When it comes to defending data, multi-factor authentication (MFA) is absolutely essential. There are more and less secure forms of MFA, and attackers are increasingly using techniques like social engineering to get around protections. This is not a place to skimp; without MFA, a threat actor who uses correct credentials to connect to an organization’s system may be undetectable. Forms of MFA that can be considered more secure include push notifications, time-based one-time passwords (TOTP), OAuth (Open Authorization) tokens, hardware tokens, authenticator apps, biometrics, or a FIDO2 key like YubiKey.

Remember that services that are exposed on the internet, even where patched regularly, are vulnerable to remote code execution or remote compromise. Beazley has many tools to help organizations recognize and remediate their specific vulnerabilities and exposures.

Despite best efforts, incidents can and will still occur – and the operational, legal, and reputational impacts can be significant. It’s important to work with an insurance carrier who understands threat actors’ habits and can provide guidance that ensures well-informed decisions. While it’s ultimately up to each insured to decide how to respond to an extortion demand, Beazley’s Cyber Services and Claims teams can assist with experienced direction and advice.