Expert Q&A: Strengthening Cybersecurity, Adopting Cyber Insurance, and Navigating AI Risks

Cyber threats continue to evolve at an unprecedented pace keeping business and IT leads on their toes. The landscape has shifted dramatically, with ransomware and data-theft extortion becoming increasingly sophisticated. There was a staggering 76% increase in data-theft victims between 2022 and 2023 alone.

We talked with Ben Wilcox, Managing Director of Cybersecurity & Compliance and Chief Technology officer at ProArch, to hear his perspective on how cybersecurity is evolving and what organizations need to do to reduce risk. As organizations face challenges such as an ever-expanding attack surface and the integration of AI in the workplace, Ben’s insights will help guide your organization to a more mature security posture.

1. How can organizations strengthen their cybersecurity without dedicated security leadership?

Without dedicated security leadership, maintaining security is a challenge. The first step, as Ben explains, is to conduct a thorough assessment of your current security posture. "Start with a cyber security risk assessment, find out where your weaknesses are within your current security posture." He suggests several methods for this, including "a vulnerability scan," "looking at it from a penetration testing perspective," or "going through a tailored security audit."

Once you understand your vulnerabilities and risks, the next step is to prioritize your efforts. Ben recommends using established frameworks to guide this process: "There's various standards out there including CIS Critical Security Controls and NIST Cybersecurity Framework that can help you prioritize which security controls you should implement first.”

To address this, Ben recommends Managed Detection and Response (MDR) services. Ben highlights that MDR can provide "quick implementation, monitoring of the environment, detection of the threats and then the response of type actions which can stop those threats in real time." This 24/7 monitoring capability significantly reduces the risk of undetected threats during off-hours.

When looking at security solutions, Ben’s advice is to consider bundled products that can reduce your administrative, maintenance, and configuration overhead. He points out solutions like Microsoft Business Premium, M365 E3 and E5 Security which bring a suite of defensive products together and include tight integrations. Ben emphasizes the value of partnering with a top Microsoft partner like ProArch. "They can provide a turnkey environment from configuration to operations," he explains, "which is crucial for smaller IT teams. This approach allows them to focus on strategic and tactical improvements instead of getting caught up in routine operations and maintenance."

He also adds that for strategic guidance, a virtual Chief Information Security Officer (vCISO) can "help you identify where risks are and make a plan to fix them." This combination of MDR and vCISO services provides both tactical protection and strategic planning to enhance overall security posture.

2. How vital is cyber insurance, and how widely is it being adopted?

"Almost half of the businesses ProArch has assisted with cybersecurity incident response do not have cyber insurance." This can leave organizations vulnerable to significant financial losses in the event of a cyberattack, forcing them to pay ransoms out of pocket or absorb substantial recovery costs. “Without the right controls to protect your environment and recover, you are the at the mercy of paying the ransom.”

Insurance providers are getting more selective on how they evaluate risk while issuing policies.

"I've seen customers who have received a 40 or 50% reduction of cyber security insurance costs, which can certainly add up to the hundreds of thousands over the years." These substantial reductions in premiums are achieved when organizations implement more mature security defenses. By enhancing their security posture, companies can demonstrate to insurers their improved ability to prevent and respond to cyber threats.

3. What risks does AI pose when it comes to security?

The biggest security risks that AI poses are with data privacy and data confidentiality. “AI can expose sensitive information that wasn't previously secured properly. Implementing Data loss prevention (DLP) measures, including proper data labeling, access controls, and encryption will keep data in the right hands.” Additionally, careful consideration should be given to what data is used to train or interact with AI models.

It is important to ensure that the data is properly labeled and tagged from a sensitivity perspective and that information is properly secured and accessible to the right people. For example, a company implements Copilot for Microsoft 365. If there aren’t proper data security measures and permissions in place Copilot may inadvertently expose or disclose confidential data that employees wouldn't have easily found on their own.

4. How should companies leveraging AI ensure compliance status?

“The first thing to understand is how is your business going to use AI and what risks do those particular use cases provide to your business.” Is AI going to be used for interfacing with your customers? As a personal assistant inside of your business? Or are you going to leverage AI to service large sets of data to business?

And then once you know where your risks are, you can start putting in right security controls in place.

Here are the main steps suggested by Ben

• Assess AI use cases and associated risks: Understand how AI will be used across different departments and functions within the organization.
• Develop a comprehensive AI policy: Based on the identified risks, create a policy that outlines acceptable AI usage and risk mitigation strategies.
• Implement appropriate controls: Put in place technical and procedural controls to manage AI-related risks, such as site restrictions, data protection policies, or role-based access.
• Consider contractual obligations: Be aware of and adhere to any AI-related clauses in contracts with customers or partners.

5. What are the benefits of leveraging AI as part of a security program?

"The number of security events that occur today is probably 20X in comparison to what it was three years ago." This volume of data is beyond human capacity to process effectively, making AI an essential tool.

AI provides the necessary tools to keep pace with the rapidly evolving threat landscape, to detect, analyze, and respond to threats fast and at times without human intervention.

In ProArch's Security Operations Center (SOC), AI plays an integral role in identifying and remediating threats. “Our threat intelligence platform is powered by AI and creates risk scores that notify our SOC and clients about vulnerabilities in real-time that may affect them.” Knowing about a vulnerability and acting before it impacts you is crucial to preventing a security incident.

On top of swift notifications, AI filters out the noise and can correlate security events together to help security analysts act quickly. "We use generative AI to create a more efficient and fast responsive action. It streamlines complex situations by summarizing multiple events and suggesting appropriate responses. It's a much easier to query something in your natural language than it is to try to like filter through a bunch of results.”

6. Where should organizations allocate their security investments?

"Make sure the external attack surface is well-managed and that you have visibility into all your assets. Often, there isn’t a good grasp on what exists in the environment and the risks of its exposure. That is the root of a lot of problems."

Ben outlines several key areas where organizations should focus their cybersecurity efforts:

1. Attack Surface Management: Take inventory of all assets in the environment and understand the risks associated if they were successfully compromised. That includes technology outside of IT departments.
2. Managed Detection and Response (MDR): Implementing 24/7 monitoring is essential for real-time threat identification and response.
3. Operational Technology (OT) Security : For critical infrastructure industries including manufacturing, power industry and utilities Ben notes, "Visibility is crucial for reducing risk and creating more resiliency. Make sure network segmentation is properly in place and there are eyes on the network 24/7. If not, attackers will find a way in."
4. Cloud Security: Protecting workloads across diverse cloud environments is a top priority as businesses continue their digital transformation and make sure to upskill internal resources.
5. Data Loss Prevention (DLP): "What's really been in a big uptick is, data security, especially if there's any sort of compliance obligations," Ben emphasizes, highlighting the growing importance of data protection. “AI is emphasizing how important data security is.”
6. Strategic Security Leadership: Many organizations are seeking vCISO services for comprehensive security strategies.

Ben highlighted the concerning trend of cybercriminals intensifying their focus on the manufacturing industry, particularly those utilizing outdated technology.

Attackers are becoming more aggressive and demanding higher ransoms, knowing that manufacturers will pay to keep their operations running smoothly.

"When it stops their entire operation, cybercriminals know there is a much higher chance of receiving payment.”

Organizations are recognizing the need to not only defend against current threats but also to build resilience against future challenges in an increasingly complex digital ecosystem. ProArch helps fix those gaps and provide ongoing cybersecurity solutions

Know what's really putting you at risk, get a plan for remediation, and focus your investments where it matters most. Reach out to us.