Controls to Prevent Cyber Insurance Claims

Tips to mitigate BEC and ransomware attacks.

Elmore has partnered with Asceris, a cyber security consultancy, to highlight the two main causes of cyber insurance claims:

Business Email Compromise (BEC)
Enables attackers to steal funds via social engineering.

Ransomware Attacks
Encrypting business data until a ransom is paid to unlock it.

There are two ACTIONS every business MUST TAKE:

  1. Deploy multi-factor authentication (MFA) wherever possible (across all software applications and services) to prevent threat actors from gaining unauthorised access with only a username and password. Use hardware tokens for privileged accounts to mitigate risks associated with phishing kits bypassing MFA.
  2. Develop a patch management programme with your IT provider to make sure that your systems are constantly updated and decommission systems promptly when they are removed from active use.

Tips to mitigate a BEC attack:

Please forward the following recommendations to your IT team or IT provider and request they confirm each of therecommendations is implemented.

  1. Limit access to only approved or enrolled devices (especially for high-risk accounts). Consider the use of physical hardware authentication such as a FIDO2 security key.

  2. Use number matching and additional context in Microsoft 365 for multi-factor authentication notifications. The additional context features display the name of the application signing in and the user’s location.
  3. Prevent users from linking unverified web applications with their email accounts (in Microsoft 365, block third-party consent grants).
  4. Prevent email spoofing by implementing the most widely used email authentication methods (SPF, DKIM and DMARC) to limit threat actors’ ability to forge phishing and fraudulent emails.
  5. Capture and retain logging information to help detect and respond to attacker behaviour.
  6. Use custom company branding on sign-in pages so that your users are more likely to differentiate between a normal and a fake login experience.
  7. Reduce the sign-in frequency setting to limit the amount of time that a threat actor would have access to a compromised account in the event of an incident.
  8. Block direct sign-ins to shared mailboxes which, by default, are permitted.
  9. Reduce the risk of MFA fatigue attacks by enabling the fraud alert feature of Azure Active Directory to allow users to report fraudulent MFA push notifications and block the account.
  10. Implement cyber and phishing awareness training to help staff to recognise and combat cyber threats, particularly phishing attacks (where fraudsters often masquerade as trusted parties). Social engineering using spoofed domains of trusted contacts provides the threat actor with a human entry vector into the environment by manipulating an employee.

Garder vos données en sécurité

Nous prenons la cybersécurité très au sérieux et sommes l'un des rares cabinets du secteur de l'assurance à être certifié Les cyberessentiels. Ces contrôles peuvent réduire considérablement le risque de cyberattaques non qualifiées, mais généralisées.