When the Proxylogon/MS Exchange vulnerability caused a big stir in the insurance industry in early March, the insurance company was able to actively communicate with likely affected customers thanks to a targeted analysis of these vulnerabilities and thus contribute to damage prevention.
Fast and targeted analyses of larger portfolio structures can be carried out efficiently with cysmo Analytics. Complex correlations in the geographical distribution of server structures can be analysed, but also concrete vulnerabilities related to known and new flaws.
At the beginning of March, a vulnerability was discovered in the MS Exchange Servers. Many companies from different industries and of different sizes were affected by the vulnerability. The damage potential was incalculable and it was difficult to get an approximate idea of how many companies in the portfolio even had a vulnerable MS Exchange Server in operation. Predictions/estimates were impossible at that stage.
The correct processes regarding the update and any downstream forensic investigations were also not sufficiently clear.
Insurance companies had already faced these challenges with attacks such as WannaCry or NotPetya.
Only one day after the vulnerability became known, the cyber risk assessment tool cysmo had gathered technical data on the vulnerability of individual systems. It was not only possible to check which of the companies was affected by the attack at the current time, but additionally who had had a vulnerable server in use at the beginning (2021/04/03).
By means of the automated approach, thousands of companies from insurance companies' portfolios could be evaluated within a few hours, so that the insurance companies could get an overview of the approximate extent of the damage.
Two weeks later, it was also possible to evaluate data from companies where a so-called backdoor had been installed. Once again, the portfolios could be assessed within a few hours.
Benefits and advantages
The rapid availability of the data made it possible for the insurance companies to explicitly point out the vulnerabilities to the affected customers. Some of the customers had not even known they had been affected until that point. At the same time, insurance companies were able to get a picture of a percentage distribution within the portfolio and use this to calculate potential damage levels, which resulted in improved reporting.