Cyber incidents—including data breaches, ransomware attacks and social engineering scams—have become increasingly prevalent, impacting organizations of all sizes and industries. Such incidents have largely been brought on by additional cyberthreat vectors and growing attacker sophistication. As these incidents continue to rise in both cost and frequency, it’s crucial for organizations to take steps to address their cyber exposures and bolster their digital security defenses.

Doing so not only helps organizations prevent cyber incidents and associated insurance claims from happening, but can also help them secure adequate cyber coverage in the first place. 毕竟, 网络事件日益严重，促使大多数网络保险公司提高保费，并在保险组织和承保损失类型方面更具选择性. 像这样, 许多保险公司已经开始利用组织的网络安全实践文件来确定他们是否有资格获得保险——无论是新保单还是续保——以及他们的保费有多贵.

记住这一点, here are 10 essential cybersecurity controls that organizations can implement to help manage their cyber exposures.

1. 多因素身份验证(MFA)

While complex passwords can help deter cybercriminals, they can still be cracked. To help prevent cybercriminals from gaining access to employees’ accounts and using such access to launch potential attacks, MFA是关键. MFA是一种分层方法，用于保护数据和应用程序，其中系统要求用户提供两个或多个凭据的组合来验证其登录身份. Through MFA, employees must confirm their identities by providing extra information (e.g., a phone number or unique security code) in addition to their passwords when attempting to access corporate applications, 网络和服务器.

This additional login hurdle means that cybercriminals won’t be able to easily unlock accounts, even if they have employees’ passwords in hand. It’s best practice for organizations to enable MFA for remote access to their networks, the administrative functions within their networks and any enterprise-level cloud applications.

2. Endpoint Detection and Response (EDR) Solutions

EDR解决方案持续监控与安全相关的威胁信息，以检测和响应勒索软件和其他类型的恶意软件. They provide visibility into security incidents occurring on various endpoints—such as smartphones, 台式电脑, 笔记本电脑, 服务器, 平板电脑, 以及其他与所连接的网络进行来回通信的设备，以帮助防止数字损害并将未来的攻击最小化.

具体地说, EDR solutions offer advanced threat detection, investigation and response capabilities—including incident data search and investigation triage, 可疑活动验证, 威胁狩猎, and malicious activity detection and containment—by constantly analyzing events from endpoints to identify suspicious activity. 进一步, 这些解决方案通过记录所有端点和工作负载上发生的活动和事件，为实时发生的情况提供持续和全面的可见性. Upon receiving alerts regarding possible threats, organizations and their IT departments can then uncover, investigate and remediate related issues. 作为一个整体, implementing EDR solutions is a critical step in helping organizations enhance their network visibility, conduct more efficient cybersecurity investigations, 在潜在事件中利用自动修复，并通过持续的端点数据分析促进更多情境化的威胁搜索.

3. 补丁管理

Patches modify operating systems and software to enhance security, fix bugs and improve performance. They are created by vendors and address key vulnerabilities cybercriminals may target. Patch management refers to the process of acquiring and applying software updates to a variety of endpoints.

The patch management process can be carried out by organizations’ IT departments, automated patch management tools or a combination of both. Steps in the patch management process include identifying IT assets and their locations, assessing critical systems and vulnerabilities, 测试和应用补丁, tracking progress and maintaining records of such progress. Patch management is necessary to ensure overall system security, maintain compliance with applicable software standards set by regulatory bodies and government agencies, leverage system features and functionality improvements that may become available over time, and decrease downtime that could result from outdated, 低效率的软件.

从网络安全的角度来看, a consistent approach to patching and updating software and operating systems helps limit exposure to cyberthreats. 相应的, organizations should establish patch management plans that include frameworks for prioritizing, 测试和部署软件更新.

4. 网络分割和隔离

When organizations’ networks lack sufficient access restrictions and are closely interconnected, cybercriminals can easily hack into such networks and cause more widespread operational disruptions and damage. That’s where network segmentation and segregation can help. 网络分段是指通过使用交换机和路由器将较大的网络划分为较小的网段(也称为子网), therefore permitting organizations to better monitor and control the flow of traffic between these segments. Such segmentation may also boost network performance and help organizations localize technical issues and security threats. Network segregation, on the other hand, entails isolating crucial networks (i.e., those containing sensitive data and resources) from external networks, such as the internet. 这种隔离使组织有机会在其最关键的网络中利用额外的安全协议和访问限制, making it more difficult for cybercriminals to penetrate these networks laterally.

Both network segmentation and segregation allow organizations to take a granular approach to cybersecurity, 限制网络罪犯获得对其IT基础设施(以及其中的重要资产)的广泛访问并造成重大损失的风险. When implementing network segmentation and segregation, 组织必须坚持最小权限原则——只允许员工访问他们执行工作职责所需的网络——并根据关键业务功能将主机与网络分开，以确保最大的基础设施可见性.

5. 生命终止(EOL)软件管理

At some point, all software will reach the end of its life. This means manufacturers will no longer develop or service these products, 停止技术支持, 升级, Bug修复和安全性改进. As a result, EOL software will have vulnerabilities that cybercriminals can easily exploit.

Organizations may be hesitant to transition away from EOL software for a number of reasons, 比如资源有限, a lack of critical features among new software or migration challenges. This is especially true when EOL systems are still functioning. 然而, continuing to use EOL software also comes with many risks, including heightened cybersecurity exposures, 技术不兼容, 降低系统性能水平, elevated operating costs and additional data compliance concerns. 像这样, 很明显，主动的EOL软件管理对于防止意外事件和维护组织网络安全是必要的. 特别是, organizations should adopt life cycle management plans that outline ways to introduce new software and provide methods for phasing out unsupported software; utilize device management tools to push software updates, certifications and other necessary 升级 to numerous devices simultaneously; and review the EOL status of new software before selecting it for current use to avoid any confusion regarding when it will no longer be supported and plan for replacements as needed

6. RDP (Remote Desk Protocol)安全措施

rdp(微软开发的一种网络通信协议)包含一个数字接口，允许用户远程连接到其他服务器或设备. Through RDP ports, users can easily access and operate these 服务器 or devices from any location. RDP已经成为一种越来越有用的商业工具——允许员工在家工作时检索存储在组织网络上的文件和应用程序, as well as giving IT departments the ability to identify and fix employees’ technical problems remotely.

不幸的是, RDP ports are also frequently leveraged as a vector for launching ransomware attacks, particularly when these ports are left exposed to the internet. In fact, a recent report from Kaspersky found that nearly 1.3 million RDP-based cyber events occur each day, with RDP reigning as the top attack vector for ransomware incidents. 来保护他们的RDP端口, it’s important for organizations to keep these ports turned off whenever they aren’t in use, 确保这些端口不向互联网开放，并通过使用虚拟专用连接(VPN)和MFA提高整体接口安全性.

7. Email Authentication Technology/Sender Policy Framework (SPF)

Many ransomware attacks and social engineering scams start with employees receiving deceiving emails, 例如欺诈性发件人声称是值得信赖的一方，并提供恶意附件或要求提供敏感信息. To protect against potentially harmful emails, it’s paramount that organizations utilize email authentication technology. 

该技术监视传入的电子邮件，并根据组织现有的特定发件人验证标准确定这些消息的有效性. Organizations can choose from several different verification standards, but the most common is SPF—which focuses on verifying senders’ IP addresses and domains.

在验证电子邮件时, this technology permits them to pass through organizations’ IT infrastructures and into employees’ inboxes. 当电子邮件无法验证时, they will either appear as flagged in employees’ inboxes or get blocked from reaching inboxes altogether. With SPF, unauthenticated emails may even be filtered directly into employees’ spam folders. 最终, 电子邮件身份验证技术可以使危险的电子邮件远离员工的收件箱，并在网络犯罪分子开始之前阻止他们的策略.

8. 安全数据备份

组织保护其敏感信息和数据免受网络罪犯侵害的最佳方法之一是进行频繁和安全的备份. 首先也是最重要的, organizations should determine safe locations to store critical data, whether within cloud-based applications, on-site hard drives or external data centers. 从那里, 组织应该为备份这些信息制定具体的时间表，并概述数据恢复程序，以确保在可能发生的网络事件中快速恢复. 

9. 事件应变计划

Cyber incident response plans can help organizations establish protocols for detecting and containing digital threats, remaining operational and mitigating losses in a timely manner amid cyber events. Successful incident response plans should outline potential attack scenarios, ways to identify signs of such scenarios, methods for maintaining or restoring key functions during these scenarios and the individuals responsible for doing so.

These plans should be routinely reviewed through various activities, such as penetration testing and tabletop exercises, to ensure effectiveness and identify ongoing security gaps. Penetration testing refers to the simulation of actual attacks that target specific workplace technology or digital assets (e.g., 网站, applications and software) to analyze organizations’ cybersecurity strengths and weaknesses. 与此形成鲜明对比的是, 桌面演习是允许组织利用模拟场景来演练和测试其网络事件响应计划的效率的演练. Based on the results of these activities, organizations should adjust their response plans when necessary.

10. 员工培训

Employees are widely considered organizations’ first line of defense against cyber incidents, especially since all it takes is one staff mistake to compromise and wreak havoc on an entire workplace system. In light of this, it’s crucial for organizations to offer cybersecurity training. This training should center around helping employees properly identify and respond to common cyberthreats. 其他培训主题还可能包括组织具体的网络安全政策和报告可疑活动的方法.

Because digital risks are everchanging, this training shouldn’t be a standalone occurrence. 而, organizations should provide cybersecurity training regularly and update this training when needed to reflect the latest threats, 攻击趋势和工作场所的变化.

结论

In today’s evolving digital risk landscape, it’s vital for organizations to take cybersecurity seriously and utilize effective measures to decrease their exposures. By leveraging proper cybersecurity controls, 组织可以帮助保护他们的业务免受各种损失，并减少相关保险索赔的可能性. 此外, 记录这些控制可以让组织向网络保险公司证明，他们认为网络安全是头等大事, potentially increasing their ability to secure coverage.

For more risk management guidance, contact us today.

网络风险 & Liabilities document is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. ©2022 Zywave, Inc. 版权所有.