Our Q2 2023 Cybersecurity Risks & Trends feature covers the topics of mobile device security, the potential of a federal cyber insurance backstop, and how to manage cyber risks in a down economy:
Ensuring Mobile Device Security
The consequences of mobile device security breaches can devastate an organization, potentially resulting in a loss of profits, data, reputation and compliance. To minimize mobile device security threats, organizations can take the following precautions:
- Train employees. Cybersecurity awareness training can help employees combat scams by teaching them to identify telltale signs of cyberattacks, avoid insecure Wi-Fi networks and keep their devices’ software up to date.
- Install a virtual private network (VPN). A VPN connection disguises online data traffic and protects it from external access. Unencrypted data can be viewed by anyone with network access, but a VPN restricts cybercriminals from deciphering data.
- Install zero-trust-enabled applications. A zero-trust security model evaluates access requests based on predefined controls. Installing zero-trust-enabled applications can reduce cybersecurity risks by restricting access to applications that aren’t permitted.
- Turn on user authentication. User authentication on mobile devices verifies a user’s identity through one or more authentication methods, such as passwords of VPNs, to ensure secure access.
- Leverage bring-your-own-device (BYOD) policies. Companies should implement BYOD policies when allowing or requiring employees to use their personal devices for work-related activities. BYOD policies should address which devices are permitted and outline security requirements.
- Back up mobile data regularly. Regularly backing up data can help companies recover it in the event a mobile device is lost, stolen, or otherwise compromised.
As mobile devices become increasingly utilized for work-related activities, companies must remain vigilant in their cybersecurity efforts to mitigate associated risks.
White House Cyber Strategy Introduces Federal Cyber Insurance Backstop
President Biden’s administration recently highlighted the potential of a federal cyber insurance backstop as a key objective of its long-awaited national cybersecurity strategy and a push to hold software manufacturers accountable for vulnerabilities in their products. The 39-page strategy document outlines the Biden administration’s five pillars for improving the nation’s resilience against cyberattacks. These pillars include defending critical infrastructure; disrupting threat actors; increasing accountability for secure products and software; investing more in cybersecurity and “smart” technology at the federal level; and pursuing international partnerships to promote security. Examination of federal cyber insurance backstop mechanisms falls under the third pillar, with the administration acknowledging the government’s responsibilities after catastrophic events.
“The president’s strategy fundamentally reimagines America’s cyber social contract,” Acting National Cyber Director Kemba Walden said during a press briefing. “It will rebalance the responsibility for managing cyber risk onto those who are most able to bear it.”
Walden added, “We ask individuals, small businesses and local governments to shoulder a significant burden for defending us all. This isn’t just unfair; it’s ineffective. The biggest, most capable and best-positioned actors in our digital ecosystem can and should shoulder a greater share of the burden for managing cyber risk and keeping us all safe.”
Managing Cyber Risks in a Down Economy
Amid widespread inflation issues and rising interest rates, financial experts have forecasted that the United States will enter a recession— a prolonged and pervasive reduction in economic activity— in the near future. During a recession, businesses usually experience decreased sales and profit margins stemming from changing consumer behaviors, prompting them to reduce spending to avoid issues such as bankruptcy. Furthermore, a down economy can also create heightened cybersecurity risks. In particular, an economic downturn can result in businesses of all sizes and sectors facing limited IT spending capabilities, elevated skills shortages, additional insider threats, compounded cybercrime concerns, greater nation-state exposures and reduced innovation capabilities. Altogether, these issues could significantly minimize companies’ digital defenses and make them increasingly vulnerable to cyberattacks. Fortunately, these are steps businesses can take to combat cyber risks in a down economy, including the following:
- Have a plan. Cyber incident response plans can help businesses establish protocols for mitigating losses an acting swiftly amid cyber events. Successful plans should outline potential cyberattack scenarios, methods for maintaining key functions during these scenarios and the individuals responsible for such functions.
- Conduct training. Employees are often the first line of defense against cyberattacks. That’s why it’s important for businesses to prioritize cybersecurity training. This training should center around avoiding interacting with suspicious emails and links; refraining from downloading attachments or software programs from unknown sources or locations; utilizing unique passwords for all workplace accounts; and never sharing credentials or sensitive information online.
- Purchase cyber coverage. Especially during an economic downturn, it’s imperative for businesses to have sufficient insurance. Companies should consider purchasing dedicated cyber coverage to ensure financial protection against cyber losses.