Article
7 Takeaways From At-Bay at RSA Conference 2024
At-Bay leadership’s key messaging on tech vendor accountability, the small business cybersecurity gap, and the InsurSec approach
RSA Conference 2024 brought together industry experts to discuss the future of cybersecurity, including conversations about risk, innovation, and evolution. At-Bay’s Co-founder and CEO, Rotem Iram, and CBO and GM of Security, Thomas Dekens, shared the InsurSec perspective at sessions with Axios, TheCube, and ISMG.
In case you missed it, here are all the highlights and interesting tidbits At-Bay leadership shared at RSAC this year.
Tech Vendors Don’t Take Accountability for Security, Creating Outsized Risk for Small to Mid-Sized Businesses
The tech products and services that small and mid-sized businesses rely on are often designed for usability, not security, leaving smaller companies with the responsibility of keeping their tech secure. Yet tech vendors fail to take accountability. Just by using some of the most popular software products in the industry, businesses take on responsibility for the security holes in the technology they’re paying for, whether they realize it or not.
If this were the auto industry, there would be mass recalls and congressional hearings. Yet in the tech world, there’s no call for accountability for vendors to provide secure software.
Large enterprises have the resources — think people and budgets — to identify and mitigate the cyber risk created by tech vendors, but small to mid-sized businesses don’t have that luxury. This leaves smaller companies more at risk of attacks, which can be a company-ending event without the right financial protection in place.
Watch Thom’s full interview with ISMG →
Small and Mid-Sized Businesses Are Being Left Behind by Cybersecurity
Most vendors are not even trying to sell security to these businesses because it’s too expensive and complicated for them to manage, which means small and mid-sized businesses are left with old security technology that doesn’t protect them. This security gap has created a market failure that isn’t fixing itself.
Watch Rotem’s full interview with SiliconANGLE & theCUBE →
The Majority of Cyberattacks Target the Same Entry Points Over and Over
Data from At-Bay’s 2024 InsurSec Report revealed that 58% of ransomware attacks exploit remote access technology. The report also found that cybercriminals have shifted their focus from Remote Desktop Protocol (RDP) to targeting self-managed Virtual Private Networks (VPNs) — those implemented on-premises and maintained in-house — which accounted for a whopping 63% of the year’s ransomware events where remote access was the initial entry vector.
Attackers Are Evolving Their Tactics
Historically, attackers would encrypt businesses’ data and hold it for ransom to extort payments. However, more and more businesses are implementing resilient data backups, meaning they’re less susceptible to encryption-only attacks. In response, attackers are finding new ways to extort their victims, exfiltrating data in addition to encrypting it, creating double leverage.
Watch Rotem’s full interview with SiliconANGLE & theCUBE →
AI Enables Increases the Risk of Attacks At Scale, With Financial Fraud Likely to Be Attackers’ First Target
Cyberattackers are leveraging AI to become more effective at fraud. Attackers always take the path of least resistance, and generative AI has made it incredibly easy to deploy more credible attacks to defraud people. AI also helps attackers find vulnerabilities to exploit, creating incredible efficiencies in launching attacks at scale.
In this environment, it’s more crucial than ever for businesses to build strong security postures and to move from legacy tech to modern solutions.
Read more about the impact of AI on cyber risk →
Cyber Insurance Providers Can Drive Accountability for Tech Vendors
Because an insurance provider foots the bill when a cyber incident happens, they have the insight to determine how much different security controls actually help drive down losses. This isn’t new; insurance has historically been the de facto regulator across many industries.
This is why At-Bay is committed to publishing reports that share insights from our in-house claims and cyber research data: to increase accountability for the tech vendors who sell products that keep breaking, the security vendors who fail to mitigate the resulting cyber risk, and to help small businesses determine what tools are worth their while.
InsurSec Helps Small and Mid-Sized Businesses Optimize Their Cybersecurity ROI
By drawing on insights from insurance claims, cyber insurance providers have a unique ability to understand which technologies create risk and which security tools effectively mitigate risk. An InsurSec solution leverages this data to combine both prevention and protection, so small and mid-sized businesses can access enterprise-grade security as part of their insurance policy.
The combination of insurance and security provides customers with a better product for a better cost, while saving the time and resources required to build a piecemeal solution.
Learn more about how InsurSec helps improve cybersecurity ROI →
