Setup
In today’s world, many businesses rely on the same software solutions from large-scale providers. It’s easy to assume these solutions are watertight in their cyber security—or at least, that they wouldn’t be the one to compromise the users defenses. But that’s not the case. Be it a fundamental flaw or a faulty update, even the most robust of software solutions can be prone to vulnerabilities, and if discovered before the owners, threat actors can be quick to take advantage.
In 2024, the CFC team learned of a significant vulnerability relating to a global provider of cyber security solutions, putting thousands of their users at risk. In cyber security, it’s a case of who acts fastest wins. Thankfully, our team rapidly identified which of our insureds used the software and then offered crucial guidance on how to close the vulnerability and stay secure.
This is proactive cyber in action.
Discovery: A critical zero-day vulnerability
In this digital age, the average business runs multiple software programs, be it sales tools like customer relationship management platforms, collaboration and communication apps or cyber security solutions such as antivirus software. Yet few of these businesses have the resources to monitor their entire network for weaknesses or threats—and may not know what to look out for.
In this case, insights from our exclusive threat intelligence feeds told our in-house cyber security team of a critical zero-day vulnerability in the security providers software—zero day, meaning the vulnerability was discovered and could be exploited before the cyber security company had chance to build a patch. If a hacker was to exploit the vulnerability, they would be able to gain access to the target’s systems, and commit cybercrime, like ransomware or theft of funds.
Remediation: Acting fast to minimise impact
As soon as we learned of the vulnerability, it was a race against the clock. We had to identify businesses that could be impacted and then notify them of steps to avoid suffering an incident—before they were targeted by a threat actor.
In just a couple of hours our in-house cyber security team created a proprietary matching process that identified the specific businesses from across our portfolio who used the software and were susceptible to the zero-day exploit. The challenge was then sending out alerts in a timely manner, so our policyholders could patch the vulnerability. That’s where our Response app came in.
The Response app—available free to all cyber policyholders—is the fastest, most reliable way of distributing critical alerts to our insureds. Vice versa, it’s the best way for insureds to reach our cyber security team to report an incident or seek advice. Just hours after the zero-day exploit was reported, we sent out alerts via the Response app and email, and notified impacted brokers accordingly. These alerts clearly indicate when action is required and provide exact steps to address the issue, cutting through the noise of unnecessary updates relating to nonurgent issues that don’t require action.
By the end of the week the majority of alerted companies had taken action to mitigate the threat.
Impact: Disruption averted for policyholders
Dealing with this incident, we notified impacted businesses and provided remediation steps on the same day the exploit was discovered, whereas commercial security vendors did not release scans and patches for the exploit until much later. It’s this rapid, personalized, technical response that make proactive cyber services so valuable.
To find out the extent to which a vulnerability like this could cost yours or your clients business, use our ransomware calculator to calculate how much a ransomware attack can set you back.
Following this incident, the key takeaway is of course ensuring clients have preventative services as part of their cyber policy. Other learnings include:
-
Prompt patch management
Lesson: This vulnerability was exploited rapidly, highlighting the need for timely patching. Companies need robust patch management processes that allow critical updates to be deployed quickly.
Action: Implement automated patch management systems and establish protocols for prioritizing and applying patches for critical vulnerabilities as soon as they are released. Regularly audit these processes to ensure they are effective. -
Incident response readiness
Lesson: Delays in addressing the vulnerability could lead to a severe breach, showing why a quick response is vital.
Action: Develop and regularly test an incident response plan that includes procedures for responding to newly discovered vulnerabilities. Ensure all stakeholders are aware of their roles and responsibilities
during a cyber security incident. -
Risk-based security management
Lesson: Not all vulnerabilities pose the same level of risk. But when a critical
vulnerability is identified, the right steps have to be taken.
Action: Adopt a risk-based approach to security management, focusing resources on
protecting the most critical assets and prioritizing urgent issues that require action. -
Vendor and supply chain risk-management
Lesson: If businesses rely on third-party software, they must consider the security posture of their vendors as part of their own risk management strategies.
Action: Include vendor security performance and responsiveness as criteria in procurement decisions. Regularly review and update vendor risk management policies to ensure they align with your organization’s security requirements.
For any other cyber questions or queries, drop us an email at cybermarketing@cfc.com
Legal disclaimer: These examples are intended for illustrative purposes only and not intended to address the circumstances of any
particular insured. Each claim submitted to CFC by an insured is based on the terms and conditions of the coverage provided to that
particular insured and the facts and circumstances relating to a particular claim.
