At-Bay’s Crocker: SMEs remain “target-rich environment” as insurtech touts MDR

Small to medium-sized businesses remain “a target-rich environment” for threat actors, according to At-Bay’s head of digital forensic and incident response (DFIR) Larry Crocker, who also touted the importance of managed detection and response (MDR) services.

Speaking with The Insurer TV on the sidelines of last week’s NetDiligence Cyber Risk Summit in Miami Beach, the executive said that despite a greater focus among insureds on cyber risk, many SMEs still “have their front doors wide open”.

“Small to medium businesses usually do not have the expertise in play to have a robust security posture in their environment,” Crocker explained, while discussing At-Bay’s approach of offering security services along with insurance cover.

“So, [SMEs] make a target-rich environment for threat actors, because they don't have to worry about injecting code or doing something crazy to get into the environment,” he added.

Crocker said SMEs are continuing to fall victim to social engineering attacks – like business email compromise scenarios executed based on phishing schemes – while in other cases they’re exposed through open ports via remote desktops.

“It could be as simple as a phishing email that allows a threat actor to get access to credentials using the environment,” Crocker noted.

Business e-mail compromise remains prevalent

At-Bay’s head of DFIR said the firm was seeing other forms of breaches, such as “insider threats” – which typically relate to nefarious activity carried out by a company’s personnel – but that business email compromise has been the most prevalent.

“Small to medium businesses are focused on building their practice, building their environment, trying to get it up to where they can be that large enterprise in the future,” Crocker noted.

“And, sometimes, security does take a little bit of a backseat, and because of that, [firms] can't afford all the big, nice bells and whistles” that come with developing a more sophisticated cybersecurity posture, he added.

“By starting a DFIR practice within the company, we're starting to see, based on our claims data, a consistent trend that's been going on for long periods of time, which is the ransomware matters and we're also seeing business email compromises,” Crocker noted.

The At-Bay executive noted that larger firms remain vulnerable to attacks – especially since they often house more data – but they also typically have more “compensating controls” allowing them to “stop [threat actors] in their tracks”.

“You don't see [the breaches] as much and where you will see it in the small to medium business,” Crocker said.

MDR an important tool

He described multi-factor authentication (MFA) as among “the best mitigators”, but said that a failure to properly configure MFA led to companies still getting breached, while he also touted the importance of data backups that are routinely tested.

However, the best defence, Crocker explained, is having in place MDR and endpoint detection and response (EDR) tools – which At-Bay and other insurtechs provide as a service.

“So, having a robust EDR solution – that coupled with eyes on glass – allows someone to have eyes on the environment 24/7 to monitor it,” he explained.

“If you see some anomaly come up, if you see something that would make it look like ransomware or pre-ransomware, it can be stopped before it actually deploys into the environment.”

Crocker also discussed the importance of maintaining system logs that can help an outside incident response team more efficiently react to a breach.

"What that does is that allows the incident responder to go back and look and concentrate on those dates, and work outwards and forwards on it and just see what happened and how the threat actor got in,” he commented.

Crocker also touted his firm’s view of the importance of combining insurance with security services, like MDR and EDR.

“By having those two married, I think you're going to start seeing that more and more in the future,” he concluded.

Watch the full interview with At-Bay’s head of digital forensics and incident response Larry Crocker to hear more on:

  • How many SMEs remain a “target-rich” environment for threat actors to pursue
  • Why SMEs typically lack sophisticated cybersecurity tools and have their “front doors wide open”
  • At-Bay’s ambition to improve insureds’ security posture alongside offering insurance
  • How business email compromise remains a main focus of threat actors targeting SMEs