Cyber incidents—including data breaches, ransomware attacks and social engineering scams—have become increasingly prevalent, impacting organizations of all sizes and industries. 此类事件在很大程度上是由额外的网络威胁载体和日益成熟的攻击者引起的. As these incidents continue to rise in both cost and frequency, 对于组织来说，采取措施解决网络风险并加强数字安全防御是至关重要的.

这样做不仅可以帮助组织防止网络事件和相关保险索赔的发生, but can also help them secure adequate cyber coverage in the first place. 毕竟, 网络事件日益严重，促使大多数网络保险公司提高保费，并在保险组织和承保损失类型方面更具选择性. 像这样, 许多保险公司已经开始利用组织的网络安全实践文件来确定他们是否有资格获得保险——无论是新保单还是续保——以及他们的保费有多贵.

记住这一点, 以下是10个基本的网络安全控制，组织可以实施这些控制来帮助管理网络风险.

1. 多因素身份验证(MFA)

While complex passwords can help deter cybercriminals, they can still be cracked. 帮助防止网络犯罪分子获取员工账户的访问权限，并利用这种访问权限发动潜在的攻击, MFA是关键. MFA是一种分层方法，用于保护数据和应用程序，其中系统要求用户提供两个或多个凭据的组合来验证其登录身份. Through MFA, employees must confirm their identities by providing extra information (e.g., 一个电话号码或唯一的安全码)，除了他们的密码，当试图访问公司的应用程序, 网络和服务器.

这一额外的登录障碍意味着网络犯罪分子将无法轻易解锁账户, even if they have employees’ passwords in hand. It’s best practice for organizations to enable MFA for remote access to their networks, 其网络和任何企业级云应用程序中的管理功能.

2. Endpoint Detection and Response (EDR) Solutions

EDR解决方案持续监控与安全相关的威胁信息，以检测和响应勒索软件和其他类型的恶意软件. 它们提供了对发生在各种端点(如智能手机)上的安全事件的可见性, 台式电脑, 笔记本电脑, 服务器, 平板电脑, 以及其他与所连接的网络进行来回通信的设备，以帮助防止数字损害并将未来的攻击最小化.

具体地说, EDR solutions offer advanced threat detection, 调查和响应能力——包括事件数据搜索和调查分类, 可疑活动验证, 威胁狩猎, 恶意活动检测和遏制——通过不断分析来自端点的事件来识别可疑活动. 进一步, 这些解决方案通过记录所有端点和工作负载上发生的活动和事件，为实时发生的情况提供持续和全面的可见性. Upon receiving alerts regarding possible threats, organizations and their IT departments can then uncover, investigate and remediate related issues. 作为一个整体, 实现EDR解决方案是帮助组织增强其网络可见性的关键步骤, conduct more efficient cybersecurity investigations, 在潜在事件中利用自动修复，并通过持续的端点数据分析促进更多情境化的威胁搜索.

3. 补丁管理

补丁可以修改操作系统和软件，以增强安全性、修复错误和提高性能. They are created by vendors and address key vulnerabilities cybercriminals may target. 补丁管理是指获取软件更新并将其应用于各种端点的过程.

The patch management process can be carried out by organizations’ IT departments, automated patch management tools or a combination of both. Steps in the patch management process include identifying IT assets and their locations, assessing critical systems and vulnerabilities, 测试和应用补丁, tracking progress and maintaining records of such progress. Patch management is necessary to ensure overall system security, 保持与监管机构和政府机构设置的适用软件标准的一致性, leverage system features and functionality improvements that may become available over time, and decrease downtime that could result from outdated, 低效率的软件.

从网络安全的角度来看, 始终如一地修补和更新软件和操作系统有助于减少暴露在网络威胁之下. 相应的, 组织应该建立补丁管理计划，包括优先排序框架, 测试和部署软件更新.

4. 网络分割和隔离

当组织的网络缺乏足够的访问限制并且紧密相连时, 网络犯罪分子可以很容易地侵入这些网络，造成更大范围的运营中断和破坏. That’s where network segmentation and segregation can help. 网络分段是指通过使用交换机和路由器将较大的网络划分为较小的网段(也称为子网), 因此，允许组织更好地监视和控制这些段之间的流量. 这种分段还可以提高网络性能，并帮助组织将技术问题和安全威胁本地化. Network segregation, on the other hand, entails isolating crucial networks (i.e.(那些包含敏感数据和资源的)来自外部网络，如Internet. 这种隔离使组织有机会在其最关键的网络中利用额外的安全协议和访问限制, making it more difficult for cybercriminals to penetrate these networks laterally.

网络分段和隔离都允许组织采用粒度方法来实现网络安全, 限制网络罪犯获得对其IT基础设施(以及其中的重要资产)的广泛访问并造成重大损失的风险. When implementing network segmentation and segregation, 组织必须坚持最小权限原则——只允许员工访问他们执行工作职责所需的网络——并根据关键业务功能将主机与网络分开，以确保最大的基础设施可见性.

5. 生命终止(EOL)软件管理

At some point, all software will reach the end of its life. This means manufacturers will no longer develop or service these products, 停止技术支持, 升级, Bug修复和安全性改进. As a result, EOL software will have vulnerabilities that cybercriminals can easily exploit.

Organizations may be hesitant to transition away from EOL software for a number of reasons, 比如资源有限, a lack of critical features among new software or migration challenges. This is especially true when EOL systems are still functioning. 然而, continuing to use EOL software also comes with many risks, including heightened cybersecurity exposures, 技术不兼容, 降低系统性能水平, elevated operating costs and additional data compliance concerns. 像这样, 很明显，主动的EOL软件管理对于防止意外事件和维护组织网络安全是必要的. 特别是, organizations should adopt life cycle management plans that outline ways to introduce new software and provide methods for phasing out unsupported software; utilize device management tools to push software updates, certifications and other necessary 升级 to numerous devices simultaneously; and review the EOL status of new software before selecting it for current use to avoid any confusion regarding when it will no longer be supported and plan for replacements as needed

6. RDP (Remote Desk Protocol)安全措施

rdp(微软开发的一种网络通信协议)包含一个数字接口，允许用户远程连接到其他服务器或设备. 通过RDP端口，用户可以在任何位置方便地访问和操作这些服务器或设备. RDP已经成为一种越来越有用的商业工具——允许员工在家工作时检索存储在组织网络上的文件和应用程序, 同时让IT部门能够远程识别和解决员工的技术问题.

不幸的是, RDP ports are also frequently leveraged as a vector for launching ransomware attacks, particularly when these ports are left exposed to the internet. In fact, a recent report from Kaspersky found that nearly 1.3 million RDP-based cyber events occur each day, with RDP reigning as the top attack vector for ransomware incidents. 来保护他们的RDP端口, 对于组织来说，在不使用这些端口时关闭它们是很重要的, 确保这些端口不向互联网开放，并通过使用虚拟专用连接(VPN)和MFA提高整体接口安全性.

7. Email Authentication Technology/Sender Policy Framework (SPF)

许多勒索软件攻击和社会工程骗局都是从员工收到欺骗性电子邮件开始的, 例如欺诈性发件人声称是值得信赖的一方，并提供恶意附件或要求提供敏感信息. To protect against potentially harmful emails, it’s paramount that organizations utilize email authentication technology. 

该技术监视传入的电子邮件，并根据组织现有的特定发件人验证标准确定这些消息的有效性. Organizations can choose from several different verification standards, but the most common is SPF—which focuses on verifying senders’ IP addresses and domains.

在验证电子邮件时, 这项技术允许它们通过组织的IT基础设施进入员工的收件箱. 当电子邮件无法验证时, 它们要么会出现在员工的收件箱中，要么会被完全阻止到达收件箱. With SPF, unauthenticated emails may even be filtered directly into employees’ spam folders. 最终, 电子邮件身份验证技术可以使危险的电子邮件远离员工的收件箱，并在网络犯罪分子开始之前阻止他们的策略.

8. 安全数据备份

组织保护其敏感信息和数据免受网络罪犯侵害的最佳方法之一是进行频繁和安全的备份. 首先也是最重要的, organizations should determine safe locations to store critical data, whether within cloud-based applications, on-site hard drives or external data centers. 从那里, 组织应该为备份这些信息制定具体的时间表，并概述数据恢复程序，以确保在可能发生的网络事件中快速恢复. 

9. 事件应变计划

网络事件响应计划可以帮助组织建立检测和控制数字威胁的协议, remaining operational and mitigating losses in a timely manner amid cyber events. Successful incident response plans should outline potential attack scenarios, ways to identify signs of such scenarios, 在这些场景中维护或恢复关键功能的方法，以及负责这样做的个人.

These plans should be routinely reviewed through various activities, such as penetration testing and tabletop exercises, to ensure effectiveness and identify ongoing security gaps. 渗透测试指的是模拟针对特定工作场所技术或数字资产的实际攻击.g., 网站, applications and software) to analyze organizations’ cybersecurity strengths and weaknesses. 与此形成鲜明对比的是, 桌面演习是允许组织利用模拟场景来演练和测试其网络事件响应计划的效率的演练. Based on the results of these activities, organizations should adjust their response plans when necessary.

10. 员工培训

员工被广泛认为是企业抵御网络事件的第一道防线, 特别是因为一个员工的错误就能对整个工作场所系统造成妥协和破坏. In light of this, it’s crucial for organizations to offer cybersecurity training. 这种培训应该围绕帮助员工正确识别和应对常见的网络威胁展开. 其他培训主题还可能包括组织具体的网络安全政策和报告可疑活动的方法.

Because digital risks are everchanging, this training shouldn’t be a standalone occurrence. 而, 组织应定期提供网络安全培训，并在需要时更新该培训，以反映最新的威胁, 攻击趋势和工作场所的变化.

结论

In today’s evolving digital risk landscape, 对于组织来说，认真对待网络安全并采取有效措施来减少风险是至关重要的. By leveraging proper cybersecurity controls, 组织可以帮助保护他们的业务免受各种损失，并减少相关保险索赔的可能性. 此外, 记录这些控制可以让组织向网络保险公司证明，他们认为网络安全是头等大事, potentially increasing their ability to secure coverage.

For more risk management guidance, contact us today.

网络风险 & 责任文件并非详尽无遗，任何讨论或意见也不应被视为法律建议. Readers should contact legal counsel or an insurance professional for appropriate advice. ©2022 Zywave, Inc. 版权所有.