Covid has ushered in a new age of remote working. With no network perimeter and more applications and data in the cloud than ever before, the enterprise is suddenly faced with a wider range of security threats that need to be urgently addressed. This changing environment has inspired a so-called ‘zero-trust’ approach to security encompassing four main principles: I) no user should be trusted by default as they can easily be compromised, II) VPNs and firewalls are insufficient on their own because they only protect the perimeter, III) device and identity authentication should be happening across the network, and IV) micro-segmentation helps to minimize potential damage from hackers by establishing interior locks and walls.
A well-designed zero-trust platform will integrate security functions into a nearly invisible interface, so users have no choice but to conduct their work in a more secure manner. The most popular zero-trust vendors are able to layer new functions on top of a client’s existing security setup, meaning that the business does not need to remove or replace any recent security investments or implementations. In addition to zero-trust, the trend towards remote working has accelerated the adoption of SASE (secure access service edge) and XDR (extended detection and response) to protect remote users and ensure that their data is adequately protected.
Improving visibility across networks, cloud, and endpoint as well as correlating threat intelligence across multiple security systems helps to improve detection and response significantly. Research firm Gartner recommends using a product that has a centralized incident response feature, so it is possible to adjust individual security products as part of your remediation process.
Of course, not all threats come from outside the organization.
Forrester reckons that insider data breaches will jump by 8 percent this year — and that a third of all incidents will have internal origins. Many businesses are woefully unprepared to mitigate these sorts of threats. One report suggests that the frequency of insider data breaches is likely to increase by 8% in 2021 (Shey, 2020). Furthermore, 61% of companies have suffered an insider attack in the last 12 months (Bitglass, 2020). And a staggering 60% of organizations have reported over 20 incidents of insider attacks in a year (IBM, 2020). Quite the minefield, right?
There are three main types of insider threats. The first is negligent insider threats, in which a careless employee inadvertently causes a breach as a result of poor security practices. A good example here is the case of a misconfigured Microsoft database in December 2019 (containing over 250 million entries) that was left publicly accessible for an entire month, revealing IP addresses, support case information, and email addresses. Employees were struggling with a new version of Azure and accidentally caused the breach.
The second type is malicious insider threats, which often come from aggrieved employees. Sometimes these attackers are seeking economic gain by leaking company data or selling it on the dark web. For instance, in 2018 an ex-Cisco employee entered into the company’s cloud system and removed over 450 virtual machines connected to the Cisco Webex Teams application, disabling 16,000 Webex Teams for 14 days. Cisco reported losses of $1.4 million in dealing with this incident, as well as forking out $1 million in refunds to customers. Ouch.
The third and last type of threat is compromised credentials or logins. Here, the attacker gains access to common user credentials (sometimes contractor credentials) by targeting employees or suppliers. The infamous Marriott breach last year is a good example of this. Hackers accessed over 5 million hotel guest records, using stolen credentials belonging to Marriott employees who had regularly logged into a third-party application. This included personally identifiable information (PII) such as contact information, dates of birth, and loyalty details.
The Mounting Cost of Breaches
- The average data breach costs nearly $3.9 million today (Ponemon Institute).
- The average cost of an insider breach has increased by over 30 percent to a staggering $11.45 million (Ponemon Institute).
- 25 percent of consumers are likely to actively avoid the offending brand following a well-publicized data breach, according to the same study
These findings have obvious implications for a company’s revenue and shareholder value. The most immediate upfront costs are HIPAA and PCI fines, but there are additional expenses that come with the necessary forensic studies and extensive damage mitigation efforts like isolation, data backup, restoration, and myriad security audits.
Cybersecurity Insurance Premiums Are Increasing
Against this drop, it’s not surprising that written premiums for cyber coverage surged by close to 30 percent last year — with businesses of all sizes seeking protection against the significant increase in network intrusions, data theft and ransomware incidents. The notable shift to a remote workforce, combined with an increase in phishing, left companies more vulnerable.
Cyber incidents are on the rise internationally, with Canadian insurers reporting a cyber net claims ratio of 105 percent last year, up from 39 percent a year in 2019 (according to a study from Fitch Ratings). These losses triggered a dramatic upward trend in quote prices in the fourth quarter of last year, with premiums increasing by 11 percent year-on-year.
Analysts like AdvisorSmith have found that the most common causes of cyber insurance claims today are phishing, ransomware, hacking and employee negligence. Accountants, healthcare practices, and apartment complexes (in other words, entities in possession of social security numbers, dates of birth, and other valuable personal data) tend to pay the heftiest premiums.
Discuss Your Cybersecurity Needs With Us
Clearly, there are lots of cyber threats out there that businesses need to be aware of, and the financial impact can be substantial when things go wrong. But that doesn’t mean there’s reason to despair. Instead, it just means that it’s a smart idea to prepare and prevent rather than repair and repent. And partnering with us is one of the best ways to go about it!
Symplicity is happy to provide you with closely tailored, sector-specific advice on today’s cybersecurity threats and how best to counter them. Please contact us today if you want to know more about how to protect your business in the new threat landscape. You can also check back here to read our upcoming blogs, where we’ll be sharing some of our best practices over the coming weeks.