Now Available! New Capability to Instantly Identify the #1 Driver of Ransomware

Knock, knock! Who’s there? RDP RDP who?

Remote Desktop Protocol (RDP) enables a user to remotely access another computer or server, and it is widely used across the globe by enterprises large and small. It is built into Windows, and RDP clients exist for Linux, macOS, iOS, Android, and other operating systems. RDP enables employees to fully engage with their employer’s system from any location, so its functionality is highly desirable, particularly during the COVID-19 pandemic, when much of the workforce is working from home.

With this added convenience, however, comes additional risk. RDP attacks are an attractive and common way for hackers to gain unauthorized access to computer systems and thereby cause privacy and security incidents. According to the Crypsis 2020 Incident Response and Data Breach Report, “the number-one initial attack vector was through RDP services, occurring in 50% of our ransomware matters.” RDP provides an easy gateway for enterprise system intrusions to affect companies of all sizes—and it is an even greater threat for small and medium-sized businesses that may not have significant IT resources to keep up with cybersecurity best practices.

The evolution of ransomware from “spray-and-pray” attacks to much more targeted attacks has caused a significant increase in both frequency and severity for businesses. Based on data collected by the Guidewire Cyence data listening engine, a correlation test has found that the likelihood of having a ransomware incident increases by more than 3x if a company has had its RDP exposed to the public internet.

To help insurers identify this #1 driver of ransomware, Guidewire Analytics has launched Exposure Signal – a new risk factor that assesses, on demand, whether a company’s RDP has been exposed to the public internet. Exposure Signal has been added to our Cyence Cyber Risk Model and is available to all customers.

What can insurers do once they discover that a company’s RDP is exposed to the public internet?

Exposure Signal’s insights can be extremely useful in driving underwriting decisions. In addition, actionable steps can be taken to reduce risk. Insurers can quote the account contingent on the finding being fixed, which gives the insured the incentive to act because it improves their cybersecurity posture and they get a better premium.

How can insurers and insureds reduce their risk when using Remote Desktop Protocol?

RDP can be secured to reduce risk. Prevention and mitigation actions include (but are not limited to) the following:

  • Block direct RDP connections to the internet through any port.

  • Keep system software up to date.

  • Implement complex passwords, use multi-factor authentication, and implement lockout policies for failed login attempts.

  • Use a virtual private network to access RDP.

To learn more about how you can access these insights for your insureds or prospects, contact me at rkale guidewire.com

Learn More About Cyence