143 million people. Nearly half the US population and the majority of the adult population. That’s the number of individuals who may have had some very personal information, such as social security numbers, birthdays, addresses, and in some cases, driver's license numbers, exposed in a highly publicized recent data breach.
Recently, a grocery chain, a major consulting firm, a fast food drive in restaurant and the Security Exchange Commission (SEC) suffered a breach in some capacity. A running list of data breaches can be found on .
The reality is, tomorrow, another company will suffer a breach and join the list. And then likely another the day after that. After all, last year alone, there were some 4,149 confirmed breaches which exposed more than 4.2 billion records. Why does this keep happening? What can we be doing to better protect ourselves and our businesses?
Patch Preparedness
One lesson learned in a recent breach is that complacency can create holes in any company’s cyber security efforts. That’s why technology companies are always on the lookout to pinpoint vulnerabilities in their software and when they find one, develop an appropriate solution to ‘patch’ up the problem. A patch is a piece of software designed to update a program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs.
This October marks the 14-year anniversary of Microsoft’s launch of Patch Tuesday. Patch Tuesday is an unofficial term used to refer to when Microsoft regularly releases security patches for its software products. Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.
For any company, properly applying software updates and patches is a critical cyber security precaution. The practice of regularly and consistently patching software, in a timely manner, removes some of the vulnerabilities that cybercriminals target.
Looking for an ‘In’
In order to take advantage of such vulnerabilities, cybercriminals are always looking for an “in,” an open door or opportunity to access a network. Given the growing number of network-connected devices, they often have an ample choice of ‘endpoints’ to gain access. Nearly 90% of breaches occur at the endpoint.
An endpoint is any Internet-capable computer hardware device on a computer network. An endpoint could be a desktop computer, laptop, smart phone, tablet, printer or other specialized hardware such as a Point of Sale (POS) terminal. Each device creates a potential entry point for security threats. Endpoint security refers to the software and configuration of an endpoint to limit its exposure and the possibility of it being exploited.
To help our clients develop stronger endpoint security, XL Catlin recently announced a partnership with Clarium (a market-leading provider of end-to-end cyber security solutions) and Palo Alto Networks to provide XL Catlin’s cyber and technology insurance clients with a 90-day trial of security as a service solution. This solution consists of free access to Traps™, an endpoint protection service and security operations solutions through Clarium. Traps™ completely replaces any current, conventional antivirus program a company is running. At the end of the 90-day free trial period, the insured can elect to subscribe to the Clarium and Palo Alto offering for a 50% discount for 2 years. The fee includes enterprise level endpoint protection, 24/7 monitoring, compliance reporting and threat hunting with industry leading behavioral analysis programs.
Access to such services is particularly beneficial to small and midsize businesses who recognize they have cyber risks but may not have the resources or full-time need for an entire cybersecurity department.
The practice of regularly and consistently patching software, in a timely manner, removes some of the vulnerabilities that cybercriminals target.
Added Security Manpower
Given increased vulnerability to hacking attempts, many companies are scrambling to hire Chief Information Security Officers (CISOs) to not only manage the cyber risks facing the company, develop strong cyber security programs like patch management and endpoint security protection and, in many cases, educate senior leaders and its Board of Directors about the cyber risks facing the company. The demand for such professionals continues to grow.
Small and medium-sized firms however may not have the luxury or budget to hire a dedicated CISO, but their cyber risks are no less significant. According to FireEye, one of XL Catlin’s breach response partners, over 77% of all cybercrimes target small and midsize enterprises (SMEs). Yet, according to FireEye, research shows 42% of small and midsize businesses don’t see cybercrime as a risk.
When an attack occurs and information is compromised, a timely and effective response is critical. Knowing where to go for the right help is equally critical. That’s why my team at XL Catlin has continued to build alliances with market-leading breach response providers to give our clients access to the most comprehensive cyber response network available in our industry.
Our Network gives our cyber insurance clients more choices and greater flexibility, allowing them to choose expertise that best suits their needs. The Network includes computer forensics; data breach notification and credit monitoring providers, legal counsel and public relations firms to help our clients navigate sensitive breach situations expeditiously. A 24/7 hotline staffed by XL Catlin's expert cyber claims team directs clients to a wide network of prequalified breach response services, with negotiated rates.
Celebrating Cyber Security Awareness Month
Most agree -- organizations that prepare for a cyber event suffer less financial and reputational loss than organizations with no preparation. While we see almost daily reminders in the news of why cyber security is an imperative for any size company, commemorative months National Cyber Security Awareness Month, celebrated each October, provide all of us with added opportunity to boost their attention to cyber security. According to the Department of Homeland Security, this commemorative month was designed to engage and educate public and private sector partners through events and initiatives that raise awareness of the importance of cybersecurity and provides tools and resources needed to stay safe online. The Department of Homeland Security, the , and many others offer a variety of resources to help.
Let’s take the initiative to boost cyber security efforts before cybercriminals take the initiative.
About the Author
With more than 15 years of IT experience, Sean Donahue is a Cyber & Technology underwriter with XL Catlin. He can be reached at sean.donahue@xlcatlin.com
