top of page
Writer's pictureAnup Ghosh

Cracking the Code: Unveiling the Five Pillars of Cybersecurity




Ever wandered through the maze of a security conference or managed services convention? The sheer number of security vendors pitching their latest products can be overwhelming. They'll swear you need the hottest thing to shield your network. But in a world of budget constraints and an existing security stack, how much is truly enough?

When can you confidently say, 'I've got cybersecurity covered'?

  • Ask a cybersecurity expert, and they'll tell you, "Never enough, threats keep coming. How much time and money can you spare?"

  • Consult a cybersecurity vendor, and they'll chant, "More! Upgrade to our latest products before the end of quarter!"

  • Check with a friend or relative, and you might get a nonchalant, "Throw some antivirus on your laptop and call it a day."

So, who's got the real answers amidst this cacophony of voices? Your business can't afford to gamble on unreliable advice.


Enter Cyber Insurance

Until recently, finding a reliable answer to the "how much is enough" question was akin to searching for a needle in a haystack. It all depended on your threat model, but finding guidance was a challenge.

Enter the cavalry: cyber insurance providers. These are the folks who cut the checks when your cybersecurity falls short. They've cracked the code, discovering the essential practices that make a real difference in your cybersecurity.

These practices are so effective that the insurance premiums they charge exceed the loss claims. It took a few bumps, but they've fine-tuned the art of cybersecurity and are willing to put their money where their mouth is.


The Five Pillars of Cybersecurity

Imagine asking a cyber insurance expert about the five pillars of cybersecurity. They are likely to respond, "No idea, but follow these practices, and we'll insure you." We've distilled these best practices into what we call The Five Pillars. We're not paid for endorsing them, but we believe it's a smart move for your business.

  • Pillar 1: Attack Surface Management & Patch Management. Manage your attack surface and patch vulnerabilities. Cover external and internal network surfaces, fix account configurations, and embrace Multi-Factor Authentication (MFA). Say goodbye to old software, expiring certificates, poor configurations, overshared permissions, and vulnerable software.

  • Pillar 2: Backup and Recovery. Backup and recovery are your lifelines. Ensure automatic backup for cloud-stored data, understand retention periods, and align with customer requirements. Test your backup plan – recovery is the litmus test for success.

  • Pillar 3: Endpoint Detection & Response (EDR). Deploy a top-notch Endpoint Detection & Response (EDR) system. It's not just about having it; it's about actively managing and monitoring it.

  • Pillar 4: Email Security. Email is the gateway for most attacks. Invest in robust email security to filter out threats. Secure your domain with DMARC and SPF to prevent attackers from exploiting your credentials.

  • Pillar 5: Cybersecurity Awareness Training. Your employees are both your strength and your weakness. Train them to identify spearphishing and spoofed emails. Cybersecurity Awareness Training can be the game-changer against catastrophic attacks like ransomware and business email compromise.

A Few Notes: These pillars are the must-haves for small businesses (< 100 employees, <$75M revenue). Larger enterprises need more sophisticated measures based on their threat models.

In regulated industries, expect additional requirements. These pillars are a baseline; your industry may demand more.


The Take Away

While you can go all out on cybersecurity, the cyber insurance industry has set the bar. These are the minimum requirements you must meet competently for the networks you manage.

Embrace the Five Pillars, track your progress, and keep enhancing. You'll have a measurable and structured approach to cybersecurity – one that's backed by cyber insurance in case the worst happens.



63 views
bottom of page