10.31.19
Corvus Team

The 3 Most Common Cybersecurity Gaps Your Clients May Face

We regularly hear from brokers about stories of their clients fixing vulnerabilities based on information from the Corvus DLP Report. Here are the top 3 we hear are being addressed. 

Cyber Security Awareness Month is coming to a close. But at Corvus, we consider helping insureds defend against bad actors in the cyber world to be a year-round job. We hear it from our partner brokers and their clients, too: in a risk environment that is constantly evolving, it’s not enough just to transfer risk through insurance products -- policyholders must proactively evaluate and address cybersecurity weaknesses. 

In honor of Cyber Security Awareness month, we are sharing the three most common security gaps our policyholders have identified and addressed based on the Corvus Scan. 

But first, how do we get this information? As we run tests on the web-facing assets of our policyholders with the Corvus Scan, we form a view of the cybersecurity posture of their organization and prioritize recommendations on how to shore up any cyber weaknesses. We share this information with both brokers and policyholders in the form of a Dynamic Loss Prevention (DLP) Report, delivered upon the start of a policy and quarterly thereafter. 

We regularly hear from brokers that the DLP has helped their clients to correct the issues, reducing the risk of attack for insureds. Today we’re sharing a few of those examples from our policyholders, in the most common cybersecurity concerns we see.

What Are the Top Three Security Gaps Clients Face?

#1 Email Authentication

Email authentication is a technical means of verifying that the sender of an email is who they claim to be. The value of having this enabled through your email provider can not be understated as phishing attempts are on the rise (in 2018, 83% of people received phishing attacks worldwide) and are considered to be the most common of all cyberattack methods. 

This is one of the simplest pieces of information that the scan identifies, but it’s also one of the most commonly addressed by our policyholders. In a recent example, one of the many small/medium-sized municipal governments that Corvus provides Cyber coverage to reach out to us upon receiving their first quarterly DLP Report. The report noted that the email authentication feature had not been enabled on their email server, opening them up to potential risk. After correcting the issue, the municipality offered additional training to employees, focused on defending against phishing and hacking attempts. 

#2 End-Of-Life Software

End-of-life Software is simply a software program or service that is no longer updated and/or supported by its producer. This software lifecycle stage often also means that there will be no future security updates or patches, leaving the software and its underlying services vulnerable to breach as cyber attackers become more sophisticated. 

This is the second most common issue we see addressed by our policyholders. When a regional gas station and convenience store chain reviewed their DLP Report they noticed that the Corvus Scan discovered one of their servers was running end-of-life software. Concerned that this could lead to potential infiltration of their system and business interruption (resulting in loss of revenue, and/or reputation) the insured was happily connected with one of our pre-breach services vendors to correct the issue.

#3 Open Ports

A port is a communication point for a server that allows an external service or program to pass through data or perform an action based on the specific port’s function. While having a port that is open for communication is not always a potential risk, dangerous or vulnerable software can be hosted through an open port so it’s important to be restrictive about what is left open. Sometimes, ports are left open and then forgotten about, or opened without the knowledge of IT. These can present a vulnerability.  

The discovery of open ports that were previously unknown to the insured is the most common issue we’ve heard policyholders have addressed. Recently, for example, a Corvus policyholder in the industrial metals industry reached out to us after receiving their first quarterly updated Dynamic Loss Prevention Report. The company’s head of IT and Head of Systems were surprised to see that there were open ports they didn’t recognize and wanted to dig deeper. Upon review of the Low Reputation IP section of the report, the insured discovered that several of the IPs noted were from Amazon Web Services (AWS) hosts, which seemed strange since the company did not officially utilize any AWS services in their technology stack. Our Data Science team was able to identify the open ports allowing the IT department to resolve the issue and avoid potential hacking. 

Want to Help Your Clients Find and Fix It Issues??

Time and again we see the brokers delivering the highest value and satisfaction to their clients are those that focus on more than just post-breach remediation. Being cyber-ready is about education and vigilance, two principles we take very seriously at Corvus. 

It’s our goal to spread cybersecurity awareness beginning with the empowerment of our partner brokers. By giving them important tools to better understand the key risks that face their clients, we’re helping them guide policyholders toward the right coverage. 

Have any questions on the Corvus Scan or the DLP? We’d love to hear from you. Email us at flock@corvusinsurance.com.

And while you’re at it, be sure to follow us on LinkedIn and Twitter for more cyber news and insights!


[DOWNLOAD INFOGRAPHIC] Risk Exposure Explained

 

Risk Exposure Explained

Read about IT risk exposures and how they relate to insurance



[RELATED POST] Tech Companies: Beyond Cyber Risk, the Cost of Downstream Impact

Tech Companies: Beyond Cyber Risk, the Cost of Downstream Impact

The rise of remote work and growing concerns over ransomware acted as partners-in-crime to get organizations to hone in on risk mitigation efforts over the past couple years. Through compiling our Risk Insights Index, we found that with certain initiatives —  safer or reduced usage of RDP, growing use of email security tools, and other measures taken to limit the impact of threat actors — businesses are more prepared than a year before and ready to play defense. Those efforts are borne out in our finding that the rate of companies who pay a ransom when attacked with ransomware fell by half within a year. 

[RELATED POST] Tips from Top Brokers: How to Play Offense in a Cyber Hard Market

Tips from Top Brokers: How to Play Offense in a Cyber Hard Market

The whisperings of “firming rates” start first, quietly in business meetings, then published in industry reports. Soon to follow, rumblings of a “hard market” are brought to the conversation. It’s cyclical in nature, and we see it across all insurance lines at one point or another. For years, Cyber Insurance stretched far and wide with “soft” market conditions, remaining highly profitable. Now that period of growth, with exceedingly available coverage and inviting terms, has stalled in the face of a hard market.