Many companies have realized that cyber-attacks are no longer just an unlikely fear, but rather, a probable event. As a result, they are insuring themselves against them in order to mitigate the potential mass losses and expenses that can be associated with them.
According to IBM Security’s Cost of a Data Breach Report, “the average total cost of a data breach increased by nearly 10% year over year, the largest single-year cost increase in the last seven years.”
Yet, despite increased spending on cybersecurity – nearly $134 billion last year – data breaches cost companies an average of $3.86 million per incident. And that’s just for standard companies. The number rises steeply for those in heavily regulated industries and those dealing with sensitive personally identifiable information (PII).
Let’s talk coverage
So, what exactly are we talking about? Of course, every cyber insurance policy is a little different, but for the most part, they commonly address costs associated with:
- Operational disruption
- Data loss or destruction
- Incident response and investigation
- Crisis management
- Ransomware payments or other extortion demands
- Legal expenses and defense
…all of which can be extremely costly, to say the least.
Now that the risks are clear, everyone’s getting insured right? Wrong.
Cybersecurity insurance providers are smart, and more importantly, they know how to hold onto their money. As a result, they have now mandated that multi-factor authentication (MFA) must be in place as a base requirement to receive coverage from a cyberattack.
In short – NO MFA, no coverage.
Multi-factor authentication reduces risk
MFA was developed from the get-go to add more security checks to the login process. In other words, users wishing to gain access to something, need to submit additional information to verify their identity before they are allowed ‘in’.
The benefits of this are twofold: 1) More login proof points mean that businesses can better prove that someone is who they say they are and 2) if the person isn’t who they say they are, it’ll be that much harder for them to get in.
To simplify: Think of MFA like a bouncer at a club. Before you get in, he wants to know who you know, if your name is on the list and, if you’ve got the secret password.
Here are some classic MFA examples:
- Something you know: A “knowledge factor” like a password
- Something you have: A “possession factor” like a phone or security key
- Something you are: An “inherence factor” like biometrics
This way, even if a password is stolen, an attacker won’t be able to access whatever he is trying to access, without all the required factors.
The MFA mandate is a smart move given that the U.S. cyber insurance market had an average combined loss ratio of 103% last year. And that was before the SolarWinds attack fallout. By requiring MFA, cyber insurers drastically cut their exposure. Verizon’s 2021 Data Breach Investigation Report found that credentials are the #1 data type stolen and that hacked credentials lead to 61% of all breaches.
Credentials like passwords and other shared secrets are also the top entry vector for ransomware, which accounted for nearly half of cyber insurance claims last year.
In a nutshell:
MFA makes it much more challenging for attackers to gain access to a system and unleash ransomware or other types of malware.
So, it’s clear, cybersecurity insurance requires MFA. That must mean that most businesses are getting it. Right? Wrong again.
This is large because integrating MFA to corporate applications and services is complex, especially for non-web and thick/fat applications, which are not naturally compatible with MFA.
Until now, that is.
ZoneZero® is an Identity-based Zero Trust solution that uniquely enables customers to easily integrate and deploy a centralized MFA solution (Synchronic MFA, Push messaging, Biometric, instant messaging, REST API) and identity awareness for all access points, endpoints, corporate applications, both web, and non-web.
This makes MFA much easier to implement, enabling companies to get their insurance needs covered. Pun intended.
The first-ever solution to fully integrate MFA Concepts for internal network users, with ZoneZero®, organizations reap all the benefits of MFA for all applications with zero disruption to existing infrastructures and no loss of initial investment. ZoneZero® provides identity-based segmentation and MFA for any and every internal application for secure access control, non-web protocols, and legacy infrastructure. With ZoneZero®, organizations can easily integrate MFA and continuous identity verification for all applications.
Multifactor authentication is a simple solution for deterring cyber-attacks and their consequences. Microsoft states that MFA can block over 99.9% of account compromise attacks. Given that password habits are generally not good among most people, this extra security measure is one that’s well worth considering.
The costs of a successful cyber-attack are far-reaching: For example, fraudulent wire transfer requests, redirecting funds (like payroll funds) or company goods to their own financial accounts, exposing corporate data or personally identifiable information of customers and employees, or deploying ransomware. The list goes on. And on.
Covid 19 and the new Work from Home (WFH) trend have only exacerbated the cyber risk due to VPNs trying to keep up with entirely new levels of simultaneous access. And hackers are upping the ante. Threats such as brute force attacks are on the rise (systematical attempts at all username and password combinations).
To date, MFA adoption is up 12% from 2018 to 2019, but still, only 57% of businesses are doing it.
This is large because businesses feel like they have to choose between user experience or security.
Safe T’s ZoneZero® changes all that.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Safe-T® Group Ltd.
Safe-T Group Ltd. (Nasdaq, TASE: SFET) is a provider of Zero Trust Access solutions which mitigate attacks on enterprises’ business-critical services and sensitive data, while ensuring uninterrupted business continuity. Safe-T’s cloud and on-premises solutions ensure that an organization’s access use cases, whether into the organization or from the organization out to the internet, are secured according to the “validate first, access later” philosophy of Zero Trust. This means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network or in the cloud.
Safe-T’s wide range of access solutions reduce organizations’ attack surface and improve their ability to defend against modern cyberthreats. As an additional layer of security, our integrated business-grade global proxy solution cloud service enables smooth and efficient traffic flow, interruption-free service, unlimited concurrent connections, instant scaling and simple integration with our services.
With Safe-T’s patented reverse-access technology and proprietary routing technology, organizations of all size and type can secure their data, services and networks against internal and external threats.