Global insurance broker Marsh has published the latest edition of its four-part cyber resilience report, exploring how cybersecurity controls can help organisations improve their cybersecurity as they expect more cyberattacks amid the conflict between Ukraine and Russia and the persistence of the COVID-19 pandemic.
The four-part series identifies 12 cybersecurity controls and their characteristics and requirements. In the latest edition, Marsh focused on:
- Incident response plans
According to the report, incident response plans document a “predetermined set of instructions or procedures to detect, respond to, and limit the consequences of a malicious cyberattack against an organisation's information systems.”
Marsh explained that an up-to-date incident response plan and a trained team provide efficiency, speed, and quality in response to cyber incidents. Moreover, combining a holistic organisational approach to cybersecurity controls with the implementation of appropriate technical controls and incident and disaster recovery will significantly help mitigate the impacts of a cyber event on operations and an organisation's reputation.
- Cybersecurity awareness training
Even if organisations have advanced IT security, human factors such as workload, stress, lack of skillset, the increased use of the hybrid working model, and basic human nature might lead to human error. Therefore, cybersecurity awareness training may help organisations establish a secure culture, make people part of the cybersecurity program, and protect themselves from the impacts of a possible cyber incident, the report said.
- Remote desktop protocol (RDP) mitigation and other hardening techniques
Hardening is the process of applying security configurations to system components, including servers, applications, operating systems, databases, and security and network devices, aligning with best practices.
Marsh said the process enables organisations to minimise their attack surface by disabling unused or insecure devices, mitigating vulnerabilities, and improving weak configurations that malicious actors could use to compromise systems.
- Logging and monitoring
Marsh's report said adequate logging configuration on organisations' main systems and applications – along with appropriate tools to collect, correlate, and alert in case of a situation, as well as a team that will analyse and act in case of a situation – may help identify any suspicious activity that may indicate a potential attack in progress promptly and could trigger cyber incident response plan.
- Replacement or protection of end-of-life (EOL) systems
EOL or end-of-support (EOS) products prevent users from receiving updates and create risk because the vendor no longer offers patches and other forms of security support. Therefore, Marsh advised organisations to stop using obsolete products and replace or update them with a newer solution that continues to provide support.
- Digital supply chain cyber risk management
According to Marsh's report, the digital supply chain includes all IT and operational service providers that deliver digital services. Cyber criminals use these digital supply chains as a mechanism for cyberattacks, particularly third-party software supply chain components. Hence, this control protects cyber risk heritage from digital suppliers by a set of activities focusing on analysing, managing, and responding to the cyber risk.
The previous Marsh cyber resilience reports focused on:
- Privileged access management (PAM);
- Endpoint detection and response (EDR);
- Patch and vulnerability management;
- Multifactor authentication (MFA) for remote access and privileged or administrator access;
- Email filtering and web security; and
- Secure, encrypted, and tested backups.