On November 25, the U.S. municipal water authority in Aliquippa, Pennsylvania confirmed that one of its booster stations had suffered an attack by a threat actor group that supports Iranian geopolitical interests. The attack by a cyber group known as CyberAv3ngers compromised a programmable logic controller (PLC) for a water pressure monitoring and regulation system. Officials, however, have made it clear that the incident did not threaten local drinking water or water supplies.

On July 26, the U.S. Security & Exchange Commission (SEC) announced several new cybersecurity rules, taking affect mid-December 2023, that will significantly impact all U.S. organizations (and foreign entities doing business in the U.S.) that must follow SEC regulations. Although the announcement did not generate a ton of fanfare off the normal business and cybersecurity sites, the rules will greatly increase resource requirements and actions.

New data shows how the overwhelming majority of phishing attacks on financial institutions dwarf every other industry sector by as much as a factor of 30-to-1. It’s no secret that banks and other types of financial institutions hold all the money, so it should be no surprise that's where cybercriminals focused their malicious activities last year, according to Group IB’s Digital Risk Trends 2023 report.

Researchers at McAfee warn that attackers are increasingly utilizing PDF attachments in email phishing campaigns. “Over the last four months, McAfee Labs has observed a rising trend in the utilization of PDF documents for conducting a succession of phishing campaigns,” the researchers write. “These PDFs were delivered as email attachments. Attackers favor using PDFs for phishing due to the file format’s widespread trustworthiness.".

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County. ERMI is a “multi-modality radiology center,” including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays. They have served New York since 1970 and have a long history of high-quality patient care. At the end of August, an unauthorized actor accessed their network—exposing sensitive information from employees and patients.

Forescout Vedere Labs has identified a total of 21 new vulnerabilities affecting Sierra Wireless AirLink cellular routers and some of its open source components such as TinyXML and OpenNDS, which are used in a variety of other products.

Audits are independent assessments of the security of sensitive data and computer systems or a company’s financial reporting. Audits can be time-consuming and often feel peripheral to most people’s daily workload – but they are crucial exercises. Hence, it’s essential to establish an audit management process.

However safe and resilient your company’s operations might be, there’s always the chance that something will occur to interrupt business operations. Hence every company should have a disaster recovery plan that maps out how to respond to a disaster, so that the company can return to normal operations as soon as possible. That said, companies need to do more than write a plan.

In today’s interconnected business environment, third-party partnerships are essential for growth and operational efficiency. However, these collaborations bring inherent risks, especially in the realm of cybersecurity. Effective third-party risk management is crucial for safeguarding sensitive data and maintaining business continuity.

In an era where businesses are increasingly reliant on third-party vendors for essential services, the significance of a resilient third-party risk management program cannot be overstated. Third-party partnerships can expose organizations to various risks, especially in the domain of cybersecurity. This guide aims to help businesses in building a robust third-party risk management program that is adaptable to the ever-evolving landscape of cyber threats and dynamic business needs.