From Zero to Hero: Strengthening Security Defences with Zero-Trust and Cyber Insurance
David Keating
Group Sales Director, Cyber Security
As the technology landscape has expanded and evolved at lightning speed, so have cyber threats. In the face of these threats – which cover everything from phishing and social engineering to spyware and ransomware – businesses are having to completely re-evaluate their risk management strategies.
Enter cyber insurance, which emerged in the late 1990s as a safeguard against the developing and complex realm of cyber threats. In the two decades since its inception, cyber insurance has surged in popularity as organisations grapple with the escalating frequency and sophistication of cyberattacks.
Today, cyber insurance stands as a critical line of defence, providing financial protection and peace of mind in an era where data breaches and ransomware attacks have become the norm. For many businesses, it has become central to their risk mitigation strategy.
A report by insurer Munich Re predicts that the global cyber insurance market will grow to $22.5 billion in 2025 – almost double the 2022 market value. But because of the ever-changing nature of cyber threats and expanding attack surfaces, the insurance market has had to adapt.
We’re seeing how insurance firms are raising the bar for coverage. This includes increasing premiums, offering different tiers of coverage dependent on the quality of existing security controls, and introducing policies with sub-limits for specific attack vectors. The message from insurers to businesses is clear: if you want our protection, we need a demonstrable commitment to cyber security from you first – and many of your existing frameworks and technologies aren’t good enough.
It’s easy to write this off as just an effort by insurers to reduce their payouts, but businesses can benefit here, too. Implementing next-generation cyber security frameworks will offer unparalleled protection while also demonstrating a commitment to good cybersecurity practices. This is a surefire way for businesses to show insurers that they understand the current threat landscape, they’re taking proactive steps to protect their assets, and that they recognise cyber insurance is there to help bridge the security gap in unusual and unfortunate circumstances. That’s music to insurers’ ears, but ultimately, everyone benefits. Neither businesses nor cyber insurers actually want insurance claims to be filed.
Next-generation security frameworks
The insurance market is moving towards an emphasis on the quality of an organisation’s overall security posture. A Zero Trust approach can be the differentiator here.
While traditional perimeter security solutions that focus on north-south traffic are still an essential part of security infrastructures, there is also a need to protect east-west traffic – which makes up approximately 80% of the traffic on any network. Adopting a Zero Trust approach can help accomplish this. A Zero Trust approach refuses to trust any system or user, whether internal or external, on the corporate network. Unequivocal identification and authorisation are required. Always.
Crucially, Zero Trust is a framework rather than a product and encompasses several key security approaches, including Multi-Factor Authentication (MFA), Zero Trust Network Access (ZTNA), and Micro-Segmentation.
With Micro-Segmentation, IT teams can effectively divide their networks into segments and apply individual security controls to each segment based on a suite of preset policies. There are a few ways this can be accomplished. One way is to give every device on the network a role, and then enforce granular role-based access at the switch level across the data centre and edge. This can be achieved by using a solution like Clearpass from HPE Aruba, for example. A key advantage here is that the endpoint is untouched, with any new devices coming onto the network automatically included in the micro-segmentation scheme.
Another option is that organisations can also deploy tokens or agents on the devices that they want to protect with XShield/XProtect from Colortokens. With a token deployed, organisations can then define how traffic communicates with these devices. This micro-segmentation method is efficient and quick, ensuring that the most critical corporate resources are protected from the get-go. With these protective measures in place, organisations can then focus on securing other endpoint, legacy, and cloud-based resources.
Zero Trust and Micro-Segmentation - a match made in heaven!
Some insurance providers are pushing for businesses to adopt Zero Trust and Micro-Segmentation, recognising this as an effective preventative measure. If a business is able to contain an attack so that just a few devices – rather than an entire fleet – are affected, the financial and reputational damage is limited. Some insurance packages now even require segmentation for critical assets or endpoints before they’ll provide coverage to businesses, and it’s not difficult to see why.
At DataSolutions, we work closely with several key cybersecurity vendors, as well as MSSPs, sourcing and providing forward-thinking and innovative solutions to businesses and end-users. We always partner with the change-makers; in cybersecurity, that means the vendors at the forefront of next-generation technologies like Zero Trust.
Cyber insurance is key to an effective risk management strategy, but it cannot and should not work in a silo. When it does, businesses can expect to pay a much higher premium for their insurance. They may even find themselves prime targets for malicious actors looking to exploit vulnerabilities.
The guidance from the DataSolutions team is simple: implement the security controls and frameworks that will help keep critical assets secure, reduce operational downtime, and limit financial damage. In doing so, businesses will likely benefit from better insurance rates and ensure their business is well protected against devastating cyber-attacks.
You can also check out some Francis’ recent articles on our blog below.
