Log4j left IT teams across the world scrambling to implement the latest required patch to protect their systems.1
Often, these types of vulnerabilities are ‘zero-day’ vulnerabilities, where the risk is known before a patch is available to correct it.
Why is the risk important?
Zero-day vulnerabilities can pose a significant risk as in these circumstances, either the risk is not yet discovered, or it is known but a patch has not yet been developed to fix it. This elevates the cyber risk in exposed businesses, as hackers will be able to compromise networks before remedies can be made. To make matters worse, cyber threat actors are launching increasingly sophisticated attacks, making them more difficult to detect, and more financially costly.
Common indicators of compromise
Some common indicators of compromise could be unusual inbound and outbound traffic or an abnormally large volume of requests for the same file. Other indicators could include significantly high levels of web traffic suggesting unhuman behaviour including multiple login requests or increases in database read volumes.2
IT security tools
We recommend businesses should deploy Endpoint Detection and Response (EDR) tools to continuously monitor for activity that may indicate that an attack is underway. The goal is to quickly respond to the attack early in its lifecycle to mitigate the effects on a business—both in terms of output and financial impacts.
How to reduce the weakness in an IT infrastructure
It is expected that there will be a continual flow of vulnerabilities and consequential attacks that might follow over the next few years. We recommend and insurers will ask for a formal patch management process to be in place to protect, detect and defend against the attacks that might follow. A good process should be designed to include an inventory of systems, risk review systems, consolidate software versions, keep up with vendor patch announcements, test patches before applying everywhere and automate open source patching as a minimum.3
Can cyber insurance help?
Most standalone cyber insurance policies provide access to crisis services, including breach responses, IT forensics investigators, legal advisors, negotiators and other specialists. These specialists provide a key response service to policy holders when they need it most. Many businesses have IT teams, but many won’t have the knowledge in handling and controlling the damage hackers can bring to a company and its IT infrastructure.
How are cyber insurers reacting to these vulnerabilities?
Given the heightened exposure caused by vulnerabilities and the prevalence of ransom attacks, cyber underwriters are seeking more information on how businesses control their systems and minimise the possibility of losses. These questions will include information surrounding known vulnerabilities and their control, and organisations should be able to explain whether they were impacted by a reported vulnerability and what action they have taken.
Exchange of information to the underwriter will have significant impacts on key policy terms, limits offered, exclusionary language imposed, and premium rates. Sometimes, insurers will not even offer cover at all if the controls are considered to be substandard.
How can Gallagher help?
Gallagher has an experienced team of cyber risk management specialists that can support businesses by helping them to better understand their cyber security systems, and protect them from internal and external threats. We support businesses in improving their risks and presenting them to be ‘insurer-ready’.
In addition, we have a large knowledgeable team based across the UK that can advise and place risks —from a small business to the most complex corporate risk—into the challenging cyber insurance market.
The UK cyber insurance market is increasingly difficult to navigate. Don’t wait until your current providers and brokers fail to understand your risk and struggle to provide the appropriate cover.
Contact Gallagher and see how we can support your business from being another victim of cybercrime.
1. https://www.newscientist.com/article/2301331-log4j-software-bug-is-severe-risk-to-the-entire-internet/
2. https://www.crowdstrike.com/cybersecurity-101/indicators-of-compromise/
3. https://www.whitesourcesoftware.com/resources/blog/patch-management-best-practices/
