Why do insurees have a Stoïk Protect account ?

A dedicated Stoïk Protect account is granted to each Stoïk policyholders: Access is included at no extra cost in the insurance policy.

With its four tools (External Scan, Phishing simulation, Active Directory scan and Cloud scan), cyber risks can be identified at a glance, so are areas of the IT system to be tackled as a priority.

The recommendations proposed by the Stoïk Protect platform are intended to enhance your level of security and limit the risk of cyber attacks. Implementing these recommendations is not contractually mandatory for the proper functioning of the contract, but an overly compromised risk posture could lead to a reassessment of your insurance contract upon renewal.

To log into Stoïk Protect: Click on the invitation email received after subscribing, or ask our cyber consultant teams to invite you (contact: [email protected]).

The login address is https://app.stoik.io

1. Intrusion: External Scan and Phishing simulation

This is when the attacker manages to penetrate the information system. This intrusion may exploit:

  • A technical vulnerability (open port, exposed service, obsolete software, etc.).

  • A human flaw, most often through a social engineering attack such as phishing.

At Stoïk, two tools help reduce the likelihood of intrusion:

  1. The External Scan, which identifies technical vulnerabilities visible from the Internet.

  2. Phishing simulation campaigns, which raise awareness among your teams and assess their level of resistance to social engineering attempts via email.

2. Lateral movement: AD Scan and Cloud Scan

Once inside, the attacker seeks to expand their access and reach more sensitive areas by elevating their privileges. They attempt to map the system and compromise other internal resources.

Stoïk helps reducing an attacker's ability to pivot laterally within the IT system with the:

  1. Active Directory Scan, which identifies misconfigurations, accounts with excessive privileges, and security vulnerabilities within the Active Directory.

  2. Cloud Scan, which analyses servers and virtual machines hosted in the cloud to detect configuration errors, unsecured access, and vulnerabilities that could expose the sensitive data.

3. Impact on objective: CERT Stoïk

The attacker now has access to sensitive data and can carry out their objective: data exfiltration, encryption, sabotage, etc.

At this point, the attack is visible, and the insuree must contact our incident response team (CERT) as soon as possible. CERT team is available 24/7 at [email protected] or via the emergency number listed in the insurance contract. This emergency number is also available from the Stoïk Protect account:

PreviousHelp CenterNextHow to book an onboarding session?

Last updated

Was this helpful?