How to Improve Ransomware Preparedness for Cyber Insurance Coverage

How to Improve Ransomware Preparedness for Cyber Insurance Coverage

EndpointProtectionDetectionResponseSOCServicesRansomwareCyberInsurance

img-jed-fearon

Jed Fearon

Solution Advisor, 17+ years of experience in MSP Solution Development, Sales and Marketing Communications

Now more than ever, clients turn to their MSPs for help reviewing and completing cyber applications.

The stakes are high. “A staggering 84% of US organizations experienced a phishing or ransomware attack in 2021, reports TrendMicro, “And the average ransomware payment was over $500,000.”

The threat landscape is getting worse, affecting businesses of all sizes, as cyber thieves continue to expand Ransomware as a Service (RaaS), subscription-based offerings that allow anyone on the dark side to launch attacks for a modest monthly fee.

Improving your cyber resilience and getting coverage starts with staying ahead of security technology, misleading definitions, and constantly evolving, multi-vendor integrations.

That’s why we’re dissecting the following six questions from a cyber insurance application and illuminating the business rationale for each.

#1 - Do you use endpoint protection (EPP) across your networks?

According to Exabeam, “Endpoint protection platforms (EPP) prevent endpoint security threats like known and some unknown malware.”

Pardon the nitpicking. Since it’s impossible to prevent security threats, we suggest you think of EPP as a hardening mechanism against basic online scams, non-targeted phishing, and bulk malware. (“Prevent” sets the wrong expectation.)

This form of protection is passive, does not require supervision, operates on isolated endpoints, and does not offer visibility into activity on the endpoint. It’s your primary, first line of defense.

#2 - Do you use endpoint detection and response (EDR) across your networks?

EDR is the perfect companion to EPP. Exabeam describes the expanded capabilities of EDR as follows, “EDR detects and responds to threats your EPP and other security tools did not catch. Many modern endpoint security platforms combine these two approaches, but you can also choose one type of security instead of both.”

We recommend pairing the two, so you gain:

  • Active threat detection
  • Immediate incident response capabilities to events missed by EPP
  • Investigation and containment of breaches
  • Aggregation of event and context data for the entire IT digital estate

Popular vendors in the EPP/EDR space include Checkpoint, CrowdStrike, FireEye, Microsoft, Palo Alto Networks, SentinelOne, and Trend Micro.

Learn More: EPP Versus EDR

#3 - Have you implemented a hardened baseline configuration across servers, laptops, desktops, and managed mobile devices?

This Microsoft-related question addresses your organization’s security standards or security baselines. Configurations conform to feedback from Microsoft security engineering teams, product groups, partners, and customers.

Every company has different settings and standards depending on its industry and operating activities.

A digital marketing firm will employ a different group of Microsoft-recommended configuration settings than a manufacturing enterprise.

Baselines give you a firm foundation for comparison and improvement, so every user and device is compliant.

Learn More: Why You Need Security Baselines

#4 - What is your target time to deploy ‘critical’ patches?

Applicants have four options: <30 days, 30–90 days, 90–180 days, and >180 days.

Threats never stop. They also permutate. It’s best to play it safe and present data that supports a more frequent cadence for patches, AKA updates.

Modern MSPs have detailed documentation on this 24/7/365 best practice. The data is pulled from professional services automation (PSA) software and presented in IT roadmaps and other easy to generate reports.

Check your inbox right now. You probably have several dozen open and closed tickets related to patch status.

#5 - Do you segregate “end-of-life” or “out-of-support” hardware and systems?

They are being very charitable here. Segregating high-risk assets is a step in the right direction, but replacement is the best path forward.

Why? These endpoints are impossible to patch. If this doesn’t scream red alert, nothing does.

Learn More: IT Reporting Examples

#6 - Have you established a Security Operations Center (SOC)?

“Established” is not the best word choice. SOC capabilities are available via Security Operations as a Service (SOCaaS). While a large company could build out a SOC and staff it with technical personnel 24/7/365, the cost would make a Saudi oil sheik blush.

AlienVault (AT&T), AlertLogic, and Ascend are just a few of the options.

Learn More: 26 SOCaas Options for MSPs and Their Clients

ConnectWise, the market leader in MSP management software, gives MSPs several convenient options to offer SOCaaS packages to their clients.

The ConnectWise Security Operations Center portfolio includes Continuum, Perch Security, and Stratozen. They also partner with Fortinet, Netsurion, SentinelOne, and Webroot. This means they will have a solution for every risk profile and budget.

Learn More: ConnectWise SOC Services and 10 Ways ConnectWise Improves Cybersecurity

What’s Next?

If this article provided clarity and the urge to get an assist from your MSP right away, our advocacy is complete for the day.

The goal is to get approved for cyber coverage and have subject matter experts monitor and manage the minutia for you through a single pane of glass. Zach Atya of Measured Insurance cites gaps in the following four services as the main reasons for rejection:

  • MFA Implementation
  • EPP
  • EDR
  • Security Awareness Training

Are you covered?

Learn More: How to Minimize Cybersecurity Insurance Gaps

If you enjoyed this article, you will probably like the related content in our free eBook.