Over halfway into 2021, we have seen significant changes to the cyber landscape, an ever-growing threat of ransomware, and a pivot to working from home that seems to be part of the new normal. Cybersecurity is a team sport, and we’ve made it this far, together. To enable organizations and employees to control their threat landscape in an increasingly hybridized environment, Coalition recently concluded our inaugural Security Week — an extended event dedicated to creating a holistic risk management strategy.
Over four days, key members of the Coalition claims and security teams hosted fireside chats with our security partners to discuss the key pillars of a good security program.
In the castle of cybersecurity, credentials, or a username and password, are the keys to the kingdom. A staggering figure, 80% of hacking-related breaches leveraged compromised credentials. Implementing identity solutions such as multi-factor authentication (MFA) is a critical step to keep your organization from becoming a statistic. But what is MFA, and why does it matter?
Matt Egan, Director of Technical Strategy at Okta described MFA as a combination of something you know, something you have, and something you are. This may pair a username and password with a security credential token or with a biometric scan like a thumbprint or retina scan. When MFA is successfully implemented, stolen credentials become useless without one of the additional verification factors such as an Okta eight-digit code.
Egan and Coalition Security Engagement Manager Aaron Kraus strongly recommended putting strong authentication in front of as many systems as possible. “Okta MFA... I would consider a key pillar of a security program,” said Kraus.
Phishing emails are no longer your 90's-era Nigerian Prince scam rife with misspellings and obvious ploys to steal your valuable information. Instead, today's phishing attacks are sophisticated, with attackers mimicking real emails from your organization or even your vendors. Attackers lay in wait, for weeks if not months, learning the syntax, business operations, the identities of key finance personnel and who can approve funds transfers.
No employee wants to become the victim of a phishing attack. Yet, in the first half of 2021, nearly 50% of claims resulted from phishing. Coalition Claims Counsel Rich Gatz explained that phishing is not just the precursor to funds transfer fraud: it can lead to a ransomware deployment or another type of malware. This is why training becomes so critical.
The secret, according to Nick Santora, CEO of Curricula, is caring. Santora said the key to a good security awareness program is getting employees engaged and paying attention. Employers should have conversations with their employees, train together, and put in the time and effort to change employees from attack vectors to attack preventers.
Security awareness program: absolute must… Please start doing something that is gonna get your employees to learn about all the latest and greatest threats that are coming your way. -Nick Santora, CEO of Curricula
Instead of “death by PowerPoint” Curricula uses behavioral science techniques, like storytelling, to make an impact on employees. Security awareness training only matters, Santora argued, if employees can actually remember and recall the information to use in real world scenarios. Santora hammered home the criticality of using communication in conjunction with security awareness training and cybersecurity fundamentals such as implementing MFA, using strong passwords, and implementing a mechanism for reporting phishing.
In the world of cybersecurity, preventive maintenance is cheaper, more cost effective, and less resource intensive than responding to a breach.
When discussing cybersecurity, the conversation often focuses on risk — how to identify, manage and mitigate risk. Risk is more complex than the vague notion of nefarious attackers lurking in the farthest flung corners of the internet. Risk is an event or condition that could have a negative impact on a business. Organizations analyze risk based on the likelihood, severity, and velocity of the risk. From there, an organization makes decisions to accept or avoid the risk. As part of the decision-making process of risk analysis, organizations may choose to reduce their risk or transfer it through acquiring insurance.
Dave Schmoeller, Director of GRC Services at Reciprocity, explained the focus is often on reducing and transferring risk to balance achieving goals with the resources available to an organization. Risk ultimately drives the importance of compliance at an organization; this is where ZenGRC, Reciprocity’s governance, risk and compliance (GRC) solution fits in. ZenGRC provides end-to-end risk management with a centralized risk register, customizable risk calculations, a streamlined workflow and options to delegate tasks based on changes in risk, and dashboards to review all reports and data in a central location.
Being compliant doesn't mean you don't have any risk; it isn't complete avoidance. - Catherine Lyle, Coalition Head of Claims
While compliance does not guarantee an organization will never experience a cybersecurity event, non-compliance itself is a risk. According to Catherine Lyle, Coalition’s Head of Claims, when policyholders are compliant, they often have an easier experience working with forensics and counsel during a cybersecurity event.
Lyle explained how some organizations are less compliance-oriented and purchased cybersecurity insurance to pass along all their risk. However, Coalition’s holistic approach to assessing the risk of its policyholders looks for organizations that are compliance-oriented through policies like implementing MFA, not using RDP, and working with Coalition on a holistic risk-management experience.
Ransomware continues to evolve and proliferate. In the past year, Coalition saw the average cost of a ransomware incident increase 2.5x from 2019 to 2020, to over $350,000 per event, and the average ransom demand increased 6x to $130,000. Leeann Nicolo, Incident Response Lead at Coalition kicked off the session by walking through the basic timeline of a ransomware attack, which usually becomes apparent to policyholders once they realize their data has either been encrypted or is missing.
This is often when Leeann and the Coalition Incident Response (CIR) are looped in to determine if the policyholder has data backups or if Leeann and her team need to reach out to the attacker to begin negotiations.
“Let’s not get to the point where data is exfiltrated because it’s a very difficult conversation to have.” - Leeann Nicolo, Coalition Incident Response Lead
So what is a policyholder to do?
SentinelOne is a preventative measure, and a strong one at that. Jared Phipps, SVP. of Worldwide Solutions Engineering of SentinelOne joined Leeann to explain how the SentinelOne Endpoint Detection and Response (EDR) solution utilizes artificial intelligence to “detect and respond to the attack at the speed of a computer, not the speed of people.” SentinelOne can actually replace a traditional antivirus solution and offers policyholders fewer false positives and fewer alerts which may fatigue a beleaguered IT department. But is EDR by itself enough to protect a company?
While EDR alone is better than nothing, implementing the basic tenets of cybersecurity will help prevent the vast majority of attacks. Phipps mentioned he was a huge fan of MFA and SentinelOne actually integrates with MFA tools like Okta. Training your employees and building a robust cybersecurity program work with tools like SentinelOne to keep your network secure and make you a less attractive target to attackers.
For better or worse, you don’t want to be the least secure house on the block.
What seems like eons ago, the digital perimeter of a company was a straightforward castle and moat model: your physical office (the castle, or home) was protected by a moat (traditional firewall and VPN solutions). However, transitioning to a culture of work from home upended that model, and companies have been forced to change what they consider their digital perimeter and how they protect it. Coalition Security Engineer Tommy Johnson joined Adam Kujawa, Director at Malwarebytes Labs, and Alex Marshall, Chief Product Officer and Co-founder of Twingate to discuss the importance of network and device security.
According to Marshall, the new paradigm shifts the perimeter from protecting only one central location, such as a house to protecting each individual resource and application. Zero trust network access (ZTNA) solutions like Twingate can obfuscate the perimeter of your house and all of its resources and make it difficult for would-be attackers to enter through unlocked doors and windows. But what about the inside of your house, your network of trusted users?
Securing the perimeter of your house is just one layer of defense in depth. With Malwarebytes, you can scan your internal network for malicious software, files, or downloads that have made it through the front door. As Kujawa and Johnson noted, phishing always works, giving attackers another vector to access critical networks and information. The users in a network are part of the perimeter, and must be protected as such, calling for a truly layered approach to cybersecurity.
While ZTNA tools can lock all your doors and windows, and EDR solutions like Malwarebytes can secure your internal networks, a true defense-in-depth security architecture will account for all elements of your organization’s cyber risk profile.
Cybersecurity is a team sport, and with Coalition Control, your organization gets the upper hand in identifying technical risks and remediating them through recommendations from our in-house security team.
Tiago Henriques, Coalition’s General Manager of Customer Security, and Will Andre, Senior Manager, Product Marketing at Coalition, walked through a demo of Coalition Control, our software-as-a-service platform with free attack surface monitoring available to anyone. Yes, for free.
With just a business email address, organizations of any size benefit from ongoing scans that provide detailed analysis and recommendations for remediation. Coalition policyholders automatically have access to the premium version of Control that allows your organization to monitor multiple third parties, vendors, suppliers, and other partners whose systems may be integrated or touch yours to a monitoring watchlist. Also inside the Coalition Control ecosystem is information about all of our security week cybersecurity solutions partners.
Together, we’re going to acknowledge the risks we face, we’re going to address the security we need, and we’re going to take Control.