Prioritizing Exposures Gives Clients a Security Advantage
"Attackers only need to get lucky once, but defenders need to be lucky at all times."
This adage is so common that we often overlook how it applies to modern cybersecurity dynamics. Threat actors tend to seek out targets of opportunity, like businesses with vulnerable software or services exposed to the public internet. These weaknesses let attackers scan the web for potential targets.
Attackers have found a way to rig the game with this approach and significantly increase the chances of monetizing their cybercrimes. Fortunately for defenders, cybersecurity has much more to do with preparation and prevention than luck.
Effective cybersecurity is deliberate, not lucky
Cybersecurity might feel like a game of chance at times, but businesses can proactively manage cyber risk and reclaim control over their cybersecurity destiny. This starts with minimizing the attack surface exposures that threat actors are actively targeting — and it’s where Coalition’s Active Risk Assessment can help.
We’re constantly scanning the internet, gathering millions of data points from all corners of the web to identify emerging threats in near-real time. This is how we learn what threat actors are looking for. We use this information, along with our own claims data, to provide security recommendations that help businesses prioritize their exposures based on the likelihood of losses and impacts on insurability.
When a business applies for cyber insurance, we use proprietary technology to scan the business’ perimeter for exposures; these are the same exposures that threat actors are looking for in the wild and our claims data shows are contributing to losses. If we detect an exposure that’s visible over the public internet and likely to be targeted by threat actors and result in a cyber attack, we flag the exposure as a Critical Security Finding.
The findings from our security scan, including Critical Security Findings, are compiled into a Cyber Risk Assessment (CRA). Critical Security Findings are also likely to result in contingencies and are noted on each new business and renewal quote. Prospective and current policyholders can access the full technical details by logging into Coalition Control™.
Brokers don’t have to be cybersecurity experts
If there’s one area for brokers to focus their time and attention on, it’s Critical Security Findings. These are the most important findings detected by our security scans because they are likely to result in contingencies that must be resolved prior to binding or renewing a policy with Coalition.
While exposures vary from business to business, some of the most common Critical Security Findings that result in contingencies include:
Exposed Risky Admin Panels (Restrict Access)
Exposed Risky Panels (MFA)
RDP
RDWeb
RDGateway
On Premises MS Exchange Server
Although businesses are responsible for resolving security findings, brokers commonly receive questions about technical topics.
If we detect an exposure that’s visible over the public internet and likely to be targeted by threat actors and result in a cyber attack, we flag the exposure as a Critical Security Finding.
Cyber insurance advisors are guides for their clients, but this should not mean they have to be cybersecurity experts. Coalition doesn’t expect our broker partners to advise alone. So we created a series of videos to walk you through the various risks and explain tips for remediation. Below are a few of our most popular explainers (click to watch the videos):
RDP/RDWeb/RDGateway: Security findings related to Remote Desktop Protocol indicate access is exposed, accessible, and vulnerable to the public internet. This finding has three variations: Remote Desktop Protocol (RDP); Remote Desktop Web Access (RDWeb); Remote Desktop Gateway (RDGateway).
Microsoft Exchange Server: Security findings related to Microsoft Exchange typically indicate the use of Basic Authentication being enabled on one or more of the following panels are exposed to the public internet: Microsoft Exchange and/or Exchange Admin Center (EAC); Exchange Web Services (EWS); Remote Procedure Call (RPC).
Exposed Risky Admin Panels: If your client is alerted to Exposed Risky Admin Panels, we found login panels accessible over the web that could expose sensitive systems or grant threat actors administrative privileges.
Prioritizing the exposures that matter most
As cyber insurance underwriting and risk selection evolves, insurers are increasingly requiring policyholders to improve and maintain their cybersecurity posture — and Coalition is no different
However, we choose to focus on the exposures that are most likely to be exploited and result in a loss. This enables our policyholders to prioritize their time and effort on improvements that are both impactful and manageable.
Cyber insurance advisors are guides for their clients, but this should not mean they have to be cybersecurity experts. Coalition doesn’t expect our broker partners to advise alone.
Of course, addressing these exposures requires brokers to play a more active role in helping clients navigate the complexities of cybersecurity and insurance. Rest assured, you don’t have to take on the work of advising your clients alone.
Our broker partners have direct access to our Security Engineering team to help with Critical Security Findings that result in contingencies for clients, as well as our dedicated Security Support Center for client concerns that arise during the policy period.
Coalition is dedicated to helping brokers support their clients as they manage the dynamic nature of cyber risk. Brokers can also help clients take the guesswork out of cybersecurity by encouraging their clients to sign up for Coalition Control. To learn more, visit coalitioninc.com/control.