Context
A Public Education Agency using AWS services within a hybrid infrastructure experienced two cyber incidents before applying for insurance. Based on their loss history, most underwriters would not consider partnering with the company. However, our security team analyzed the attack surface data from on-premise & cloud infrastructure and recognized the underlying challenges that led to the events. Realizing that while there was significant work to be done, the company had a strong risk profile and deserved access to a risk transfer solution.
Challenge
After reviewing their risk posture, our security team realized one of the biggest challenges facing this organization was its lack of an incident response plan. They would need to implement strategies surrounding crisis communication, containment, and restoration. Having experienced two incidents already, building a step-by-step plan to respond to future incidents would be pivotal in aligning this client’s cyber risk objectives and preventing further data breaches.
ACTION PLAN
Monitoring of critical exposures & vulnerabilities
Remediation of any gaps in the security plan or program
Incident Response Plan with Tabletop Exercise, including AWS regional outage simulation
Monthly meetings with the client’s IT team
Solution
Our security team built an actionable cyber hygiene plan to employ the specific security controls the organization would need to qualify for ransomware terms.
With these improved security tools, we constructed a thorough incident response plan (IRP) and tested it through tabletop exercises. Soon after the IRP was in place, the client experienced another incident. Using their tailored, step-by-step IRP strategy, they responded efficiently and effectively, minimizing the damage of the attack. The issue was resolved within days, and no claim needed to be filed.
Results
Through the client's partnership and continuous engagement on the action plan, they restored their reputation as a secure institute and built resilience against future cyber attacks. The continuous improvement to the client’s risk profile helped drastically improve their cyber insurance. Starting with zero ransomware coverage, the client qualified for $5M in ransomware at renewal.