MFA mandatory if you have cyber insurance
Infosec experts say CISOs must add multifactor authentication for logins to better protect their organizations against credentials theft.
Last week we got to know the news that an insurance company is demanding their customers with cyber insurance policy to have a mandatory MFA in place, and the reason is insurers are tired of paying claims for data breaches and have toughened their requirements for coverage. At the end of last year, cyber insurers realized they had a loss ratio in cyber of 500 percent. That meant for every $100 in premiums they lost $500, and to make things worst, during 2021 we have seen an increase in malware, ransomware, phishing, and supply chain attacks, its been a year like no other, and with no surprise, according to *1 Pandemic impact report: Security leaders weigh in; CSO; employees worked from home at least 60% of the time. As of March 23rd, that number had climbed to 77.7%, an increase of 4.7-fold, for which the majority of the organization were not prepared.
Security teams are struggling to regain visibility in a super complex distributed environment containing multiple cloud providers, numerous branch offices, third party, remote workers, and SAAS applications. see the image Today’s Networks.
No wonder why It takes about 200 days on average for a company to detect a breach. Let’s be honest this design is super complex and the majority of organizations lack the visibility required to quickly detect the breaches and patch vulnerabilities.
If you can log into it over the Internet, you should protect it with more than a username and password.
We all would agree that today's networks need to be transformed to deliver tomorrow's business outcomes, and definitely, MFA is here to play a big role.
We need to secure everything, everywhere. Starting for remote logins, sensitive data and be able to detect compromised devices.
If your organization does not have MFA for all the users and applications you need to act quickly, many *2 Major Companies That Have Announced Employees Can Work Remotely Long Term; which will lead to more pressure on the insurer and by all means on customers. But that’s not all, *3 BILL C-11 if approved, would give a new data protection tribunal the ability to levy multi-million dollar fines under “the consumer privacy protection act”.
Did I catch your attention? I hope so… and in case you don’t know where to start, Duo gives you insight into the security posture of both corporate and personal devices used to connect to company applications and services.
Is a simple subscription model priced per user, billed annually, with no extra fees for new devices or applications, free authentication mobile app that users can download themselves, it provides a high availability configuration, disaster recovery, and data center management and it provides automatic application updates, with patch management, maintenance and lives support at no extra cost.
And the good part of this solution is that you try before you buy, helping you set up pilot programs before deploying it to your entire organization, with extensive documentation and knowledge articles to help guide you through the evaluation stage.
References1*https://www.csoonline.com/article/3535195/pandemic-impact-report-security-leaders-weigh-in.html
2*https://www.entrepreneur.com/article/354872
3*https://parl.ca/DocumentViewer/en/43-2/bill/C-11/first-reading