With
cyberattacks
around
the
world
escalating
rapidly,
insurance
companies
are
ramping
up
the
requirements
to
qualify
for
a
cyber
insurance
policy.
Ransomware
attacks
were
up
80%
last
year,
prompting
underwriters
to
put
in
place
a
number
of
new
provisions
designed
to
prevent
ransomware
and
stem
the
record
number
of
claims.
Among
these
are
a
mandate
to
enforce
multi-factor
authentication
(MFA)
across
all
admin
access
in
a
network
environment
as
well
as
protect
all
privileged
accounts,
specifically
machine-to-machine
connections
known
as
service
accounts.
But
identifying
MFA
and
privileged
account
protection
gaps
within
an
environment
can
be
extremely
challenging
for
organizations,
as
there
is
no
utility
among
the
most
commonly
used
security
and
identity
products
that
can
actually
provide
this
visibility.
In
this
article,
we’ll
explore
these
identity
protection
challenges
and
suggest
steps
organizations
can
take
to
overcome
them,
including
signing
up
for
a
free
identity
risk
assessment.
How
Can
You
Protect
Privileged
Users
If
You
Don’t
Know
Who
They
Are?
Underwriters
are
now
requiring
MFA
on
all
cloud-based
email,
remote
network
access,
as
well
as
on
all
administrative
access
for
network
infrastructure,
workstations
and
servers,
directory
services,
and
IT
infrastructure.
The
last
requirement
here
is
the
biggest
challenge
–
so
let’s
examine
why.
The
problem
is
that
defining
administrative
access
is
easier
said
than
done.
How
do
you
compile
an
accurate
list
of
every
admin
user?
While
some
can
be
easily
identified
–
for
example,
IT
and
helpdesk
staff
–
what
about
so-called
shadow
admins?
These
include
former
employees
that
may
have
left
without
deleting
their
admin
accounts,
which
then
continue
to
exist
in
the
environment
along
with
their
privileged
access.
As
well,
there
are
also
users
with
admin
access
privileges
who
may
not
have
been
officially
assigned
as
admins,
or
in
some
cases
temporary
admins
whose
accounts
weren’t
deleted
after
the
reason
for
their
creation
was
complete.
The
bottom
line
is
that
in
order
to
secure
all
user
accounts
with
MFA,
you
first
need
to
be
able
to
find
them.
And
if
you
can’t
do
that,
you’re
at
a
loss
before
you’ve
even
started
considering
what
the
best
protection
strategy
is.
The
Case
of
Service
Accounts:
An
Even
Bigger
Visibility
Challenge
Cyber
insurance
policies
also
require
organizations
to
maintain
a
list
of
all
their
service
accounts.
These
are
accounts
that
perform
various
tasks
in
an
environment
from
scanning
machines
and
installing
software
updates
to
automating
repetitive
admin
tasks.
To
qualify
for
a
policy,
organizations
need
to
be
able
to
document
all
service
account
activities,
including
source
and
destination
machines,
privilege
level,
and
the
applications
or
processes
that
they
support.
Service
accounts
have
become
a
major
focus
for
underwriters
because
these
accounts
are
often
targeted
by
threat
actors,
due
to
their
highly
privileged
access.
Attackers
know
service
accounts
are
often
unmonitored,
therefore
using
them
for
lateral
movement
will
go
undetected.
Attackers
seek
to
compromise
service
accounts
using
stolen
credentials
then
use
those
accounts
to
get
access
to
as
many
valuable
resources
as
possible
in
order
to
exfiltrate
data
and
spread
their
ransomware
payload.
The
challenge
of
inventorying
all
service
accounts,
though,
is
an
even
greater
one
than
doing
so
for
human
admins.
The
reasons
is
because
there
is
no
diagnostic
tool
that
can
detect
all
service
account
activity
in
an
environment,
meaning
that
getting
an
accurate
count
of
how
many
exist
is
challenging
at
best.
As
well,
unless
meticulous
records
have
been
kept
by
admins,
determining
every
account’s
specific
pattern
of
behavior
–
such
as
their
source-to-destination
machines
as
well
as
their
activities
–
is
extremely
difficult.
This
is
because
of
the
many
different
tasks
that
service
account
perform.
Some
accounts
are
created
by
admins
to
run
maintenance
scripts
on
remote
machines.
Others
are
created
as
part
of
software
installation
to
perform
updates,
scans,
and
conduct
health
checks
related
to
that
software.
The
upshot
is
the
getting
full
visibility
here
is
close
to
impossible.
The
Right
Assessment
Can
Identify
Gaps
in
Identity
Protection
To
qualify
for
a
cyber
insurance
policy,
organizations
need
to
close
their
gaps
in
identity
protection.
But
first
those
gaps
have
to
be
identified,
because
you
can’t
address
what
you’re
not
aware
of.
With
the
help
of
a
thorough
assessment,
companies
will
finally
be
able
to
see
all
their
users
and
their
level
of
privilege,
identify
any
areas
lacking
MFA
coverage,
and
also
get
a
picture
of
other
identity
protection
weaknesses,
such
as
old
passwords
still
in
use,
orphaned
user
accounts,
or
any
shadow
admins
that
are
in
the
environment.
By
focusing
on
authentications,
the
right
assessment
will
reveal
exactly
how
users
are
gaining
access
and
identify
any
attack
surfaces
not
currently
being
protected.
These
include
all
command-line
interfaces
and
service
account
authentications,
which
will
allow
organizations
to
meet
the
new
cyber
insurance
requirements
with
ease.
A
rigorous
assessment
can
also
uncover
additional
areas
not
currently
required
by
insurers
but
still
vulnerable
to
attack,
such
as
file
shares
and
legacy
apps.
Coupled
with
actionable
recommendations,
organizations
will
soon
find
their
security
posture
dramatically
improved.
Do
you
know
where
your
gaps
are?
Sign
up
today
for
a
free
identity
protection
assessment
from
Silverfort
to
get
complete
visibility
into
your
environment
and
uncover
any
deficiencies
that
need
to
be
addressed
so
your
organization
can
qualify
for
a
cyber
insurance
policy.
this
article
interesting?
Follow
us
on
and
to
read
more
exclusive
content
we
post.
About Author
