Unlock Deep Observability

Organisations need to stay ahead of tough times and pricey insurance by adopting Zero Trust, deep observability, and network-to-cloud visibility for security strategy

There is no doubt that the cyber insurance industry has experienced something of an evolution in the last five years. As the threat landscape has changed beyond recognition, so have the risk management strategies aimed at staying ahead of cybercriminals. The result is an exponential rise in premiums: 85 per cent of cybersecurity business decision makers saw an increase in their cyber insurance premiums over the past 12 months, and 82 per cent of insurers are expecting these rises to continue. Given that cyber insurance makes up a key component of many cybersecurity and business continuity plans, what can organisations do to keep premiums down while maximising coverage?

The key is to improve proactive protection and to embrace deep observability — employing real-time, network-level intelligence to track activity across a network. Deep observability provides IT and security teams with the ability to amplify the power of their current log and trace-based monitoring tools, rapidly detect suspicious activity and act accordingly. Achieving this ‘single source of truth’ also helps to reduce complexity and cost — a crucial benefit as premiums continue to rise and we enter a tougher economic climate.

Where it began

Against the backdrop of increasing cybercrime, the ‘NotPetya’ attack was a landmark cyber-threat for various reason. Perhaps most significantly, it signalled the beginning of cyber insurance premium rises. Launched in 2017, NotPetya was a malware launched as part of a cyberattack campaign targeting IT infrastructure. Beyond financial setbacks for global organisations, NotPetya’s proliferation caused the drastic rise of premiums and lowering of coverage limits, as insurers adjusted their policies to reflect the changing cyberthreat landscape.

Since then, a global pandemic and the subsequent shift to home or hybrid working created a perfect storm for the rise of ransomware. This form of cybercrime can cause such large-scale and financially destructive consequences that insurers have had no option other than hike up prices for more vulnerable businesses in order to stay profitable.

Zero Trust is an essential

With challenges comes opportunity. This upending of the cyberthreat landscape serves as a potential catalyst for organisations across verticals to optimise their cybersecurity.

According to the recent Gigamon ‘State of Ransomware’ report, phishing and malware were the top routes for ransomware attacks in 2022. Cloud applications were also cited as a common ransomware attack vector, particularly by those in the UK. Protecting against a misconfigured cloud or human error isn’t the job of cyber insurance — this should be reserved to cushion the financial blowback in the event of a breach. Instead, enterprises must proactively take steps to bolster their security posture.

This includes ensuring all access across digital infrastructure is authenticated. Trust is earned, not freely given in this threat landscape. A Zero Trust architecture — which requires authentication of all users regardless of their position in an organisation — helps prevent unauthorised access and works to restrict suspicious lateral movement across a network. Fortunately, it’s now a topic regularly discussed in boardrooms. Across EMEA in particular there is growing confidence that organisations will be able to implement this architecture in the next few years (51 per cent agreed in 2020, compared to 83 per cent in 2022). To get there, however, deep observability is a critical foundation; you simply cannot manage and grant access to what you cannot see.

A single source of truth

Threat actors can bypass SIEMs and endpoint detection and response tools, yet they will always leave a metadata trail. This is why deep observability is so crucial to cybersecurity. It grants security operations (SecOps) teams the ability to analyse this metadata, spot suspicious behaviour and take the appropriate steps to mitigate an intrusion before it escalates. Such enhanced visibility and control are crucial for maximising the efficacy of Zero Trust architecture and fostering a security-first approach within an enterprise.

With premiums so high, organisations also undoubtedly want to turn to solutions that provide ROI as well as better security. As more tools come into play, cost and complexity rises. Many enterprises will not have the budget to keep adding more solutions to their technology stack in hope they will improve their cybersecurity and reduce their insurance prices. Instead, they need a single source of truth and a complete view across the entire IT infrastructure — cloud included. From here, teams can identify network bottlenecks and eliminate irrelevant, duplicate or low risk traffic. Deep observability is therefore not only a must for security, but also for making budgets go further. Organisations need to brace themselves for a challenging economic down-turn and continued rises in cyber insurance premiums by implementing a strategy based on Zero Trust, deep observability and network-to-cloud visibility. In turn, security teams can be far more confident in their security posture, business leaders are satisfied by a lower spend and insurers become more confident when taking on their customer’s risk.

— Garth Braithwaite is Senior Director at Gigamon.

• Business Technology Review