Cyber insurance is one method to improve cyber resilience when experiencing a threat, as it can help reduce the costs on your organisation. However, cyber insurers have increased their premiums in recent years following increased attacks. Honan Group, an insurance broker, highlighted an 80% increase in premiums over just one year, following a 20% annual increase in preceding years. For the 2024 period, recon reduced its cyber insurance by over 50% whilst increasing its coverage two-fold. We achieved this through strong controls, policies, procedures, and, most importantly, our external attack surface score.
First and third-party cyber insurance has become mandatory for businesses today. This is due to the increasing risks of data loss within a company (malicious or unintentional) and the use of data sets to identify and profile users. If your organisation is applying for insurance, there are several activities that insurers will perform to validate your current security posture, such as understanding your security controls, incident response and business continuity, your company’s size and your external attack surfaces.
Top 5 sectors reporting ransomware-related incidents in FY 2022–23
What is attack surface management?
Attack surface management involves identifying, analysing, and controlling the digital points where an unauthorised user can access a system or data. Effectively managing the attack surface enables organisations to significantly reduce the risk of cyber-attacks and ensure their networks and data remain secure against potential vulnerabilities.
The attack surface of an organisation comprises various entry points:
- Known assets: These include entry points into your company’s network, including official software, company-issued devices, and registered networks. While your business will typically monitor these assets, you still must complete regular assessments to remain secure.
- Unknown assets: These include unauthorised entry points created when employees connect personal devices or use unsanctioned software and applications. These assets are particularly risky as they bypass standard security measures and are not usually subject to regular monitoring or maintenance.
- Third-party access: This includes networks and systems accessed by partner companies or external vendors. These entry points can become vulnerabilities if third parties do not have stringent security measures, making it essential to evaluate and monitor the security practices of all external partners.
Securing your organisation requires complete visibility over the entire attack surface. Your company will need a comprehensive understanding of all devices, applications, and systems connected to the network.
What does attack surface management cover?
Good attack surface management starts with identifying assets connected to the organisation, understanding how they fit into its context, remediating them and conducting continuous monitoring. Here is a breakdown of the process:
Good attack surface management starts with identifying the points of entry into your organisation. What you need is as much data as possible on your attack surface. Through asset discovery, your organisation can effectively identify and catalogue all IT assets, authorise every network component, and remain compliant with established security policies.
A critical aspect of this is addressing Shadow IT, which involves individuals using unauthorised IT systems, software, and services. This practice is more prevalent than many realise; for example, the security firm KnowBe4 found that 32% of users in Oceania report using unauthorised cloud services as common practice in their companies.
Contextualising and prioritising vulnerabilities
After identifying assets, your organisation must analyse them against its risk profile and compliance requirements, recognising that not every asset carries the same level of risk. For example, a device accessing sensitive financial data poses a higher risk than a staff intranet page with non-sensitive information. Consequently, organisations should prioritise vulnerabilities based on their potential impact and the likelihood of exploitation, focusing first on high-risk, easily exploitable vulnerabilities that could severely affect operations. The organisation can address less critical issues in a more measured timeframe.
Remediating vulnerabilities and reducing exposures involves regularly scanning for and identifying security weaknesses in the IT infrastructure, followed by prompt and effective action to address them. Vulnerability management not only patches weaknesses but also includes updating systems and software, enforcing security policies, and educating staff about security best practices. Organisations can significantly reduce their exposure to cyber threats by regularly identifying and addressing these vulnerabilities.
Regularly monitoring the attack surface
Continuous security monitoring identifies and addresses potential security threats in real time. Ongoing surveillance allows immediate detection of unusual activities or vulnerabilities, enabling prompt response to potential threats. By maintaining constant vigilance over the network, continuous monitoring significantly enhances a company’s security stance by identifying and mitigating threats before they escalate into serious breaches.
How do these measures reduce cyber insurance premiums?
Good attack surface management is a proactive approach to enhancing your company’s cyber security. This proactivity is not only a sound practice for strengthening your organisation; it is also good practice to reduce your cyber insurance premiums.
A strong security posture demonstrated through effective external attack surface management can lead to more favourable risk evaluations and potentially lower cyber insurance premiums. Insurers will often use passive scanning methods when assessing your attack surface management. These methods evaluate the effectiveness of patching and management functions and monitor the attack surface risk over time, providing insurers with insights into the company’s adherence to good security practices.
Attack surface management can help your organisation reduce cyber insurance premiums. It encompasses thoroughly understanding and managing all potential entry points – known assets, unknown assets, and third-party access – within your company’s network. Organisations can reduce their cyber insurance premiums by implementing a comprehensive approach that includes asset discovery, contextualising and prioritising vulnerabilities, remediating them, and monitoring new vulnerabilities.
In essence, good attack surface management gives your business a proactive approach to cyber security, reducing the likelihood of breaches and making it easier to obtain more favourable premiums from cyber insurers.
Reduce your attack surface with recon
recon’s managed services can implement good attack surface management for your organisation. We understand that cyber security requires specialists that you may not always have the resources to bring in-house. Our services bring world-class cyber knowledge and skills to your enterprise, removing the risk of single points of failure and reducing overheads.
Our service provides end-to-end, market-leading cyber security expertise to enhance and protect your company’s digital assets. We manage your attack surface by identifying the assets connected to your organisation, remediating them and providing continuous monitoring. Visit our Managed Services page to start your journey.