Cyber risk management – the trifecta of cyber resilience

Risk management is a core part of any organization’s business processes. Without the ability to manage risk, an unforeseen event could put the company out of business. Effective and comprehensive risk management requires an understanding of what can go wrong, how to minimize the probability of a risk event occurring, and how to recover if something does go wrong.

In many ways, managing risk for the business is similar to owning a car. Car ownership comes with significant risks and high stakes. Protecting yourself, your car, and others is part of responsible car ownership. You need to have a plan and services — such as insurance — in place, in case of an accident.

Cyber threats pose a significant risk to all organizations and affect a company’s ability to continue to operate. Here are the three elements you need for comprehensive cyber resilience to help you reduce the risk of getting compromised and improve your ability to recover quickly.

1. Understand and minimize the risk of compromise

When driving a car, the number one safety concern is crashing. Any vehicle can be involved in an accident, whether it is a luxury car or a jalopy. Similarly, any organization — from the largest enterprises to the smallest business — can be the target of a cyberattack.

When driving, an accident is always a possibility, so drivers take steps to manage their risk. They drive safely, avoid reckless behavior, and use safety controls — such as anti-lock braking systems (ABS), airbags, blind spot detection, and crash avoidance systems — to stay safe.

In the same way that drivers take steps and use controls to minimize the probability and impact of an expensive and damaging accident, companies need to do the same to manage their cyber risk.

Companies need to protect their safety

Companies are at risk of data breaches, ransomware infections, and other threats. Companies can minimize the risk of these threats using various tools and solutions such as:

• Advanced Email Protection: Phishing is one of the most common and damaging cyber threats that a company faces. Email protection solutions identify malicious content, links, and attachments in emails to protect users against these threats.
• Endpoint Protection Platform (EPP): Remote work and bring-your-own-device (BYOD) policies have made the endpoint an even larger target for cyber threat actors. EPP solutions protect endpoints by identifying and blocking inbound attacks.
• Endpoint Detection and Response (EDR): EDR solutions are designed to help an organization to address the attacks that EPP misses. EDR enables an organization to rapidly detect and respond to threats that make it through to the endpoint.
• Active Directory (AD) Security: Cybercriminals commonly abuse AD to move laterally through an organization’s environment after initial infection. AD abuse detection solutions identify these lateral movement attempts and help an organization to contain these threats before they reach more sensitive assets or obtain elevated privileges.

However, technology alone is not enough for security. The human factor is also necessary for comprehensive protection. Cybersecurity solutions aren’t designed to be “fire and forget” — they require 24×7 monitoring, threat detection and response to remediate the security incidents they detect. In the same way drivers need to pass a test before getting behind the wheel, companies also need to protect against attacks targeting their employees via training, education, and phishing simulation.

2. What to do in case a compromise occurs

Even if a driver takes all possible precautions, crashes can still happen. If you are involved in an accident, you typically need some form of help. Law enforcement, roadside assistance, medical, and other services are available 24×7 for this reason.

When a crash happens, it’s often because something went wrong — whether it was a failure in attention, an issue with the road, or because of another vehicle or pedestrian. After a crash, you also need to know what went wrong, which often requires specialist support from mechanics and other experts to identify and fix the problem.

Incident response helps you spot and resolve the underlying issues

In the same way, when a cybersecurity incident occurs, it’s because something went wrong. An attacker has exploited some gap in an organization’s security controls and used that gap to harm the organization. Or an employee clicked a phishing link or failed to properly secure a database housing sensitive files.

Figuring out what happened during a cybersecurity incident requires expert help — also known as an incident response (IR) team. Incident responders specialize in investigating and remediating a security incident, including finding out what went wrong, guiding an organization on the best actions to take during a compromise and helping restore the organization to normal operations.

An IR team is important to have ahead of a compromise, not when you’re attacked. You wouldn’t sign up for roadside assistance after a crash — it happens ahead of time. Incident response preparations should occur before an attack begins and include building an incident response strategy for addressing various threats. For example, a ransomware recovery plan might include the following steps:

1. Disconnecting infected systems from the network and shared resources
2. Analyzing the infected systems to identify the scope and details of the attack
3. Notifying internal and external stakeholders (management, legal, law enforcement, regulators, customers, etc.)
4. Scanning other systems to determine if they have been infected by the malware
5. Making a copy of encrypted data on infected systems
6. Restoring systems from backups
7. Reconnecting infected systems to the network

Often, incident response requires specialized expertise, and establishing a relationship with a trusted provider ensures that they are available to provide support when you need them. Having an incident response team on retainer enables you to correct the issue more quickly, decreasing the cost and impact of the attack and enabling you to return to normal operations. Having gone through the incident response plan creation process and table top exercises, the team will be better prepared.

Similar to roadside assistance, a proven incident response partner can help you get going after an event—making sure that it’s safe to operate again and reducing your downtime.

3. How to get back on the road

Car accidents can be expensive, especially if you’re at fault and responsible for repairing not just your vehicle, but also the other vehicle and any medical expenses. Most people don’t have the money on hand to pay for an accident out of pocket.

This is why car insurance exists. By taking out a policy and paying your premiums, you transfer the financial and residual risks of an accident from yourself to the insurance provider. This ensures that you have the resources necessary to correct the issue and get your car back on the road.

Cyber insurance is part of the recovery process

Like a car accident, data breaches and other security incidents can be a major expense that can hit your organization when you least expect it. According to the 2022 Cost of a Data Breach Report, the average cost of a data breach is $4.35 million, and a ransomware attack costs $4.54 million, not counting the ransom itself.

Most businesses have some form of liability insurance to protect themselves against various sources of risk. These policies enable an organization to transfer risk and the cost of recovery from various incidents to the insurance provider.  However, many general liability policies exclude cybersecurity incidents from their list of covered events.

To manage the risk of cyberattacks, an organization can take out a cyber risk insurance policy to protect themselves. Like other insurance policies, cyber risk insurance policies transfer risk and costs to the insurance provider and may offer coverage for:

• Incident remediation and recovery
• Incident response and other specialists
• Customer notification and identity restoration
• Ransomware ransom payments
• Recovery of lost or corrupted data, among other things

By partnering with a cybersecurity insurance provider, an organization can more quickly manage a cybersecurity incident and return to business as usual. By offsetting a majority of the costs associated with a network breach, a cybersecurity insurance policy also helps to ensure that an expensive cyberattack will not drive the company out of business.

Comprehensive cybersecurity requires covering all aspects of risk and recovery

Prevention, incident response, and cybersecurity insurance are all complementary and essential components of a cybersecurity strategy. Prevention may reduce the probability of a security incident, but incidents may still happen. If and when they do, incident response and recovery capabilities are necessary to return to business but may be expensive without the right preventative controls ensuring that breaches are rare and less damaging. Without cyber risk insurance, the cost of remediating and recovering from a breach may put your company out of business.

No single area of coverage is enough.

Security is stronger than the sum of its parts — a comprehensive plan gives you 360-degree protection, support, and recovery.

SolCyber, Surefire, and Converge have partnered to offer end-to-end support for cyber threat prevention, incident response, and cyber risk insurance. To learn more, reach out to SolCyber for a free consultation.