Managed detection and response (MDR) offers a more cost-effective way for businesses to add expertise and improve their security.
In cyberspace, small businesses are at a significant disadvantage. They often lack the necessary resources—time, money, personnel, expertise and technology—to continuously shield themselves from the increasing risk of cyberattacks.
Implementing best cybersecurity hygiene practices can help, but security posture protocols that once seemed cutting edge can quickly phase out or be rendered less effective by threat actors' evolving attack methods.
To keep policyholders abreast of the newest advances in cybersecurity, cyber liability risk mitigators need to identify the next controls that will give them an edge over attackers. More specifically, which security control has the greatest potential to become a staple in every cybersecurity strategy and a potential requirement to obtain cyber insurance in the not-so-distant future?
The answer: Managed detection and response (MDR). MDR is quickly becoming the newest important cybersecurity control for cyber insurance policyholders to implement and is on track to outpace others at the top of the list.
Strong Security Controls: MFA and MDR
Multifactor authentication (MFA) has long been the most recognized and required security control by cyber insurers. While it dates back to the 1990s, it did not truly gain traction until the mid-2000s. As smartphones grew in popularity, especially among businesses, so did MFA. The technology became more feasible once users had their own devices capable of verifying login attempts and receiving authentication codes as a second factor to complement passwords.
With more digital accounts, businesses needed a way to secure it all. As a result, MFA is now applied to nearly everything. This essential tool helps both large and small businesses add an extra layer of protection to their networks.
Cyber insurance providers embraced MFA because it's easy to implement and creates enough friction to deter attackers and prompt them to move to their next target. Many cyber insurers began incentivizing or even requiring MFA after the increase in cybercrime during the pandemic. These days, you'd be hard-pressed to find a cyber insurance policy that doesn't mention MFA.
However, as new technologies and attack vectors emerge, threat actors evolve their tactics, techniques and procedures to circumvent many forms of MFA. Consequently, businesses need additional ways to enhance their security posture.
MDR combines technology with human expertise, leveraging the alert and detection capabilities of endpoint detection and response (EDR) with human threat hunters who can respond to alerts in real-time. EDR tools are valuable for detecting suspicious activities, but they're an imperfect solution if there's no human expertise in place to take the immediate and necessary actions.
Using artificial intelligence (AI) and machine learning to spot anomalous and known malicious activity, MDR can help businesses catch threat actors mid-attack. When the security control detects suspicious activity, third-party human experts can intervene in numerous ways, including cutting the connection of a remote session, isolating impacted machines or revoking privileges for compromised attacks.
Companies with MDR in place have a faster mean time to respond, dramatically decreasing the impact of a cyber incident. In some of the recent large-scale cyber events, like MOVEit or Citrix Bleed, many of the businesses that were hit would've been able to catch and contain the attack if they had MDR in place.
As a result, cyber insurance providers are increasingly requiring or encouraging and incentivizing businesses to implement MDR, sometimes by providing premium credits on their cyber insurance policies, just as they did with MFA.
How MDR Can Help Cyber Clients Face Attacks
MDR is more than just another tool: It can help businesses keep pace with new vulnerabilities without burdening existing teams. Most small businesses don't have the resources to run a security operations center because of time, effort and technology costs. MDR offers a more cost-effective way for businesses to add expertise and improve their security posture without adding headcount.
Common vulnerabilities and exposures (CVEs) have steadily increased every year for nearly a decade, with more than 26,000 disclosed in 2023 and a 25% increase expected in 2024, according to Coalition's “Cyber Threat Index 2024." Moreover, CVEs are among the most popular threat vectors for ransomware attacks, reaching a record-high of $365,000 per claim last year.
With new vulnerabilities emerging at a rapid rate, businesses often feel like they're buried beneath an avalanche of alerts. The overwhelming volume and repetitive nature of these alerts can trigger alert fatigue, causing security professionals to lose the ability to distinguish between alerts that represent serious and concerning issues and everything else that's just noise. MDR can alleviate this by bringing together alerts from other tools and data sources, providing a more complete picture than any one tool. MDR gives businesses the technology and expertise to help respond and recover faster, minimize impact, and prevent future attacks.
Most businesses simply cannot afford 24/7 security. Threat actors know this and use it to their advantage. The good news is that cyber insurance providers know it too, and that's why they are increasingly encouraging businesses to implement MDR—just as they did with MFA.
John Roberts is general manager of security at Coalition.