Why multi-factor authentication is vital for a valid cyber insurance policy

In the same way they protect themselves against the chance of fire, flood and theft, Australian companies are increasingly taking out insurance against ransomware attacks.

Spurred by the growing number of incidents taking place, businesses are seeking protection from what can be a very expensive experience. Having vital data locked up and copies stolen can lead to debilitating disruptions and a loss of commercial reputation.

Until recently, securing cover against such incidents was relatively easy. A number of insurance companies offered policies that would readily pay out should an attack take place.

This situation is now changing. Faced with a rapidly increasing number of attacks, insurance companies are being forced to tighten their conditions and require more from insured parties. Businesses applying for policies now need to prove they are implementing a range of cyber security measures designed to make them more resistant to ransomware attack.

The ransomware challenge

The threat posed by ransomware is constantly evolving, and attacks are also being launched against a broader range of devices.

Where once cyber criminals would simply target a business’ central computer systems, they are now going after everything from machinery control systems to staff mobile devices. The objective is to cause as much disruption as possible and increase the likelihood that ransom demands will be met.

For this reason, the number of businesses seeking insurance coverage against attacks is constantly increasing. They want reassurance that, should they fall victim, the associated costs will be covered.

VIEW ALL

While there is currently insurance available that covers the costs of certain cyber attacks, the cyber side of policies still has a long way to go. Generally, cyber insurance covers direct losses such as the breach of security controls as well as the costs associated with restoring data, replacing hardware and software, and hiring forensic investigators and external lawyers. Some policies also cover damages caused to third parties such as customers and suppliers.

However, most cyber insurance companies do not cover all requested bailouts. So, for example, policies of up to $10 million may only actually provide $500,000 of payment in cases of cyber extortion, such as those occurring with ransomware. This continues to be a rapidly developing sector and most insurance companies are constantly evaluating the risks faced by businesses and just how likely they are to experience an attack.

Demands for multi-factor authentication

For this reason, Australian businesses looking to obtain cyber insurance need to carefully assess the policies they are taking on. It’s important to confirm ahead of time that the types of attacks that might take place are actually being covered.

It’s also interesting to note that growing numbers of insurance companies are making payouts conditional on businesses having multi-factor authentication (MFA) in place across their IT infrastructures. They demand that MFA be used to protect everything from centralised servers and applications to mobile devices and resources stored on cloud platforms.

This demand for MFA is being driven by the fact that credential theft is often the start of a ransomware attack. Cyber criminals use stolen credentials to gain access to an infrastructure and then move laterally to determine where best to cause disruption.

Within many businesses, credentials are actually the weakest point of their infrastructure because employees tend to use the same password for multiple systems. They create passwords that are too simple, share credentials with others, or inadvertently give information to unknown third parties.

MFA offers additional protection by adding a layer of security that has been shown to block 99.9 per cent of attacks. It may make the task of logging on a little more complex for staff, but the benefits delivered by MFA significantly outweigh the inconvenience it causes.

Because every attack begins at an endpoint, companies should also be making use of endpoint detection and response (EDR), in addition to MFA. Together, MFA and EDR can significantly reduce the threat of a breach, especially when combined with mature patching requirements, employee training and increased awareness.

The threats posed by ransomware are unlikely to decline any time soon, and so businesses need to take all steps required to ensure their cyber insurance policies provide the level of protection needed.

By deploying security measures such as MFA and EDR, they will be in a much better position to prevent an attack, but also have the security of insurance coverage should one occur.

Anthony Daniel is the regional director – Australia, New Zealand and Pacific Islands at WatchGuard Technologies