Filed Under:Agent Broker, Agency Management

Here's how businesses can prepare for future cyber attacks

Opinion: InsurTech Talk

In a reality of ever-increasing cyber threats, companies simply must get patching right. But research shows that many businesses leave critical assets unpatched for months and years at a time. (Photo: iStock)
In a reality of ever-increasing cyber threats, companies simply must get patching right. But research shows that many businesses leave critical assets unpatched for months and years at a time. (Photo: iStock)

The Equifax breach is the latest in a string of incidents that highlight the need for businesses to fortify their security operations.

Equifax is one of the largest breaches in history, impacting more than 145.5 million Americans — rendering their personal financial history publicly available — and is expected to cost Equifax hundreds of millions of dollars.

 

Related: 5 big cybersecurity lessons to learn from the Equifax data breach

However, like many other recent attacks, it was also easily preventable — and according to the CEO of Equifax, the core issue was that the company did not patch a web-server for over 6 months.

In a reality of ever-increasing number of threats, one would expect companies to get patching right. But, despite warnings and continued incidents, our research shows that many businesses leave critical assets unpatched for months and years at a time. Take WannaCry as one example.

While patches for the EternalBlue vulnerability were made readily available as soon as the NSA exploit was made public, millions of companies were hit by the WannaCry attack in May 2017 while still others were hit by NotPetya a few weeks later, and recently by BadRabbit — all variants on the same patchable vulnerability.


Related: Consumer precautions after the Equifax cybersecurity breach

Test, detect, remediate, repeat


A good patching program is much more than cranking down on the security team. It starts with making sure all software running on the organization’s IT systems is accounted for (easier said than done) and that there are tools and configurations that keep the list accurate. The security team needs to map dependencies between software and versions, flag legacy/customized systems that may have trouble updating and figure out how to control and monitor those risks. Then, an organization needs to embed tools and procedures to control version updates for all software systems.

To complement these operations, the organization needs to continuously test for vulnerabilities. It’s a simple principle: If an attacker can find your vulnerability, so can you. So:

Test, detect, remediate, repeat.

No company has a perfect system in place or can completely remove the risk from existing vulnerabilities. They can, however, work with their insurer and underwriter to ensure the biggest risks are being addressed and business losses from potential attacks are reduced.

Related: Cybersecurity, insurance execs see opportunity in Equifax data breach

Insurance carriers have a key role to play


Carriers take on risk, and therefore have meaningful insights into where risks lay in an organization. A carrier does its job well when it helps clients avoid loss and not just transfer it.

In such a dynamic risk environment, the insurance policy is just the start. The carrier and insureds are year-long partners with a mutual goal of avoiding loss. Carriers can support clients by continuously monitoring and underwriting risk and proactively working with clients to keep them secure throughout the lifetime of the policy.

The sad truth about the landmark Equifax breach is that it wasn’t an advanced threat; it was simply caused by an unpatched server. However, this is also highly encouraging: It is within our power to eliminate such events, and dramatically reduce loss to businesses, by working together, proactively, to help organizations build better execution capabilities and stay up to date. 

Rotem Iram is CEO of At-Bay (formerly Cyberjack). The opinions expressed here are the writer's own.

Related:

7 challenges insurers face in the cyber insurance market

The changing world of cyber liability insurance

Related

The Equifax breach: Here's what insurers should do next

Insurance companies should step up to help the victims of the Equifax cyber breach to strengthen both their customer engagement...

Featured Video

Most Recent Videos

Video Library ››

Top Story

6 behaviors that could spawn a sexual harassment lawsuit

Sexual harassment scandals loom large among the events that shaped 2017.

Top Story

2017's 10 most hazardous toys

The Boston-based nonprofit World Against Toys Causing Harm, Inc. (W.A.T.C.H.) has released its annual list of the 10 worst toys of 2017.

More Resources

Comments

eNewsletter Sign Up

Agent & Broker Insider eNewsletter

Proven success tips and essential information to help agents and brokers grow their practice – FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.