At-Bay Helps Transportation District Improve Data Security and Upgrade Cyber Insurance
Upon quoting a cyber policy, the At-Bay security team uncovered several critical risks from a scan of the client’s external system, which indicated unsecure access to essential data and outdated information infrastructure.
A $250 million highway and transportation district looked to At-Bay for a tailored cyber insurance solution to manage cyber risk. At-Bay strives to provide clients with technology savvy and insurance expertise, so we got to work immediately. We analyzed their external system, alerted them to several vulnerabilities, provided a quote, and ultimately improved their risk to bind an upgraded cyber policy with continuous security monitoring.
Outdated Systems Make For An Easy Target
The insured had a complex information infrastructure with sensitive data living behind end-of-life (EOL) assets. The server hosting their primary domains and database management system was outdated, posing a critical threat.
A server is outdated or EOL when the developer of the asset stops providing ongoing support. This means EOL assets no longer receive new patches or security updates that defend against known cyber-attacks. A company running on an EOL system is an easy target since this method requires less effort for an attack to infiltrate sensitive data, and cybercriminals scour the web looking for these companies. The client also had unsecure webmail access and an employee login portal on their website without multi-factor authentication—another open door hackers use to gain entry.
Partnering with the Right Vendor to Avoid a Loss
With many vulnerabilities to mitigate, the At-Bay security team broke down the critical security improvements into a three step plan to make it manageable for the client. This approach allowed us to provide the district preferred cyber coverage without delay. First, we sat down with them to explain in clear terms the specific items for their IT team to fix. Second, we connected the client’s IT team with experienced outsourced experts to help manage time-consuming fixes. Finally, we negotiated affordable terms with a vendor to help update their vulnerable server.
After fixing webmail and employee database access, At-bay finalized terms with increased cybercrime coverage. At-Bay asked that they complete the remaining security fixes within the first couple of months of the policy period to have peace-of-mind in their coverage without rushing their IT team.