The NIST Cyber Security Framework

Navigating Beyond Standard Support with Cyber Security Insurance Compliance - A case study

Overview:

System Integrity LLC (SysIntegrity) is a Managed Security Services Provider (MSSP) with a focus on small and medium sized businesses and organizations in Central Maryland.

They have been highly successful providing Managed IT Services for non-profit organizations and small businesses. As well as outsourcing information technology engineering resources in support of network infrastructure upgrade projects for large governmental agencies and major corporations.

However, because of the pandemic that forces people to work from home leadership team at SysIntegrity saw a need to pivot and expand its capability to support the rapidly changing small business market. A market that had already transformed from the traditional office model into a hybrid workforce. For our small business customers everything was now on the table, cost savings, productivity, security and the newest IT bogyman compliance.

The Challenge:

Small and medium-sized businesses are becoming more frequent targets for cyber-attacks and 2024 will be no different. In 2023, 73% of SMBs experienced a cyberattack, data breach, or both, according to the 2023 ITRC Business Impact Report. This is not only a high attack rate, it’s also a significant increase compared to the rates in 2022 (43%) and 2021 (58%), and rates will continue to remain high.

One of the reasons behind this alarming trend is that cyber attackers are no longer sparing SMBs of their malicious attention. The Verizon 2023 DBIR analyzed attack trends for SMBs and large businesses and found that differences between the two types of organizations were becoming increasingly blurred. This includes aspects like attack frequency, threat actors, motives and types of compromised data.

Leading Solution:

The Cyber Security sector of the small business insurance industry is stepping forward with policys designed to protect SMBs from Cyber Attack. However, in order to have those policys honored the following applications, processes and proceedures must be in place.

Travelers Insurance Company among many require the following to be in place:

Up to date and active firewall policy
Active anti-virus software on all computers, networks and mobile devices
A process in place to regularly download, test and install patches
Intrusion Detection, Protection and Data Losss Prevention
Multi-Factor Authentication for administrative priviledges
Multi-Factor Authentication for Remote Access to network
Multi-Factor Authentication for remote access to email
Backup and Recovery procedures for all important business and customer data
Annual Penetration Testing
Systematic storage and monitoring of network and security logs
Enforced password complexity requirements
Employee exit process and procedures to terminate user access rights

System Integrity has been a Managed Services provider for over 12 years. However, none of its clients had requested SysIntegrity to help them qualify for and be in compliance with Insurance Company Cyber Security requirements.

In January of 2023, one of our leading clients a Non-Profit fiscal sponsor did just that. Sponsoring well over 100 non-profit organizations and managing over 10 million dollars, they came to SysIntegrity with the list you see above from Travelers Insurance. Like the vast majority of MSPs in business today, we could not tell them that those requirements were in place. Now, a year later we can assure them that they are covered.

Results

As a result of that inquiry by that one SMB, SysIntegrity has gone the extra mile and build a full service Cyber Resiliency Center in the heart of Downtown Baltimore. Our Strategic Alliances give us the capacity to protect over 10 thousand end points, dispursed among up to 100 SMBs.

The ask was simple; are we compliant? If not now when will we be? Through a combination of Strategic Alliances, Partnerships and the tenacity of our engineers, the answer to those questions are, "yes and now".

Welcome to today’s secure hybrid corporate workspace Managed with System Integrity.