By Bim Jinadasa, Legal Sector Lead, BlueFort Security
Cyber insurance is one of the fastest growing areas of insurance due to the increasing number and frequency of cyber attacks, plus the availability of new tools that allow insurers to better understand cyber risk.
Buying a brand-new insurance policy or renewing an existing one is unlikely to be on the top of anyone’s ‘Excited to Do’ list. Frankly, it’s what I’d call a distress purchase. It’s not something we want to spend money on – but it has to be done. Wading through pages of terms and conditions, ensuring all the boxes are ticked and you’re in scope of what the insurer will cover, can seem a mammoth undertaking.
Legal firms firmly in the cyber criminals’ scope
Given the high volume of sensitive data they handle, legal firms are a prime target for cyber criminals and could face significant financial and reputational risk if breached. A report by chartered accountants Lubbock Fine, published in August last year, found that the number of successful cyber attacks against UK law firms rose by 77% in the previous 12 months. The figure given was 954 attacks reported, against 538 the year before.
Another report by technology researcher Comparitech, found that law firms had paid off ransomware hackers on at least eight known occasions in the past year. The report identified 138 individual ransomware attacks on the legal sector, with nearly 3 million records compromised. The report also found that globally, the UK is the second biggest reporter of ransomware attacks on the legal sector, behind the US.
Proving due diligence for the underwriters
Before being accepted for cyber insurance, a prerequisite imposed by many providers is that an organisation must provide evidence that robust cybersecurity processes are in place, including common security controls, compliance with industry regulations, regular risk assessments, an established user awareness training program, and more. Oh, and don’t forget you’ll need to demonstrate that you’ve got a fully-baked incident response plan in place. As I implied earlier, that’s a lot of boxes to tick.
Identity – the cornerstone of many attacks
Identity has been recorded as the number one cyber attack vector. According to recent statistics, three out of every four attacks now rely on valid credentials rather than malicious software. And stolen credentials have been implicated in 80% of breaches in the past year.
Active Directory increasingly the way in
Microsoft Active Directory (AD) is widely used around the world as the cornerstone of digital identity, and the primary means of authentication and authorisation for nearly a billion users. Given its deep integration into critical business operations, AD is an increasingly attractive target for threat actors. The fifth annual Microsoft Digital Defence Report found that half of organisations relying on AD have experienced an attack in the past two years, contributing to a 2.75% increase in ransomware attacks year on year.
Take an AD hygiene test
One of the aspects of working within cyber that continues to surprise me, is the number of CISOs and security teams that mistakenly think they have full visibility of their AD domain. In the vast majority of cases, the reality couldn’t be further from the truth. Having a real-time, accurate view of what’s what, who’s who, and how those identities (both human and service accounts) behave within your infrastructure, lies at the heart of any robust cyber security program. It’s only by having this visibility that controls can then be put in place.
Real-world (anonymised) example
At BlueFort we are privileged to be working alongside an award-winning, hugely successful UK law firm. Its cyber insurance policy came up for renewal, and as one would expect, it was looking for ways to keep the premiums at a reasonable level. (As an aside, a recent Financial Times article wrote that retail cyber insurance premiums are expected to rise by as much as 10% in the coming months, and I’d anticipate that rise will apply across the board.) One of the tick boxes outlined by the insurance provider was for the firm to demonstrate the security of its Active Directory domain, specifically looking at MFA, privilege accounts, service accounts, and shadow IT usage.
Utilising the platform from our trusted technology partner Silverfort, our technical team ran an assessment which provided a complete overview of the firm’s Active Directory domain. This showed all the human and service accounts that were in the directory, including those that had privileged access. It also highlighted a significant number of accounts that were no longer in use – a classic cyber risk. Perhaps most worrying of all was that the Silverfort platform showed that authentication protocol in place was outdated and did not support MFA, a key tool in the fight against digital identity crime.
The moral of the story
Needless to say, there was a bigger piece of remedial work that our technical team needed to deliver than was initially anticipated. The point is this: security teams might think they know what’s going on within their IT infrastructure, but the reality is that many do not. The not knowing means they are exposing their organisation to serious risk – both from a reputational and financial aspect.
Free identity risk assessment
If you’re curious as to what’s really going on within your Active Directory environment, and you’d like to proactively identify vulnerabilities and threats related to digital identities including unauthorised access, data breaches, identity theft, and insider threats, why not sign up for a free assessment. This will undoubtedly help mitigate risks, safeguard sensitive information, maintain compliance with regulations, and in turn protect your reputation and operations from cyber attacks.
The resulting report will highlight the potential risks associated with digital identities within your organisation’s network, systems, and applications. The assessment is (typically) a two-week remote engagement conducted alongside your Active Directory infrastructure, across all digital platforms, including internal networks.
Want to know more? Get in touch!
