vCISO, Microsoft Exchange, MFA tips & more
![[DIAGRAM] Meet your Corvus (virtual) CISO](https://help.corvusinsurance.com/hs-fs/hubfs/Group%2060.png?upscale=true&width=134&name=Group%2060.png)
New feature: Meet your (virtual) CISO
A new offering is available within your Corvus dashboard — it’s a quick and easy way to see a prioritized list of cybersecurity risks your organization should consider acting on. vCISO captures information from the IT security scan you already receive quarterly, and adds in recommendations based on your answers to an assessment of your organization’s security controls.
- vCISO Assessment takes only five minutes; the rest of the recommendations are pre-loaded from our automated IT scan
- Recommendations are displayed in priority order based on impact to overall risk; you can mark them complete as you address them
- Each recommendation includes specific details on what we found and links to information developed by the Corvus Risk & Response team
vCISO is available in your dashboard now - all you need to do is log in and take a look!
Or, click here to read the full vCISO breakdown.
Risk & Response Tips
Security tips and service updates from VP of Smart Breach Response Lauren Winchester
This month's tip is....implement MFA! Multi-factor authentication (MFA) is a vital tool for mitigating cyber risk. It’s typically the first thing we suggest to policyholders we consult with if it’s not in place already.
Even if you’re unfamiliar with the term "MFA" you’ve likely already experienced it if you’ve had to enter a one-time token sent to you in order to access a secure website, like an online banking portal. As opposed to just entering a password (a single-factor), multi-factor authentication requires one or more additional verification factors.
Why? Attackers have come up with numerous methods to steal the humble password, no matter how strong we make them. Just a single extra step — which could include app-based verification, a pin, or facial recognition — adds a significant layer of protection against unauthorized access.
- Where should MFA be implemented? Almost everywhere someone can access your IT system! Any remote access points (which includes employee email accounts) as well as privileged accounts with admin access.
- Avoid SMS authentication. Not all forms of MFA are created equal, and text messages are more easily worked around by attackers, compared with other options.
CISO Corner
Trends in cybersecurity
![[DIAGRAM] Corvus Monthly Alerts](https://help.corvusinsurance.com/hs-fs/hubfs/Monthly%20Alerts.png?upscale=true&width=159&name=Monthly%20Alerts.png)
Threat Report
What to watch for this month. The Corvus Scan helps us identify policyholders that are potentially at risk of these vulnerabilities. We have sent alerts to those policyholders. The following are updates to and/or reiterations of the alerts we've sent recently.
Microsoft Exchange (March '21 zero-day vulnerability)
- Applies to users of Microsoft Exchange software for on-premises environments
- We encourage continuing to monitor for indicators of compromise, as it’s possible cyber criminals injected shells (small scripts that create a backdoor for a hacker to execute any command they wish) before and after patches were announced
- Apply any new patches as they are announced, as Microsoft continues to uncover issues with this software (see April vulnerabilities)
Microsoft Exchange (April '21 vulnerabilities)
- Applies to users of Microsoft Exchange software for on-premises environments
- No attack activity has been reported since patches were released on Tuesday, April 13th
- Despite not seeing active attacks, it's still critical to patch as soon as possible
Ivanti Pulse Connect Secure (April '21 vulnerability)
- Applies to users of certain Ivanti Pulse Connect Secure, a set of products for VPN remote access
- U.S. CISA issued and alert and emergency directive following reports of exploits by at least one threat actor
- Ivanti provides an "integrity tool" we recommend using to determine if there has been a compromise, but a patch has not yet been released