Thursday 2 February 2023, Boston and Tel Aviv: Unified Identity Protection leader, Silverfort, today launched the most comprehensive free cyber insurance assessment available to help organizations discover the gaps and hygiene issues in their identity attack surface which may cause cyber insurance compliance failures. Intended to be used by companies with 250 or more employees, the assessment will help meet expanding cyber insurance requirements in advance of a policy application or renewal.
Simple to deploy and providing visibility into all user authentications, Silverfort’s identity risk assessment operates at a directory level to report with in-depth visibility on the identity attack surface. The report summarizes risky user accounts and authentications as well as risk indicators such as shadow admins, passwords that never expire, admins liable to Kerberoasting, pass-the-ticket and lateral movement attempts, authentications using weak encryption protocols, unprotected Service Accounts and more.
These common attack paths are used by threat actors to move laterally around an organization and propagate the ransomware responsible for more than half of all cyber insurance payouts last year. For this reason, identity security hygiene has become increasingly important to insurance underwriters.
Cyber insurance premiums continue to increase due to the routine manner by which adversaries use these gaps in identity to spread in their victim’s environment and ultimately extort them for payment. In response, insurance carriers and brokers have added detailed identity security requirements and increased scrutiny around how controls are deployed and managed. MFA is now required to protect an expanded range of internal apps, interfaces, and systems, including VPNs, file shares, networking equipment, legacy systems, and CLI admin tools. Insurers are also increasing Privileged Access Management (PAM) requirements for highly privileged and non-human users, with the discovery and password hygiene of Service Accounts coming under particular scrutiny.
Hed Kovetz, CEO and Co-Founder of Silverfort, said, “Insurance carriers are waking up to the path of least resistance presented by the identity-based attack surface. Once initial compromise is achieved, countless attack paths into critical areas of every environment are exposed, significantly increasing the chance of an attack succeeding. This makes it very difficult for insurers to correctly price the risk.
“Our free identity risk assessment provides organizations a clear view of their exposure. With the results they can better understand the steps necessary to improve security posture and insurability, such as applying MFA to critical resources and protecting Service Accounts. We hope this helps put more affordable insurance policies in reach of more organizations.”
The free assessment is part of a broader program to improve the identity security maturity of organizations for insurance compliance attestation. Major brokers such as Acrisure, Howden Group and other insurance carriers and intermediaries are now offering Silverfort’s Unified Identity Protection solution to help more customers qualify for cyber insurance policies.
To request an assessment, simply register on the Silverfort website and a representative will be in touch to assist.