You’re always a target, so it pays to review your cybersecurity insurance

Posted on by

In October of 2024, CISCO announced a vulnerability in the Remote Access VPN feature of the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. There are no workarounds or mitigations, only patches that need to be installed.

During the annual renewal of cyber insurance, the insurance carrier would not even consider insuring my business if we did not demonstrate that we had some fundamental protections in place. Based on the questions and bullet points, you could tell they saw the remote access, third-party vendor access, and network administrator accounts as weak points that needed additional protection.

MFA is a requirement most insurers insist upon

For example, they mandated that all remote access, including VPN access and all remote monitoring and management (RMM) solutions, such as remote desktop protocol (RDP), be protected by multifactor authentication (MFA), mandating that it should also be enforced on email access and any remote access to critical resources, including third-party and vendor access.