Cybersecurity

Organizations that have still not addressed the Microsoft Exchange vulnerabilities from May 2021 and the PetitPotam vulnerability from July 2021 could find themselves victim to recent exploitation activity, including the deployment of ransomware. This past weekend, the Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert warning Microsoft Exchange users to patch servers against actively exploited ProxyShell vulnerabilities.

Vulnerability management is at the core of every cybersecurity program. While managing vulnerabilities in control system environments is challenging – for a variety of reasons – it is still necessary. To make it even more challenging, if it seems the disclosure of vulnerabilities impacting ICS/OT has been more frequent than usual this year, it has.

While your cyber insurance policy may help alleviate some of the financial costs associated with a ransomware attack, researchers at Advanced Intelligence explain how details of the policy could also be used against you. Recently leaked training material reveals how Conti ransomware attackers exploit legitimate software to gain access to a network and search for cyber insurance policies.

A new study from the Ponemon Institute finds that the financial costs incurred from phishing scams has significantly increased over the past six years. The report, titled The Ponemon 2021 Cost of Phishing Study, concludes the average annual cost of a phishing scam in 2021 is approximately $15 million for a 9,600-employee organization, or around $1,500 per employee. The study also highlights that the inability for organizations to contain malware is one factor behind the increasing cost of phishing attacks.