Cyber attacks are increasing. You’ve seen the headlines about ransomware and business email compromise and various social engineering tricks, and they’re all true. The cybercrime landscape is growing in volume and complexity, vulnerability numbers are increasing year over year, and user error is leading to over a quarter of incidents observed by Arctic Wolf® Incident Response.

In the past decade, cybersecurity has evolved from something of a niche technical field into a crucial part of every business plan and online code of conduct. Even so, we still see frequent evidence that many organizations are in need of more education about how to respond to a cyber attack. That was evident this April, as we saw the results of several high-profile cyber attacks that may have been worsened by a slow or poorly considered reaction.

Oracle recently released their Critical Patch Update addressing 433 vulnerabilities across their products, including a vulnerability in the Oracle Hospitality OPERA 5 Property Services product. According to Oracle’s vulnerability description, CVE-2023-21932 is a difficult– to– exploit vulnerability, requiring network access via HTTP and high privileges.

Threat actors have turned cybercrime into big business — a $1.5T USD industry where a ransomware attack occurs every 11 seconds. Each year, the cybersecurity industry works diligently to launch and refine tools, technologies, and solutions. The bad news? So do cybercriminals. Their nefarious innovations continue to leave organizations reeling from cyber attacks that steal data, damage reputations, and put serious dents in annual budgets.

Switching your telephone network to Voice over Internet Protocol (VoIP) has noticeable advantages. Users can experience stronger connectivity, significant cost reductions, and a centralized system. But what users also experience are new cybersecurity risks. The question becomes, then, are VoIP savings worth the costs to security?

The cloud is king. 94% of organizations rely on the public cloud in some capacity, and 84% have a “multi-cloud” strategy. The rise of hybrid and remote work, the proliferation of software-as-a-service (SaaS) and Internet of Things (IoT) devices, and the general digitization of once analog industries has turned the cloud into a “must-have,” especially with its pricing, space, and ability to be accessed from anywhere. But with new technologies comes new threats.

As cyber threats continue to evolve and the attack surface continues to expand, the risk of a breach becomes a matter of if not when. With migration to the cloud accelerating along with a shift to hybrid work and a surge of new IoT devices at play in every industry, it’s time for organizations to shift the way they view cybersecurity. It is no longer enough to play defense, hoping you can thwart an attack and contain the damage when it comes.

The continued increase in cybercrime and breach attempts is not a new trend. For years now, the percentages have ticked upwards, and though cybersecurity has evolved, so have hackers seeking data, money, or infamy. While the initial attack vectors can be myriad — vulnerability exploits, misconfigurations, and credential theft to name a few — there are two tactics that stand tall above the rest: Ransomware and business email compromise (BEC).

On Thursday, April 20, 2023, VMware disclosed a critical deserialization vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs—formerly known as vRealize Log Insight—that could result in unauthenticated remote code execution (RCE) as root. The vulnerability was responsibly disclosed to VMware through the Zero Day Initiative and has not been actively exploited in campaigns. Furthermore, we have not identified a public proof of concept (PoC) exploit for CVE-2023-20864.

As the threat landscape continues to evolve and cybercriminals grow in sophistication, security teams are tasked with bolstering their cybersecurity controls, expertise, and solutions. However, doing all of that in-house has become more difficult due to the ongoing security skills shortage. There’s just not enough talent to go around — and that’s not expected to change anytime soon. The industry is trying to attract new talent.