Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Is Your Firm Cyber-Ready?


Is Your Firm Cyber-ReadySurvey Shows Most Businesses Without An Effective Cyber Response Plan

This month the SANS Institute, a cooperative research and education organization, released survey results citing that only 9% of respondents labeled their cyber incident response capabilities as very effective. Furthermore, according to the report titled, “Incident Response: How to Fight Back”, 26% stated they were dissatisfied with their plan, citing lack or time to review and practice procedures (62%) and lack of budget (60%) as key impediments to effective response.

“Many small organizations think they are a less significant target to sophisticated attackers and are, therefore, safe from intrusion,” said SANS Analyst and author Alissa Torres. “As last week’s discovery of the loss of 1.2 billion usernames and passwords from 420,000 websites demonstrated, nothing could be farther from the truth.” Torres was referring to the hacking incident by Russian syndicate, the “CyberVor” gang, in a series of Internet heists affecting 420,000 websites.

Furthermore, according to the SANS report, organizations are not ready to handle their incident response requirements. Forty-three percent of respondents did not have formalized incident response plans and 55% didn’t have formal incident response teams. These situations, according to SANS Analyst Jake Williams, “lead to disjointed approaches to managing and remediating incidents, resulting in delayed responses and more costly mitigation.”

In a press release about the SANS survey, Joe Caruso, founder and CEO/CTO of Global Digital Forensics, said: “These are simply unacceptable numbers and reasons, because it doesn’t have to be sinkhole of time and resources to develop and maintain an effective cyber emergency response strategy, if you approach the problem the right way.”

Following is a brief overview, according to Caruso, on how to get cyber-ready:

  • Begin with assessing the threats you face. As very business is unique, one mustn’t take a one-size-fits-all approach, rather look at your entire digital landscape to understand what is needed. This involves assessing the technology in use, data needs, regulatory compliance issues and response policies and procedures.
  • Test where vulnerabilities lie. This involves assuming the role of a real-world attacker to see if you can penetrate the security protocols in place. This may mean everything from launching realistic spear phishing campaigns, to making phone calls posing as support to gather network credentials, as well as attempting to exploit operating system and software applications which have not been updated with the latest security patches.
  • Devise a response plan. Once the data environment is assessed and tested, devise a response plan either from scratch or strengthen any existing policies and procedures that may already be in place.

Critical to any cyber-readiness plan is having Privacy & Network Security (Cyber Liability) insurance program in place that will respond to the costs involved should a cyber attack or data breach occur. Cyber Liability addresses first- and third-party risks associated with e-business, the Internet, networks and informational assets. Depending on the type of Cyber policy purchased, the following risks can be addressed:

  • Loss of business revenue
  • Virus corruption
  • Accidental damage
  • Forensics
  • Replacing or restoring data or info
  • Crisis management expenses
  • Defamation, libel and slander
  • Breach of confidentiality
  • Unauthorized access or use
  • Transmission of computer virus
  • Theft of confidential data
  • Hacker attack
  • Damage to computer networks
  • Human error
  • Increased cost of working
  • Disaster recovery activation costs
  • Infringement of copyright or intellectual property
  • Invasion of privacy rights
  • Misleading advertising
  • Denial of service, loss of internet service
  • Regulatory penalties, fines

Just as no cyber-readiness plan is the same, the Privacy & Network Security insurance plan you secure should be customized to your needs. The professionals at Axis Insurance Services can help you design an insurance solution that addresses your firm’s exposures. We work with top-rated insurers to provide competitive, comprehensive insurance programs. Give us a call at (877) 787-5258.

Source: SANS

Comments

comments

Blogged on: August 25, 2014 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions