Don’t let your Cybersecurity make you uninsurable
January 12, 2023
We’ve become numb to the costs of cybersecurity breaches. Almost every week there is a new breach reported in the news, it’s beginning to feel impossible to stop them. Something important is changing that you must plan for… Insurance companies that help pick up the pieces are forming an opinion about how businesses should be protecting themselves in advance of a breach. You will need a solution that makes it simple to automate the configuration of all your network devices.
Data Security & Remediation
I’m new to the cybersecurity world. My background is data management so when I read statistics like a 37% increase in breached data sets between Q2 and Q3 in 2022 and that the average cost of a data breach is now almost 10 million dollars my first thought used to be “holy cow!”. This was quickly followed by a hope that these unfortunate folks have a strong data management and protection framework in place. Basically, a focus on recovery with a smattering of avoidance.
That mindset had evolved and been nurtured through previous lives as a systems and storage administrator where I’ve had the luxury of not needing to look past the firewalls. I will admit to having been a little frustrated with security teams who I thought were enforcing rules and requirements just to make my life harder.
Over the years though I began to understand (mostly through various sporting injuries) that avoiding something is far more preferable to even the easiest of recoveries. I finally came to appreciate the work of the security team, hence my move into the world of cybersecurity. Anyway, I digress…..
Cybercrime is increasing, insurance companies are responding
There is no doubt that cybercrime is on the rise. It is costing businesses a lot of money in downtime, compensation, and fines, but that’s what insurance is for right? As long as we can minimise the reputational damage from a serious data breach (and reputational damage is arguably the most damaging of all) then the business will survive because the insurance will cover us.
Well, that might be changing:
Cybercrime Will Become Uninsurable, Zurich Insurance CEO Warns
I’ll just leave that to settle for a moment…….
This is pretty significant. At best your premium will increase (if it hasn’t already), at worst you just won’t get coverage.
If your safety net is ripped out from under you, would your business survive a cyber-attack that costs millions?
Network Security Compliance and Automation
As cybersecurity insurance evolves you will face higher expectations and more scrutiny around how you manage your infrastructure. The insurance companies will have their own minimum requirements, and it’ll be up to companies to prove they were responsible before insurance coverage kicks in.
The article above cites automated and frequent software patching as a key requirement, but there are many other areas where companies can be exposed. For example:
- A poorly maintained inventory leading to old and vulnerable hardware remaining in service longer than it should.
- Inconsistent configurations that do not follow, or are not regularly checked against, best practice leading to configuration drift.
- Human error leading to unchanged passwords, open ports, or security features like two factor authentication not being enabled.
BackBox is a leader in network automation. We help companies remove complexity from mundane error-prone management tasks to help save time, money, and resources while enabling a more resilient network. In short, through elegant and simple to use automation we can help you demonstrate your compliance to security standards which in turn might lead to your insurance company going easy on the premiums.
3 Pillars of Trust
At BackBox we support over 180 device vendors, any deployment model, and can get you up and running quickly. We offer peace of mind with three key pillars of capability:
Trusted backups. You need to have confidence that you can restore your infrastructure device(s) to a known good configuration quickly without fuss. David Bressler talks more about this in his post 3 Must Haves for a Reliable Backup.
As part of your avoidance strategy, we will compare backups and alert you should things change, like the size of your backup.
Dynamic asset management. A regularly updated single source of truth for all your network and security asset information, which can be used to build customised reports that meet the needs of your business. New devices can be automatically discovered with rules to determine how they are handled. This is particularly useful if you are a Service Provider managing customers with dynamic or growing environments.
Using our API we can populate any third party inventory repository. To learn more, register for our upcoming Webinar on February 2nd.
Security & Compliance. Fully customisable and automated checks to ensure devices are secure and compliant with operational best practice. If you choose, we can auto-remediate discrepancies that are found. We have a growing library of thousands of pre-built checks that cover things like CIS best practice recommendations. Our customer support organization can help customise existing checks to your needs or create new ones.
Service Provider Friendly
Finally, because BackBox was built with Service Providers in mind we can do all of these things at scale in a multi-tenant model, with levels of automation that will free up your important resources to do other things, and an API that allows integration into your CRM tools and provisioning/orchestration platforms.
If you’d like to learn more let’s get together for a custom demo soon.