📊 Our 2024 Cyber Claims Report: Mid-year Update is out now!

Active monitoring and alerting: How we do it at Coalition

Active monitoring and alerts for cyber insurance

The digital economy has transformed, and over the last two years, individuals and businesses are online and connected like never before. Unfortunately, with this increased reliance on technology comes an increase in digital risks. If businesses do not take care to secure their network the same way they do their physical locations, they leave themselves vulnerable to threat actors.

Coalition is prepared to partner with organizations to respond and mitigate digital risks. To that end, Coalition's Active Insurance combines the power of our scanning engine and real-time data analysis with an in-house team of claims and security experts to monitor and alert policyholders to digital risk. Here's how it works. First, Coalition's security professionals actively monitor the cyber threat landscape to identify potential threats to stop breaches before they happen. Policyholders are alerted to new threats, allowing them to take proper steps to respond and prevent a cyber incident before it occurs.

Active Insurance in action 

Coalition has worked with policyholders to mitigate the risk of two vulnerabilities: Remote Desktop Protocol (RDP)and ProxyLogon/ProxyShell, which impact Microsoft Exchange Server.

While the RDP is a convenient way to connect to your workstation remotely, similar to Teamviewer, it’s a risky technology commonly exploited by ransomware threat actors. First, threat actors scan the web for open RDP. Once they detect one, they attempt to gain unauthorized access via technical exploit or credential stuffing attacks.

If successful, threat actors can move laterally through your network, and from here, they can execute several attacks, including deploying ransomware. For this reason, we encourage all insureds to not only close RDP but remove it altogether. Coalition monitors all policyholders using our Active Insurance scanning platform to detect and alert when open RDP is seen to keep our insureds safe.

There have been several vulnerabilities impacting on-premise Microsoft Exchange Servers. While Microsoft has released patches to address these vulnerabilities, the initial incident was a race against time to protect anyone who had an on-premises Exchange server. 

Utilizing our scanning technology, we can quickly alert our insured clients with on-premise Microsoft Exchange servers and direct them to update their server to avoid a ransomware attack. Whereas many businesses suffered the effects of this attack, Coalition insureds largely dodged the attack due to our Active Insurance platform. Taking a proactive approach allowed us to protect our insureds, stopping ransomware gangs in their tracks.

6 best practices to limit cyber exposure

In addition to Active Insurance, here are six best practices to reduce your business’ cyber risk.

  • Reduce attack surfaces. The more internet-facing servers on your network, the greater the potential that windows and doors might be open to cyber attackers. By restricting the number of devices your attack surface is smaller, thereby decreasing your risk.

  • Implement offline backups. Should the worst happen, the best protection is an offline backup of your critical business data. A good data backup plan can mean the difference between paying a ransom or restoring your business operations. Be sure to also regularly test your backups and ensure you can complete a full restoration. 

  • Engage Endpoint Detection Response (EDR). Depending on the revenue band and industry, Coalition may require the installation of EDR software, designed to stop ransomware. EDR’s active threat prevention allows it to identify and stop threats before a human administrator can respond to them. Once an EDR solution has identified a problem, it takes steps to quarantine and remove the malware. Unlike traditional antivirus, where the detection is only as good as its signature library, which must be regularly updated, EDR relies on behavioral analysis to detect and remediate threats based on their observed activity on the endpoint.

  • Update all servers. Implement a patch management program to ensure your servers are updated and not running any vulnerable or unpatched software. For example, Patch Tuesday occurs on the second Tuesday of every month, and Microsoft releases its monthly software updates for vulnerabilities impacting services like Exchange. Threat actors routinely use old, out-of-date software as a means of ingress.

  • Implement multi-factor authentication (MFA). MFA is a valuable safeguard against ransomware, funds transfer fraud (FTF), and business email compromise (BEC). When organizations enforce MFA on all critical access points, it becomes more difficult for threat actors who may only have access to weak or compromised user credentials. The high-profile Colonial Pipeline attack occurred because threat actors stole a single password.

  • Segment your network. In situations where a cyber criminal enters through a door, the damage will be limited to one computer if all other doors are locked and separated. Network segregation is an effective damage control strategy to limit exposure spreading to the entire network.

Learn more about Coalition’s Active Insurance strategy now.