February '23 Policyholder Newsletter

Our step-by-step guide for renewal preparation

Threat actors interfering with your work day is one thing, but getting in the way of you hitting the slopes? Unforgivable. 

This month, a popular snowboard manufacturer experienced a cyber incident that interrupted business operations. Three days after the attack, they were still unable to process online orders. While they have yet to release further details of the attack, we can deduce one thing: Cybercriminals are clearly more of the hang-out-in-the-lodge type. May their hot chocolate always be lukewarm.

For more cybersecurity updates and the latest from Corvus, keep reading:

In this month’s newsletter:

  • Get renewal ready using the Policyholder Dashboard.
  • How hackers are using source code to their advantage (and how to prevent it).
  • The latest threats to watch for.

Risk + Response Tips 

Security tips and service updates from SVP of Risk + Response Lauren Winchester

💖 The perfect match? Renewal prep x the Policyholder Dashboard.

In addition to services that your broker offers to help you prepare for renewal, our Policyholder Dashboard can help you identify gaps in security controls. Knowing how to leverage all the tools available to you will help get your organization in the best shape for renewal:

    • Get started. You’ll need your Policyholder Dashboard login information and the right individual for the job: Someone at your organization with up-to-date knowledge of your IT infrastructure and cybersecurity posture. This could include your IT manager, security team, or a third-party provider.
  • Check your Corvus Score. You’ll need a Corvus Score of 80 or higher to meet renewal requirements. Not quite there? No worries! The Policyholder Dashboard will outline exactly what you need to do to boost your cyber hygiene.
  • Find your personalized security recommendations. You’ll find these in the Action Center. To help determine security control gaps you may need to remediate for renewal that have not been identified by the Corvus Scan, you can either complete the Ransomware Supplemental Assessment or verify that the existing answers are still accurate. 

Click here for our step-by-step guide to getting renewal ready. 

What’s New on the Policyholder Dashboard?


Your Corvus Scan PDF just got a facelift!

    • Not burying the lede: You’ll find your Corvus Score right at the top of the page with a note if you have or have not hit the minimum requirement for renewal (a score of 80 or above). 
  • Categorized by impact: The most critical issues come first as these have the highest impact on your score.
  • Measuring two new risks: You’ll find new cards dedicated to both potential hijacking and remote access ports and servers. We’re keeping an eye on your organization’s external attack surface and your domain ownership. 

CISO Corner

Noteworthy trends in cybersecurity from Chief Information Security Officer Jason Rebholz

New attack techniques lead to even more data theft targets

Last year, attackers popularized several MFA bypass techniques in their ongoing effort to steal data. Source code — the building blocks of programs and websites — was a prime target. 

Why this matters

Stealing source code can help facilitate other attacks. Last year, attackers took information from LastPass’ source code to obtain information that included customer names, billing addresses, email addresses, telephone numbers, IP addresses, and password vaults.

Even more alarming, attackers can use an organization’s source code to insert their own malicious code. Consider the impact of SolarWinds, which resulted in the compromise of over 18,000 companies. 

So, how do we prevent this?

Threat actors are finding ways around traditional MFA to gain access to developer environments that store source code. The best defense to prevent social engineering intrusions? Phishing-resistant MFA. If your organization is not able to take that step quite yet, we recommend ensuring principles of least privilege and to train employees to never accept an MFA request unless they initiated the login attempt themselves. 

Monthly Alerts


Threat Alerts

What to watch for this month. 


The Corvus Scan is a powerful asset that enables us to identify which policyholders may be at greater risk for vulnerabilities. In response, we send tailored notifications with insights and guidance for remediation. We’ve gathered a monthly round-up of our alerts and threat intel updates below:

Jira Vulnerability

On February 1, 2023, Atlassian issued a security advisory for a critical vulnerability. The flaw, CVE-2023-22501, affects Jira Service Management Server and Data Center commonly used for collaboration and development. The vulnerability allows an attacker to impersonate another user and gain access to a Jira Service Management instance. Find our guidance here.

EXSi Server Vulnerability

On February 3rd, 2023, reports emerged showing an extensive ransomware campaign targeting publicly exposed VMware ESXi servers. It’s believed that the threat actors responsible are exploiting a two-year-old vulnerability, CVE-2021-21974. However, the specific vulnerability is not yet confirmed. Find our threat intel here.