The most common findings we come across and how you can address them to improve your score
Updated February 2023
The most frequent question we get from policyholders at Corvus is how they can improve their Corvus Score. The short answer: start with the vCISO Action Center on your Policyholder Dashboard. The vCISO Action Center provides you a tailored prioritized list of recommendations based on the Corvus Scan findings and your responses to the Security Questionnaire. The most critical issues — those with the highest likelihood to increase your Corvus Score and your security posture — will be at the top.
For the uninitiated: the Corvus Score is the headline number of our Corvus Scan Report. The Corvus Scan Report is an assessment of an organization’s internet-facing cybersecurity hygiene and insurance risk.
The Corvus Scan Report on your Policyholder Dashboard is designed to help you quickly identify the critical issues that will move the needle for your overall security. Improving your overall Corvus Score will help to put you in the strongest position when it comes time to renew your policy.
We know that security isn’t always a straight path and is unique to each environment. Having worked with thousands of policyholders on their cybersecurity journey, we can recommend best practices to improve your score, as these have had the highest impact for other organizations in the past. In order to maximize your efforts, navigate to the vCISO Action Center within your Policyholder Dashboard and focus on the Critical Findings.
Below, we’ve gathered some best practices for how to improve your score. Following these may help boost your organization’s overall score. Notable findings that we frequently encounter include; Patching Critical Vulnerabilities, Securing Remote Access, Implementing a Lower Risk VPN Solution, and Limiting the Use of Self-Signed Certificates.
Patching Critical Vulnerabilities
- Ensure all software is patched to the latest versions. This comes from a strong patch management program to ensure that software is patched quickly when new versions are released.
- If you need additional information about the CVE’s listed in the report, you can search the CVE in the National Vulnerability Database.
- For more information on the importance of software patching, please check out our CISO’s blog post: Prioritize Your Patching: A Risk based Vulnerability Management Approach.
Securing Remote Access
- Assess your external footprint to ensure that only the systems and network ports required for business functionality are publicly accessible. Some remote access services that may no longer be in use, in which case, we recommend closing them.
- Organizations should implement Multi-Factor Authentication (MFA) for any remote access methodology.
- For those organizations that are still using RDP for remote access, Corvus recommends migrating to new remote access technologies such as Zero Trust Network Access (ZTNA). ZTNA minimizes your external footprint and securely ties authentication to your users.
- If RDP is required for business functionality, organizations should consider implementing an allow list to only grant access to trusted sources. For more information, please check out our article What is RDP, and why is it a security concern?
Implementing a Lower-Risk VPN Solution
- The Corvus Scan checks for the presence of high-risk VPN solutions.
- High-risk VPNs are those that contain numerous critical severity vulnerabilities, which are heavily exploited by threat actors to carry out ransomware attacks. Corvus’ predictive risk model has observed a higher likelihood of cyber incidents at organizations that leverage these vulnerable and targeted VPN solutions.
- Ensure that a formal patch and vulnerability management process is in place for your current VPN solution to remediate vulnerabilities as new updates become available.
- Our recommendation is to implement a Zero Trust Network Access (ZTNA) solution for secure remote access. This emerging technology minimizes your external footprint by removing digital assets from public visibility and securely ties authentication to your users.
- For more information on best practices to secure remote access, please check out our Knowledge Nest article 'Zero Trust Network Access’.
Limit the Use of Self-Signed Certificates
- The Corvus Scan includes checking certificates to ensure that there are not large concentrations of self-signed certificates in use at your organization.
- Corvus’ risk model has identified a higher likelihood of ransomware attacks at organizations that use a high concentration of self-signed certificates in comparison to organizations that leverage certificates issued by Certificate Authorities (CAs).
- Consider leveraging certificates issued by reputable Certificate Authorities (CAs) and limiting the usage of publicly facing self-signed certificates at your organization
Configure Security Certificates According to Best Practices
- The Corvus Scan checks security certificates on domains associated with your organization to verify that they are configured according to best practices.
- Specifically, our scan now checks for the following items related to SSL certificates:
- Expired Certificate: Is the certificate valid at time of scan?
- Certificate Length: Is the certificate valid for too long (longer than 398 days)?
- Weak Cipher: Does the certificate use a weak encryption algorithm such as MD5 or SHA-1?
For impacted domains, reissue a new certificate with the following best practices; renew expired certificates with a maximum validity of 398 days and an encryption hash algorithm of at least SHA-256.