Halloween decorations, pumpkin spice lattes, and changing foliage—fall is officially here! As summer comes to a close, it’s a good reminder to stay up-to-date on the latest cybersecurity headlines and threats in order to protect your business as we head into the last quarter of the year.
Let’s take a look at the top cybersecurity headlines to know right now:
1. MOVEit: 2023’s Biggest Hack of the Year
The recent MOVEit breach has affected 600 organizations worldwide—impacting millions of consumers, according to Reuters. MOVEit is a popular file transfer program that organizations across industries use to move sensitive personal data. In May 2023, a hacker group called CL0P gained access to MOVEit. Victims of the breach span across industries, including U.S. government agencies, UCLA, Siemens Energy, and Norton Lifelock—just to name a few. One of the biggest hacks of the past decade, the impact of the data breach is still unfolding, and only time will tell how many consumers will be affected.
2. MGM Cyberattack Explained
MGM, which owns more than two dozen hotel and casino locations around the world, experienced a cyber incident in September that shut down everything from hotel room keys to slot machines. The incident likely occurred after hackers were able to access MGM’s system through a phishing attack over the phone to an MGM employee. This attack demonstrates how organizations across industries are vulnerable to cybersecurity incidents, and that cyberattacks can have very real consequences for individuals and organizations alike.
3. Adobe Zero-Day Vulnerability Exploited
Adobe recently released a warning to its users about newly detected zero-day attacks. According to the software organization, hackers are exploiting a vulnerability identified as CVE-2023-26369 within the popular Adobe Acrobat and Reader product through an out-of-bounds write weakness. Check out BARR’s guidance on how to address the vulnerability and update your software as soon as possible.
4. SEC Adopts New Rules for Cyber Incident Disclosure
The Securities and Exchange Commission (SEC) recently adopted new rules to enhance and standardize cybersecurity risk management, strategy, governance, and incident reporting disclosure practices by public companies and other market entities. The rules will require organizations to disclose a material cybersecurity incident within four business days and are likely to have a sweeping impact on all public companies that are subject to the Securities Exchange Act of 1934. Learn more details about what the rules will entail in BARR’s blog.
These headlines shed light on the challenges facing the cybersecurity industry today and the solutions that will shape its future. As you navigate the ever-evolving landscape of security and risk management, it’s crucial to remain informed about the most pressing issues and emerging trends.
Want to learn more about how BARR can help your organization build a risk management program that can keep your business prepared? Contact us today.