Insights

Ireland cyber security services specialist Integrity360 has struck an alliance with data protection vendor Varonis.

How should you look to safeguard your critical assets moving into 2022? We have put together 7 key recommendations to help you secure your organisation in 2022.

What was the impact of decentralised working? An exponential increase in the volume of new operational challenges confronting organisations, addressing the cyber skills gap, the growth of supply chain attacks, and the ever-increasing social engineering scams. These topics will be discussed in greater detail as we highlight the six key cyber security challenges that organisations faced in 2021. 

As organisations everywhere edge their way towards 2022, we close off 2021 by taking a look at 21 highlighted statistics that were shared within the industry during the past 12 months which we feel rounds up the year and gives context to the current state of cyber security across the globe.

Security Update (Updated 14/12/2021 15.30)

On 10th December 2021, Apache announced a new critical vulnerability and fix for Log4j, CVE-2021-44228 dubbed ‘Log4Shell’. This vulnerability affects any organisation that utilises Log4J or has software with underlying Log4J dependencies. Apache is strongly recommending Log4j systems be updated to fixed versions as soon as possible.

Security awareness is something that is considered to be an essential part of having an effective cyber security programme. 

Now, with European Cybersecurity Month (ECSM) set to begin in October, organisations have a valuable opportunity to increase security awareness among employees so that they’re ready to combat the next generation of online threats.

Below we’re going to look at what ECSM is and how organisations can participate. 

Security Update (14/09/2021)

Microsoft’s “Patch Tuesday” has included a fix for CVE-2021-40444. You can find the patch details for each Operating System version here. This round of updates also fixes 85 other vulnerabilities as shown here.

This week, Microsoft disclosed a newly discovered remote code execution vulnerability in MSHTML that affects Microsoft Windows. Integrity360 can confirm that it is actively being exploited in the wild.

Yesterday, it was announced that Fortinet discovered a breach, resulting in the disclosure of almost 500,000 FortiGate SSL-VPN credentials from 87,000 FortiGate SSL-VPN Devices. The attack vector was identified as a system unpatched against CVE-2018-13379.

Integrity360 has been recognised as an Accredited Services Partner for Forcepoint Web Security.

A month ago, Ponemon and IBM released the Cost of a Data Breach 2021 report, an annual study on the cost of data breaches and the modern threat landscape. The report not only highlighted that the cost of data breaches is on the rise but also showed that enterprises are taking longer to contain security incidents. 

Microsoft has disclosed yet another critical vulnerability not long since PrintNightmare was disclosed. This privilege elevation vulnerability lies in the overly permissive Access Control Lists (ACLs) on the important and sensitive Security Accounts Manager (SAM) database, SYSTEM and SECURITY registry hives. This means that an attacker with a standard non-administrative account can in theory achieve local privilege escalation, masquerade as other users and/or achieve the following: