What’s keeping executives up at night these days? Cyber attacks and IT breaches.

Almost weekly, another high-profile company is in the news because of a coordinated attack by hackers or international ransomware gangs. In 2020 alone, more than $350 million was paid to cyber criminals to de-activate ransomware, which infiltrates IT systems and holds an organizations hostage until a ransom payment is made.

What should organizations do? Marsh McLennan Agency (MMA), a global insurance brokerage that offers cyber insurance and risk management solutions, recommends the following best practices:

1. Multi-factor authentication (MFA) for remote access, admin access, email, critical systems, vendor access. MFA is critical to minimizing risk across an enterprise. Ensure that users not only know a password, but also have a secure token. This can significantly reduce phishing attempts, credential stuffing attacks, and ransomware incidents. MFA should be enabled for email, VPN, and critical system access.

2. A current, tested incident response plan.  An incident response plan is essential for identifying, responding, and recovering from cybersecurity incidents. The plan should contain details about how to classify, triage, and escalate security events and be continually updated. MFA is critical to minimizing risk across an enterprise. Ensure that users not only know a password, but also have a secure token. This can significantly reduce phishing attempts, credential stuffing attacks, and ransomware incidents. MFA should be enabled for email, VPN, and critical system access.      

3. No open ports for remote access. A Virtual Private Network, remote access gateway, or other network filtering device can significantly reduce vulnerability to a cyber attack. This should be done in conjunction with MFA.

4. Air-gapped and encrypted backups. Backups need to be encrypted and ideally stored in an air-gapped environment. Encrypting backups and air-gapping storage reduces the likelihood of unauthorized access to files.      

5. Sunsetting or removal of end-of-life software. For mission-critical systems that can’t be upgraded or migrated to newer systems, additional controls are necessary to spot malicious behaviors and to implement strict access management.      

6. Advanced endpoint detection and response (EDR) solution. The presence of an EDR solution can be instrumental in preventing a cyber breach, such as credential dumping and network reconnaissance. Many EDR solutions use machine learning to identify and prevent malware from being executed.

7. Enabled logging for all systems, software, and perimeter devices. A common issue during incident response and digital forensics is a lack of available logging and evidence. Endpoints, servers, and     network equipment have capabilities to generate logs and send them to a centralized platform or Security Incident Event Manager for storage and threat correlation. These technologies preserve logs for analysis in the event of an incident.      

8. Employee awareness training and phishing simulations. Initial and ongoing training helps employees understand the real-world risks of phishing and social engineering attacks. By providing tools to train employees, organizations can continually educate their employees to minimize the possibility of a cyber incident.

9. An updated patch management program. A patching program should include policies and mechanisms to manage software updates in a timely manner. Patching efforts should address operating system updates, as well as commonly utilized software within the environment. An active patching plan should reduce the mean-time-to-patch and provide metrics on existing patch efforts.      

10. A password manager/vault and adoption of least privilege access. Password managers can significantly reduce the risk of weak passwords created by employees. Implementing an organization-wide password manager can generate strong, unique passwords for each site an employee accesses. Password managers often implement MFA to increase security and authenticate users.

Technology solutions are critical for every organization, but another important precaution is cyber insurance.

A wide range of coverage exists at different price points. It’s critical to regularly assess your organization’s risks and adjust coverage accordingly. That’s particularly important now because the cost of cyber insurance continues to rise sharply. In the second quarter of 2021, the average price of cyber coverage rose 56% in the U.S., according to research from MMA.

MMA Can Help
Every organization is potentially vulnerable to cyber threats. To manage the risk, MMA has created the Cyber Resiliency Network, which brings together best-in-class IT security and compliance expertise to create strategies and solutions. Learn more about the Cyber Resiliency Network and other valuable resources from MMA here.

Marsh McLennan Agency (MMA) provides business insurance, employee health & benefits, retirement, and private client insurance solutions to organizations and individuals seeking limitless possibilities. 


Renee McDermott is a Client Executive in MMA’s Business Insurance division.  Renee.McDermott@MarshMMA.com 

For reprint and licensing requests for this article, CLICK HERE.