Cybersecurity

On May 7, 2021, the Colonial Pipeline was shut down due to a ransomware attack. It was the largest cyberattack on oil infrastructure in U.S. history, prompting an emergency declaration by the Federal Motor Carrier Safety Administration for 17 states and Washington, D.C.

Microsoft issued emergency security patches for multiple versions of Exchange Server on March 2, 2021. The updates addressed a series of zero-day exploits that compromised hundreds of thousands of on-premises Exchange Servers worldwide. Known collectively as ProxyLogon, the advanced persistent threats (APTs) allow an attacker to open a “backdoor” in Exchange Server that can be accessed from the Internet.

Many organizations have some sort of “shopping cart” feature on their websites that allows them to collect online payments from customers. In most cases, the shopping cart functionality is purchased from a third party, and simply plugged into the website. Why reinvent the wheel if the software is readily available?

Cybersecurity may seem like a cat-and-mouse game, but the odds heavily favor the mouse. The cat must defend against all types of attack and quickly identify any potential security weaknesses. The mouse only has to find one vulnerability in order to elude the cat.