With cyber attacks growing in size and complexity – and underwriters more closely scrutinising their cyber risk exposures – it’s vital that businesses invest in robust cyber security controls.
“As many of us have seen in recent years, cyber attacks just continue to increase. They're fuelled by these more sophisticated and persistent attackers; particularly ransomware attacks alone have increased by a staggering 150% year-over-year and it's become very commonplace for us to read and hear about multimillion-dollar ransom payment demands,” says Spiros Fatouros, Marsh Africa CEO.
At Marsh, one of the things we've done is we've tried to find and hone in on the main cyber controls that the underwriters have been focused on, and we've landed on 12 key cyber hygiene controls. We believe that companies should really prioritise these and we've even narrowed it down further to the top five.
1. Multifactor authentication (MFA). Hackers today have access to technology able to break user passwords, even ones considered strong — especially when users re-use passwords across multiple sites, which occurs frequently. Organisations should bolster their security through MFA, which requires at least two pieces of evidence (factors) to prove the user’s identity.
2. Endpoint detection and response (EDR). It’s important for companies to have up-to-date information about the security posture of any devices employees use to receive corporate information, whether it’s a laptop, desktop or mobile device. The monitoring software will watch for any suspicious or irregular activities. EDR also facilitates rapid incident response across an organisation’s environment.
3. Secured, encrypted and tested backups. Increased ransomware activity underscores the need for organisations to have a robust backup strategy for their critical data and applications.
4. Privileged access management (PAM). Users should be required to use higher security login credentials to access administrator or privileged accounts. And, special users — such as IT, network or database administrators — should only be allowed to carry out specific tasks through their privileged access.
5. E-mail filtering and web security. E-mail and web browsing platforms are full of pitfalls and need to be controlled to avoid threat actors gaining an initial foothold into your network. Organisations should block access to any web pages that are deemed inappropriate and those that may contain malware.
Marsh sponsored the ITWeb Security Summit, held on 31 May and 1 June 2022.
Share
Marsh
Marsh is the world’s leading insurance broker and risk advisor. With over 45,000 colleagues operating in 130 countries, Marsh serves commercial and individual clients with data-driven risk solutions and advisory services. Marsh is a business of Marsh McLennan (NYSE: MMC), the world’s leading professional services firm in the areas of risk, strategy and people. With annual revenue nearly $20 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. For more information, visit mmc.com, follow us on LinkedIn and Twitter or subscribe to BRINK.