AXA XL | Low and no-cost cybersecurity actions for companies

November 25 2024

As a leading provider of cyber-insurance solutions, AXA XL has extensive, first-hand experience with cybercriminals’ methods for carrying out data breaches, ransomware attacks and phishing schemes. This, in turn, has given us insights into how companies can strengthen their defences, including preventive measures that can be implemented at no or minimal cost.

All companies are vulnerable
Companies that hold personal or proprietary data and/or have massive numbers of endpoints—e.g., laptops, smartphones, servers and IoT devices—usually recognise their vulnerabilities to cyberattacks. In response, many work with outside experts to implement the latest cybersecurity processes and tools to guard against increasingly sophisticated attacks.

But what about other companies, including small and medium-sized companies (SMEs), where these conditions don’t apply? Unfortunately, many mistakenly believe they are too small or insignificant to be targeted and have taken few, if any, steps to harden their defences and reduce their vulnerabilities. The data indicate that this belief is misplaced:

  • Close to half of all cyberattacks today target SMEs, regardless of the data they hold.
  • Around 60% of small companies are out of business within six months of a cyberattack.
  • The average cyberattack costs SMEs $200,000, including data losses, business downtime, recovery expenses and reputational damages.

The following highlights some relatively simple but effective measures companies can implement to thwart cyberattacks.

MFA everywhere
Multi-factor authentication (MFA) adds an extra layer of protection beyond passwords, significantly reducing the risk of unauthorised access. Even if a password is compromised, usually because a user has chosen a weak or reused password, MFA requires additional verification—for example, a code sent to a phone, a fingerprint or a security token—to grant access. It is much harder for attackers to breach accounts when multiple forms of authentication must be compromised.

Privileged access management
Privileged accounts, such as Domain Administrator or Service Accounts, require elevated permissions to access, modify and control critical systems and data. They are also prime targets for cybercriminals. Privileged access management (PAM) tools can help protect these accounts from intentional or accidental misuse by controlling who has privileged access and how it is used. PAM typically includes credential management, session recording and auditing to enhance security.

However, PAM tools are expensive and, as such clients may look to implement more manual controls to protect their administrative accounts:

  • Requiring complex passwords with a 25+ character length.
  • Rotating administrator credentials at least every 90 days.
  • Implementing Microsoft Local Admin Password Solution (LAPS) for Local Administrator accounts.
  • Denying interactive logins on service accounts where possible.

Set the EDR tool to block mode
Endpoint detection and response (EDR) systems monitor suspicious activity on endpoint devices like computers, servers and mobile devices. The systems also collect and analyse data to detect threats, assess security incidents and respond to potential breaches.

Many, although not all, EDR solutions come with a block mode feature that prevents malicious activities or behaviours in real time. When block mode is enabled, the EDR system detects and stops suspicious activity by quarantining files, terminating malicious processes or blocking specific network traffic. Enabling block mode enhances the EDR’s proactive security capabilities, allowing it to act autonomously to protect the system rather than just alert users or administrators to potential issues.

Network segmentation
Dividing a network into smaller, more manageable sections via Subnets or Virtual Local Area Networks (VLANs) limits intruders’ lateral movement. Each subnet or VLAN operates as a smaller network within the larger network, allowing administrators to control access, manage resources efficiently and reduce congestion. Thus, even if a threat actor gains access to one segment, e.g., through a compromised device, they can’t access other systems or data.

Segmenting a network isn’t technically challenging. The first step involves determining how many subnets or VLANs are needed, considering factors like departments, physical locations and network functions. Then, subnets and VLANs can be created by configuring the routers or switches based on the number of users/devices accessing each subnet.

Disable external RDP
Remote desktop protocol (RDP) is a Microsoft protocol that allows users to control and access another computer remotely. It is commonly used for remote work or troubleshooting. However, leaving RDP open to the internet poses a significant security risk, as threat actors have tools to scan for externally exposed RDP ports. When such exposed ports are located, attackers can launch brute-force attacks, gain unauthorised access or spread malware.

Disabling external RDP reduces the risk of external threats by ensuring that:

  • RDP connections are only allowed within the internal network, not from the internet.
  • Remote access is managed through more secure methods, such as VPNs with MFA or remote desktop gateways, which add layers of authentication and encryption.

In conclusion, considering the increasing frequency of attacks, the evolving threat landscape—including the use of AI to launch more sophisticated attacks—and the financial and reputational harms, companies today can’t afford to ignore the possibility of being targeted by cybercriminals. In this rapidly evolving landscape, a proactive approach to cybersecurity is not just a competitive advantage but a necessity. At the same time, experience shows that some low- or no-cost solutions—as outlined above—will significantly reduce the threats.

Sam Bye  

Head of Cyber, Asia & Middle East, AXA XL     
Partner Content