Cybersecurity Business Policies Moved Forward in 2022 But Need to Improve
There have been several positive developments with cybersecurity business policies and overall increased awareness by businesses in 2022, especialy with malware attacks becoming more sophisticated. IT departments are gaining knowledge of new attack vectors and executive management is more engaged around cybersecurity tools and policies, such as a Zero Trust Framework. However, these business developments are moving too slowly — hence the reason for cybersecurity awareness month.
According to the 2022 State of Ransomware Preparedness Report that was released by risk management company Axio in October 2022, it showed “only 30% of surveyed organizations had a ransomware-specific playbook, and active phishing training has improved but is still not practiced by 40% of organizations.” The report went on to say that the 2022 findings are strikingly similar to what they saw in 2021.
Many of the basic cybersecurity practices in the report have received a good deal of attention in 2022, such as increased monitoring and defending networks, managing privileged access, improving cyber hygiene, managing ransomware incidents, and improving cybersecurity training and awareness, to name a few.
Addressing Cyber Awareness Training for Employees
During cybersecurity awareness month at ArcherPoint, we addressed cyber awareness training and some of the trends via “Increased Cyber Awareness Training is Essential for Best of Breed Companies.” Many leading companies are addressing cyber awareness during onboarding and emphasizing continuous cybersecurity training as essential practices to protect your company. ArcherPoint’s Chris Ross points out “IT security policies are evolving, and education and training are essential for employees to understand the new normal, such as adding a security key to enforce multi-factor authentication so an employee can access a document in a diner or café.”
Onboarding training is a great opportunity to make a strong impression with new employees when it comes to password security, phishing exploits, and opportunities for malware from outside Wi-Fi networks.
Moreover, employees must be educated that security relies on them and it’s 24/7 endeavor, be it a strange email attachment or spoofed company communication. To help employees, IT departments are employing restrictive policies to users and the import of an informed employee is starting to take hold.
As Ross says, “the messaging of confidentiality, integrity, and availability are key concepts that employees need to understand innately and the best way to reinforce this is with continuous cyber awareness training.”
Unpacking Cyber Insurance and What It Can Do for Companies
As the recent Axio survey shows, many companies are not ready for an attack and the aftermath. And this can be fatal. Many small-to-medium sized businesses can ultimately fail due to the response immediately after the attack, not so much the ransom amount. Cyber insurance provides support and resources for data restoration and the ability to outsource a communications campaign, so customers can be fully aware.
Cyber insurance policies provide a wide range of critical services after a cyber attack, such as legal expenses, IT forensics, data restoration, public relations, breach notification to customers, and much more.
One trend that has emerged in the cyber insurance arena is increased requirements for businesses. “Coverage isn’t as easy to get as it used to be,” said Iliana Peters, attorney at Polsinelli PC. “Before they offer or renew a policy, insurers are requiring a lot more from businesses.”
To qualify, insurers are requiring strong password protection policies, cyber awareness training for employees, strict user permissions, data backup strategies, continuous system software updates and endpoint security management.
Simplifying Cyber Insurance
ArcherPoint offers cyber insurance qualification assistance to help expedite the qualification process for cyber insurance. Our services include examining your current cybersecurity policies, such as data security backups, encryption, network protocols, and cybersecurity training for employees. Contact us to move forward with your cybersecurity defenses.