How to ensure your cybersecurity improvement efforts have the most impact
The most frequent question we get from policyholders at Corvus is how they can improve their Corvus Score. The short answer: it depends. But today we’re providing a longer, and hopefully more helpful, answer to help any policyholders embarking on a journey of cybersecurity improvement.
For the uninitiated: the Corvus Score is the headline number of our Dynamic Loss Prevention (DLP) Report, an assessment of an organization’s cyber security hygiene and insurance risk that is provided quarterly to all policyholders. The report also provides numerical scores for eight sub-sections, each of which accrues to the overall Corvus Score, in order to pinpoint where there are adequate security controls in place (or conversely where there’s room for growth). All scores are up to 100. Improving your overall Corvus Score will help to put you in the strongest position when it comes time to renew your policy.
Below, we’ve gathered some best practices for each of the eight sections found in the DLP report. Following these will help boost any organization’s overall score.
In order to maximize your efforts, we recommend prioritizing your approach with the following guidelines:
- Start with the Ransomware & Cyber Extortion and Network Security and Privacy sections. These are large factors in your overall score, and also rate highly for “actionability,” or how much of an impact following our recommendations will have on that sub-score. If you see less-than-perfect scores in these sections, start there.
- Next, look at Hacking, Malware and Unauthorized Access. This section has slightly less impact on the overall score, but also has high actionability. If your score is not perfect here, consider addressing these recommendations next.
- For the rest of the sections, look for the lowest scores first and work your way up through the highest scores. Improvement in these sections will generally have a smaller impact on the overall score, but if there are very low numbers (80 or less) on your report, they are likely dragging your overall score down.
Before you start, please note that the weights of different components of the score are dynamic. That is to say: we cannot predict the exact number of points any remediation action will net for your overall score, because there are many other factors involved. However, after working with thousands of policyholders, we are able to share what we know to be the highest impact actions for most organizations. And keep in mind your most current DLP report will have more precise recommendations because they are specific to your IT system.
Sections of the DLP: Definitions & High-Impact Recommendations
Ransomware and Cyber Extortion
The Ransomware and Cyber Extortion subscore reviews common initial attack vectors associated with ransomware attacks. This includes remote access methods such as RDP and unpatched external facing services with potential vulnerabilities. Given the significant risks associated with RDP, if your environment is found to be using RDP, your score will receive a 0 for this section.
- Ensure all software is patched to the latest versions. This comes from a strong patch management program to ensure that software is patched quickly when new versions are released.
- Instead of using RDP, leverage other remote access techniques such as VPN with MFA enabled or Zero Trust Network Access (ZTNA).
- If RDP is required for business functionality (though we strongly advise against it), ensure that MFA is enabled and enforced for all user accounts.
Phishing & Dark Web Monitoring
The Phishing and Dark Web Monitoring subscore reviews your email provider and settings for risks related to email authentication, forgery, and potential phishing attacks. For all your email domains, we recommend using Sender Policy Framework (SPF) which defines a process that validates email messages that have been sent from authorized mail servers. If you find you have a lower score here, it may be due to lesser used domains missing this authentication tool. We also review your email infrastructure to determine that you’re using an email security gateway to maximize protection at your organization.
- Enable SPF, DKIM and DMARC on your email domains and leverage your primary email provider with their security controls
- Implement a secondary email security gateway or filtering solution to assist with identifying and blocking potential malicious emails.
Social Engineering & Cyber Crime
The Social Engineering and Cyber Crime subscore is based on whether any of your domains have the potential to be hijacked. To avoid any unauthorized takeovers of your domains, we review if your domains have the right protections in place to prevent this.
- Ensure that the client prohibited transfer flag is set with your domain registrar.
Network Security & Privacy
The Network Security and Privacy subscore determines that your organization has only the necessary servers and ports publicly available to reduce your attack surface from external attacks. We also review SSL certificates for data security in transit to ensure you are following best practices.
- Assess your external footprint to ensure that only the systems and network ports required for business functionality are publicly accessible.
- Ensure you are using certificates with strong encryption and are maintaining them so they do not expire.
Hacking, Malware & Unauthorized Access
The Hacking, Malware and Unauthorized Access subscore reviews your web assets to determine whether you're utilizing security best practices to protect your web applications.
- Follow best practices for enforcing HTTP Security Headers. This is a great resource for implementation.
Business Interruption & System Failure/Disclosure of Sensitive Information/Contingent Business Information
For all of the above subscores — Business Interruption and System Failure, Disclosure of Sensitive Information and Contingent Business Information — we have the same recommendation for boosting your score. Ultimately, for all of the listed areas, we’ll determine you have no critical openings, that you’re aware of where your data is located and that you have as small of an attack surface as possible to reduce risk.
- Assess your external footprint to ensure that only the systems and network ports required for business functionality are publicly accessible. In addition, use reputable hosting providers.