We regularly hear from brokers about stories of their clients fixing vulnerabilities based on information from the Corvus DLP Report. Here are the top 3 we hear are being addressed.
Cyber Security Awareness Month is coming to a close. But at Corvus, we consider helping insureds defend against bad actors in the cyber world to be a year-round job. We hear it from our partner brokers and their clients, too: in a risk environment that is constantly evolving, it’s not enough just to transfer risk through insurance products -- policyholders must proactively evaluate security roadmaps and address cybersecurity weaknesses.
In honor of Cyber Security Awareness month, we are sharing the three most common security gaps our policyholders have identified and addressed based on the Corvus Scan.
But first, how do we get this information? As we run tests on the web-facing assets of our policyholders with the Corvus Scan, we form a view of the cybersecurity posture of their organization and prioritize recommendations on how to shore up any cyber weaknesses. We share this information with both brokers and policyholders in the form of a Dynamic Loss Prevention (DLP) Report, delivered upon the start of a policy and quarterly thereafter.
We regularly hear from brokers that the DLP has helped their clients to correct the issues, reducing the risk of attack for insureds. Today we’re sharing a few of those examples from our policyholders, in the most common cybersecurity concerns we see.
What Are the Top Three Security Gaps Clients Face?
#1 Email Authentication
Email authentication is a technical means of verifying that the sender of an email is who they claim to be. The value of having this enabled through your email provider can not be understated as phishing attempts are on the rise (in 2018, 83% of people received phishing attacks worldwide) and are considered to be the most common of all cyberattack methods.
This is one of the simplest pieces of information that the scan identifies, but it’s also one of the most commonly addressed by our policyholders. In a recent example, one of the many small/medium-sized municipal governments that Corvus provides Cyber coverage to reach out to us upon receiving their first quarterly DLP Report. The report noted that the email authentication feature had not been enabled on their email server, opening them up to potential risk. After correcting the issue, the municipality offered additional training to employees, focused on defending against phishing and hacking attempts.
#2 End-Of-Life Software
End-of-life Software is simply a software program or service that is no longer updated and/or supported by its producer. This software lifecycle stage often also means that there will be no future security updates or patches, leaving the software and its underlying services vulnerable to breach as cyber attackers become more sophisticated.
This is the second most common issue we see addressed by our policyholders. When a regional gas station and convenience store chain reviewed their DLP Report they noticed that the Corvus Scan discovered one of their servers was running end-of-life software. Concerned that this could lead to potential infiltration of their system and business interruption (resulting in loss of revenue, and/or reputation) the insured was happily connected with one of our pre-breach services vendors to correct the issue.
#3 Open Ports
A port is a communication point for a server that allows an external service or program to pass through data or perform an action based on the specific port’s function. While having a port that is open for communication is not always a potential risk, dangerous or vulnerable software can be hosted through an open port so it’s important to be restrictive about what is left open. Sometimes, ports are left open and then forgotten about, or opened without the knowledge of IT. These can present a vulnerability.
The discovery of open ports that were previously unknown to the insured is the most common issue we’ve heard policyholders have addressed. Recently, for example, a Corvus policyholder in the industrial metals industry reached out to us after receiving their first quarterly updated Dynamic Loss Prevention Report. The company’s head of IT and Head of Systems were surprised to see that there were open ports they didn’t recognize and wanted to dig deeper. Upon review of the Low Reputation IP section of the report, the insured discovered that several of the IPs noted were from Amazon Web Services (AWS) hosts, which seemed strange since the company did not officially utilize any AWS services in their technology stack. Our Data Science team was able to identify the open ports allowing the IT department to resolve the issue and avoid potential hacking.
Want to Help Your Clients Find and Fix IT Issues?
Time and again we see the brokers delivering the highest value and satisfaction to their clients are those that focus on more than just post-breach remediation. Being cyber-ready is about education and vigilance, two principles we take very seriously at Corvus.
It’s our goal to spread cybersecurity strategy awareness beginning with the empowerment of our partner brokers. By giving them important tools to better understand the key risks that face their clients, we’re helping them guide policyholders toward the right coverage.