In early December, American cloud computing provider Rackspace suffered a security incident due to a ransomware attack. The breach directly affected the company’s hosted Microsoft Exchange email service, affecting a number of customers. After working with cybersecurity experts to identify the cause of the breach, it has been found that a zero-day exploit in the Microsoft Exchange version used by Rackspace. Using the CVE-2022-41080 vulnerability, attackers entered the company’s environment and deployed ransomware. Officers have named a ransomware group called Play responsible for the attack. In recent days, Rackspace declared they would move all services off the Microsoft Exchange platform.

Recent security incidents, such as the Microsoft Exchange zero-day exploit of Rackspace servers, have put Microsoft’s security efforts into focus. In 2022, the tech giant announced it would increase yearly security spending from $1 billion to $4 billion. Since then, many have questioned the Microsoft approach to security – with some saying Microsoft is focusing on the cure rather than prevention. This focus on fixing problems rather than avoiding them has been labelled the “Microsoft Paradox”. Critics have said that Microsoft should instead release new code more slowly – only after more thorough testing. Others have suggested Microsoft should work to discontinue old services sooner, or work with users to introduce more rigorous security features.

One of the UK’s most prestigious newspapers has spent weeks trying to recover from a major security incident. Security staff at the Guardian newspaper have been working since mid-December when the breach was found. Since then, the Guardian Media Group’s chief executive, Anna Bateson, has confirmed that they suffered a ransomware attack which stole staff data and took critical services offline. Bateson also explained that the breach was probably caused by stolen credentials from a phishing attack, allowing unauthorised access to specific sections of the Guardian network. While news production was unaffected, staff are still anxiously awaiting investigations into where their personal data may have ended up.

The year 2022 was a landmark year for data breaches, and companies could face the same trajectory in 2023 if they overlook corporate network access. In an article for Strategic Risk Europe, MyCena CEO Julia O’Toole presents attacks at Uber, Optus and Medibank as a cautionary tale. She notes the perils of employees having the keys to an organisation’s most valuable assets, and the human error involved in phishing attacks. For 2023 and beyond, organisations should reassess how employees can access their networks.

For many years, companies and organisations around the world have come to rely on cyber insurance as a financial safety net. Should a company suffer an attack that impacts finances, they could claim on their cyber insurance policy. However, recent developments have left companies wondering about the extent of their protection. This comes as Lloyd’s of London, a popular insurer, has removed nation-state attacks from their coverage – with more exclusions on the way. This leaves many companies wondering what attacks are covered, and what aren’t. In a recent article, Julia O’Toole, CEO of MyCena Security Solutions, and Gerry, CEO of Observatory Strategic Management, discussed how password security and access control will be key to any future insurance claims. Should a company fail to provide the correct protections, they may not be covered.

In a recent report from Deloitte and the Manufacturers Alliance for Productivity and Innovation, cybersecurity has been named as the top threat to the food and beverage sector. The report also singles out cybersecurity as the key issue for smart factories. These factories, which rely on connectivity, IoT devices and productivity tools, can work quicker and produce goods faster than traditional factories – but are also more open to cyber-attacks. With many cyber criminals targeting key supply chain industries, this report highlights the potential for further threats. To mitigate attacks, it says, factories should address weak passwords, access controls and outdated security tools.