Understanding your Cloud Exposure

Today, cloud providers offer a highly secure environment to store the data and code of millions of organizations, websites, and more. However, despite the high level of security within the cloud itself, the risk of a third-party breach remains serious due to the risk of small misconfigurations being magnified across a company’s entire infrastructure.?

The most significant threats to cloud computing stem from improper configuration, which can leave data publicly exposed to the internet. Threat actors often capitalize on data leaks opportunistically and exploit common vulnerabilities, misconfigurations, and poor identity and access management controls.

To further our ability to prevent and resolve cloud-based cyber breaches, Resilience has joined AWS’s cyber insurance pilot as a partner to deepen our clients’ visibility into their cloud risk exposure. We have seen firsthand with clients how critical understanding cloud configuration can be to their cyber risk exposure and ability to obtain quality coverage from the cyber insurance market.

Managing Misconfigurations in the Cloud

A client in the tech and security industry came to Resilience after experiencing a cybersecurity incident through a misconfigured server hosted on AWS. In this case, the client’s cloud provider was highly secure, but they had not realized they would need to block public access, leaving the data exposed to bad actors who accessed the data resulting in a breach.

Unfortunately, the data breach had a massive impact on its ability to obtain cyber insurance coverage. The cyber insurance market was providing quotes for ? the coverage at 3X the price of their previous policy after their incident. Despite having resolved the misconfiguration, their loss history prevented them from qualifying for a strong cyber insurance policy.?

Resilience & AWS - The Solution

When the client came to Resilience applying for coverage, our underwriters felt that although there was work to do, the client’s cyber hygiene was strong enough that with sufficient visibility and engagement with our team, we could help restore meaningful coverage.?

The client provided internal telemetry to inform Resilience Risk signals within the Resilience portal that allows data from sources like AWS’s Security Hub to help inform our security team’s modeling and risk management recommendations.?

This capability provides additional insights into clients’ cloud infrastructure and related security controls. The increased visibility enabled our security team to build an actionable cyber hygiene plan in areas of the client’s cybersecurity most directly tied to their insurability. Once the improvements were implemented, underwriters were able to drastically improve the client’s coverage at renewal with up to $3M in ransomware coverage at a favorable premium.?

With our participation in AWS’s cyber insurance pilot, Resilience is building on successes like this to deliver better outcomes to clients as they work through complex digital transformation projects or are recovering from serious incidents. We believe that a focus on cyber resilience provides a win-win for both our clients and us. At Resilience, your risk is our risk.

Visit our website to learn more about our AWS partnership and how Resilience can help with visibility on security, misconfigurations, and more.?