Microsoft issued emergency security patches for multiple versions of Exchange Server on March 2, 2021. The updates addressed a series of zero-day exploits that compromised hundreds of thousands of on-premises Exchange Servers worldwide. Known collectively as ProxyLogon, the advanced persistent threats (APTs) allow an attacker to open a “backdoor” in Exchange Server that can be accessed from the Internet.
Cybersecurity
Cybersecurity may seem like a cat-and-mouse game, but the odds heavily favor the mouse. The cat must defend against all types of attack and quickly identify any potential security weaknesses. The mouse only has to find one vulnerability in order to elude the cat.
Managed services providers (MSPs) use a variety of tools to monitor their customers’ systems and networks and protect against cyberattacks. If the MSP doesn’t follow best practices, however, they can actually introduce threats into their customers’ environments.
A network vulnerability assessment is the initial phase of any cybersecurity strategy. In the National Institute of Standards and Technology (NIST) Cybersecurity Framework, vulnerability assessments fall under the “identify” phase. They are designed to help organizations identify any gaps in their security posture and prioritize the activities needed to close those gaps. Because cyber threats are continually evolving, organizations should regularly review their IT environment in order to understand their risk exposure.
The near-overnight shift to remote work models created a perfect storm of security challenges. Employees were suddenly working outside the secure perimeter, and IT teams were focused on providing connectivity to corporate applications and data. Even organizations that already had a distributed workforce had to quickly scale up their remote access infrastructure.
