A View into the Cloud
Cowbell Cyber offers stand-alone cyber insurance and uses AI and continuous risk evaluation to improve clients’ risk profiles. We discuss cloud security, cyber hygiene, and the importance of closed-loop risk management.
Insurers, cyber-security players, even the FBI all recommend multifactor authentication [MFA] as one of the easiest and most effective ways to stop a great deal of the basic attacks on businesses. Microsoft just released a report where they said that 98% of attacks from the internet could have been stopped by multifactor authentication and they still only see 20% of their customers deploying it. There is still a lot of work to be done on basic cyber hygiene like MFA.
With applications and systems deployed in the cloud, businesses might give up a bit of control and visibility on what’s really in the cloud. Know that when you deploy any online service there is really a risk that comes along with it.
I can give you the example of Microsoft because it is probably the most accessible—and a really important one because Office 365 is a widely used cloud-based email service and one of the primary targets that the bad actors, the cyber criminals, use to infiltrate an organization through phishing. They send a fake email to impersonate someone you trust—whether it’s your manager or your CEO—to get you to click on a malicious link that gives bad actors access to the infrastructure of the organization so they can deploy a ransomware attack. It’s quite basic. There is a list of controls that represent security best practice on Office 365 that are made available by the Center for Internet Security (CIS) and Microsoft. This includes straightforward controls such as how many users have admin privileges—obviously you don’t want a lot of users having admin privileges. Do all your users have multifactor authentication? That’s a big one. It’s free and easy to deploy. So, all the basic security hygiene you would expect to have in place.
What we do at Cowbell is, through APIs, we validate whether Microsoft Office 365 has been properly configured for security. This feeds automatically and continuously into our assessment of a company’s cyber risk profile. The better the organization fares on security controls, the better risk they are for us as an insurance company, and that is translating potentially into better insurance options, such as higher limits or better coverage. It has an impact on the premium for insurance as well.
We don’t just get that information at the time of reviewing the account and underwriting it. We also ingest the information continuously, and every noteworthy risk signal is made available to the policyholder online, in Cowbell Insights, so that the organization always has access to all the findings we have. Occasionally, we will raise a red flag to say, ‘Hey, your risk rating, what we call Cowbell Factors, for the dark web has changed dramatically, and we think you should investigate further.’ We go beyond insurance to actually do risk monitoring for policyholders.
This is a big divide between traditional insurance and a more modern form of cyber insurance. If you look back a couple of years, evaluating cyber risk might have been done once a year based on revenue and industry alone. Insurers are moving to a model where cyber risk is evaluated on an ongoing basis with more direct collaboration with their policyholders on how to mitigate risk exposures. We refer to this process as closed-loop risk management. Step one is assess, then insure, then improve. The key is to do this continuously.
If you’re issuing a policy in February 2022, the technology landscape at that company 10 months later will be different. The company might have hired new employees or deployed new systems, and of course the cyber threat landscape will be different. A cyber policy can get out of sync with risks covered. You find a lot of cyber books of business that have been underwritten for certain types of accounts that are completely disconnected from the risk they are covering now. We pride ourselves at Cowbell with our continuous risk assessment process. We want to stay aligned with what our policyholders are using in terms of technology and work with them to make sure that they keep technology updated, that they are aware of new risks appearing. We are engaging numerous security and technology vendors especially for that purpose to work jointly to help customers do the best in terms of security.
Microsoft is one example. Cowbell has connectors to cloud providers like AWS and security vendors like Qualys and Secureworks and more. We ingest data from Dark Owl about dark web exposures on a continuous basis. Our goal is to strengthen our risk model by expanding our data sources and always ingesting more data and risk signals. We announced a partnership in December with Cloudflare, an important player in the internet infrastructure layer, and we are always adding members to Cowbell Rx, our referral marketplace for risk management resources.
We have entered a world where it’s not whether a business is going to be attacked it’s when it’s going to happen. You obviously need to invest in cyber security to keep your organization protected, but you also have to be ready for when you will face a cyber event. And that’s where cyber insurance comes into play.