints or remote desktop protocol (RDP) but also on other applications like PowerShell, Microsoft Management Console, universal naming convention paths, and Windows Remote Registry. Essentially, anything that can remotely control a server needs to have MFA applied.

    A second way to limit lateral movement is the concept of “jumping,” which is also referred to as jump box, jump host, or jump server. In this scenario, organizations can configure servers, storage, switches, routers, and firewalls to only be administered from specific IP addresses. But it’s not enough to just have a jumping platform; it needs to be supplemented with a privileged access management (PAM) tool and a password vault. 

    Those vaults would then change passwords regularly, so all highly privileged accounts are continuously updated. That way, if the IT admin needs to log in, the tool actually injects the passwords into the remote access connections, so the admin never has to know what the privileged passwords are.

    A new marketplace for cyber insurance

    Requiring extra controls is just one part of cyber insurers’ attempts to limit their own risk as demand for coverage continues its steady hike. 

    Last November, Lloyd’s Market Association’s (LMA) Cyber Business Panel drafted four policy exclusion clauses that broadened the definitions of War, Cyber War, and Cyber Operation. Merck was recently awarded $1.4 billion in a legal dispute with its insurer over whether being hit with a NotPetya attack was an act of war. Ransomware payments are rising, and insurers are looking for financial relief. 

    All this has changed the marketplace for insurance and how companies get coverage. 

    In the private sector, it’s usually the chief financial officer, chief of risk, or general counsel that makes the determination on cyber insurance. In government, it’s typically the general counsel, prosecutor’s office, or county/city’s legal office. None of those titles are synonymous with IT practices or security principles. Often, the right questions are not asked when talking with insurance carriers, as those managing the policies don’t fully understand the risks until they get an assessment from a cybersecurity professional.

    Business leadership — including risk managers, general counsel and executives — should require, at minimum, an annual technical control assessment to regularly present the risks at play within their associated organizations.

    cyber security insurance risk management security vulnerabilities
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Hybrid work transition reveals low enterprise cybersecurity confidence

    June 28, 2022 Cyber Security

    Ransomware in Q1 2022 doubled total 2021 volume

    June 28, 2022 Cyber Security

    Lithuania hit by DDoS cyberattack

    June 28, 2022 Cyber Security

    2 out of 3 European citizens welcome digital ID wallet

    June 28, 2022 Cyber Security

    87% of executives have no cybersecurity tools on personal devices

    June 27, 2022 Cyber Security

    CISA releases cloud security reference

    June 27, 2022 Cyber Security
    Editors Picks

    Hong Kong elite descends on Tokyo for bargain property buys

    June 29, 2022

    Sony’s InZone gaming monitors and headsets are for more than just PS5 gamers

    June 29, 2022

    Ripple Labs Inc Floats CBDC Innovate Challenge

    June 29, 2022

    Trump-endorsed candidate clinches Republican nomination for Illinois governor

    June 29, 2022
    Trending Now

    US FDA panel recommends redesign of Covid vaccine to target Omicron variant

    By techbizweb

    Are Hyper’s stackable USB-C chargers melting?

    By techbizweb

    Finland and Sweden poised to join Nato after Turkey drops veto

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.