Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This blog was originally published on MSSP Alert on November 20, 2024. Imagine being able to offer your customers instant value for selecting your MSSP over others. This sounds like a tricky proposition, given that organizations seeking managed security solutions can be extremely diverse. What could a medical institution need that would also benefit an energy company? Where do the needs of a tech startup and a dairy farm intersect?

Enterprise networks frequently experience changes in endpoint devices, software, and files, which can introduce risk to the organization. To mitigate this, companies can implement foundational security controls like file integrity monitoring (FIM), which tracks changes to essential files and helps restore them if unauthorized. Additionally, organizations may use these controls to monitor for vulnerabilities introduced by new devices. However, FIM alone is not enough.

Organizations of all types must consider and prioritize cybersecurity in order to protect against a wide range of attacks and prevent potentially catastrophic consequences. With the evolution of the threat landscape and most businesses relying more and more on technological pillars for everyday operations, cyberattacks can have impacts that extend far beyond monetary losses. However, the financial cost alone is staggering, highlighting the pressing need for improved cybersecurity across the board.

On Wednesday, January 8th, Ivanti disclosed two severe vulnerabilities affecting Ivanti Connect Secure VPN devices. Ivanti Connect Secure is an external-facing SSL VPN used to secure remote access to corporate networks. Ivanti Policy Secure is an internal network-access control solution designed for regulating access within an enterprise’s network. The critical vulnerability (CVSS 9.0) CVE-2025-0282 allows unauthenticated remote code execution (RCE) through a stack-based buffer overflow.

Endpoint management is an important part of network protection in today's digital world because everything is connected. As more devices, like computers, smartphones, and Internet of Things (IoT) gadgets, appear on the market, it becomes harder for businesses to keep their networks safe. A study from 2023 on cybersecurity says that over 70% of data breaches are caused by endpoints that have been hacked.

By bringing people in the same area together, online markets like Facebook Marketplace have changed the way people buy and sell things. But this ease of use comes with possible risks, which makes many people wonder: is Facebook Marketplace safe? Every day, millions of people use the site successfully, but there are also a lot of frauds, scams, and safety concerns. Statista says that over 1 billion people use Facebook Marketplace every month, which makes it a great target for hackers.

In 2024, cyberattacks aimed at MFA flaws increased by an astounding 40%. This concerning pattern indicates a sharp rise in the complexity of cyberthreats that businesses now have to deal with. Cybercriminals are now adopting psychological strategies in addition to technical ones, such as MFA fatigue attacks, which alter human behavior to obtain unauthorized access to vital systems. This is a wake-up call, not just a number.

We’ve asked Outpost24’s CISO, Martin Jartelius, what 2025 is likely to hold for organizations using attack surface management (ASM) tools. Here’s what Martin had to say about what he predicts for ASM in 2025, as well as some thought on how the CISOs role might change.

In 2024, the ransomware landscape recorded 5,414 published attacks on organizations worldwide, representing an 11% increase compared to 2023. While the year began with a decline in ransomware activity during Q1, the frequency of attacks surged in Q2 and continued to rise through the remainder of the year. This culminated in a dramatic spike during Q4, which saw 1,827 incidents—33% of all ransomware attacks for the year—making it the most active quarter.

The UK government decided to wage war on explicit deepfakes. About time, right? But before we start celebrating, let's take a closer look. The fact is that this isn’t about technology, it’s about human behaviour. The government is not trying to outright ban deepfakes, which would be impossible, to be honest. They're targeting the misuse of this tech for nefarious purposes.