As threat actors bring new sophistication to their techniques and adapt to improved cybersecurity efforts, more and more companies will realize they can no longer count on the default configuration of off-the-shelf IT solutions and tools like PaaS or SaaS.
Technology providers respond to changes in the threat landscape by adding or enhancing security functionalities all the time, but those features are often not turned on by default. Organisations need to stay on top of security enhancements in the products they use, so they can enable and properly configure these security features. If users just stick with the default configuration, they will be left unprotected.
In 2023, more organisations will come to realize that default / off-the-shelf configuration is no longer enough – they must fine tune. Businesses that are working with an MSP must also talk to their provider to make sure that they're implementing the right controls and make that part of vetting and managing their MSP relationship.
The success or failure of a threat actor comes down to security hygiene. If an organisation makes it harder for threat actors at every step, they might eventually give up and move on to target less-protected victims. At a minimum, organizations should have basic controls in place to block commonly used initial attack vectors, including phishing, stolen credentials, and other exposed vulnerabilities. After this important first step, robust controls that lessen privilege escalation, lateral movement, and exfiltration are ideal.
As security trends evolve, underwriting questions are also evolving. Using tools like our View of Risk, Beazley continuously helps our insureds to identity and address areas where we see an opportunity for them to optimize their controls.
La información contenida en este sitio web pretende ser información general sobre gestión de riesgos. Beazley no presta servicios o asesoramiento jurídico ninguno con dicha información. No debe interpretarse como asesoramiento jurídico y no pretende sustituir la consulta con un abogado o experto jurídico. Aunque se ha tenido un cuidado razonable en la preparación de la información expuesta en esta comunicación, Beazley no acepta responsabilidad alguna por los errores que pueda contener ni por las pérdidas presuntamente atribuibles a esta información. Los productos y servicios no relacionados con seguros son proporcionados por filiales de Beazley que no son compañías de seguros y por terceros independientes. Pueden aplicarse términos y condiciones independientes.
As security trends evolve, underwriting questions are also evolving. Using tools like our View of Risk, Beazley continuously helps our insureds to identity and address areas where we see an opportunity for them to optimize their controls.
