Security News > 2023 > February > Tackling the New Cyber Insurance Requirements: Can Your Organization Comply?

Tackling the New Cyber Insurance Requirements: Can Your Organization Comply?
2023-02-07 12:47

Among these are a mandate to enforce multi-factor authentication across all admin access in a network environment as well as protect all privileged accounts, specifically machine-to-machine connections known as service accounts.

How do you compile an accurate list of every admin user? While some can be easily identified - for example, IT and helpdesk staff - what about so-called shadow admins? These include former employees that may have left without deleting their admin accounts, which then continue to exist in the environment along with their privileged access.

Cyber insurance policies also require organizations to maintain a list of all their service accounts.

Service accounts have become a major focus for underwriters because these accounts are often targeted by threat actors, due to their highly privileged access.

Attackers seek to compromise service accounts using stolen credentials then use those accounts to get access to as many valuable resources as possible in order to exfiltrate data and spread their ransomware payload. The challenge of inventorying all service accounts is an even greater one than doing so for human admins.

These include all command-line interfaces and service account authentications, which will allow organizations to meet the new cyber insurance requirements with ease.


News URL

https://thehackernews.com/2023/02/tackling-new-cyber-insurance.html