Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the tech security scene, we’re always on the lookout for new vulnerabilities, especially when they are already exploited in the wild. The latest zero-day CVE-2023-20269 is hitting Cisco’s Adaptive Security Appliance VPN features. The attack surface scan conducted by IONIX research on a sample of organizations indicates that 13% of these appliances are potentially vulnerable through at least one interface.

Cyberattacks are on the rise around the globe. Recent data suggest that there are 2,200 cyberattacks every day and that the average cost of a data breach is $9.44 million. Of those cyberattacks, 92% are delivered via email in the form of malware and phishing. In 2022 alone, businesses reported 255 million phishing attacks with an average cost of $4.91 million.

While regulations like Cybersecurity Maturity Model Certification (CMMC) 2.0 have expanded in size and scope in the past several years, my experience with CMMC actually dates back to early 2017. At the time, I was working with a client who was a contractor for the U.S. Department of Defense. They were looking to jump into the deep end and start implementing the NIST Cybersecurity Framework, which CMMC is based upon.

On 2023-10-04 at 13:00 UTC, Atlassian released details of the zero-day vulnerability described as “Privilege Escalation Vulnerability in Confluence Data Center and Server” (CVE-2023-22515), a zero-day vulnerability impacting Confluence Server and Data Center products. Cloudflare was warned about the vulnerability before the advisory was published and worked with Atlassian to proactively apply protective WAF rules for all customers.

Cyber insurance is emerging as an add-on that provides another layer of protection to cybersecurity procedures. As demand for coverage increases, it is rapidly becoming one of the main concerns of MSPs and IT executives from businesses of all types.

While always a part of business, compliance demands have skyrocketed as the digital world gives us so many more ways to go awry. We all remember the Enron scandal that precipitated the Sarbanes-Oxley Act (SOX). Now, SOX compliance means being above board on a number of cybersecurity requirements as well. Fortra's Tripwire recently released a new guide: How Managed Services Can Help with Cybersecurity Compliance.