Cyber Risk Governance Insights | March 3, 2025

WEEK IN BRIEF

GOVERNMENT – Space Agency Suffers Cyberattack

SUMMARY: The Polish Space Agency (POLSA) experienced a cybersecurity incident and an immediate disconnection of its network to protect data integrity. Investigations are ongoing to identify the perpetrators and assess the impact.

LIKELY CAUSE: The breach may have resulted from compromised internal email systems, potentially due to phishing or credential theft.

PROACTIVE PREVENTION: To mitigate credential theft, organizations must enforce multi-factor authentication (MFA) across all internal and external access points.

WHY DO THIS: MFA significantly reduces unauthorized access by requiring multiple verification steps beyond just passwords.

INSIGHT: This incident underscores the critical need for strong authentication measures in governmental agencies. Ensuring layered security protocols protects sensitive information and maintains operational integrity.

FINANCIAL SERVICES – Banks Targeted by Ransomware

SUMMARY: Banks in the Middle East have been subjected to targeted ransomware attacks, prompting enhanced security measures. The region's rapid digital transformation and a shortage of cybersecurity professionals have heightened vulnerabilities within the financial sector.

LIKELY CAUSE: The swift adoption of digital banking services without corresponding investment in cybersecurity infrastructure has made these institutions attractive targets.

PROACTIVE PREVENTION: Network segmentation can limit lateral movement of an attacker during a breach, reducing the impact of ransomware attacks. Proper segmentation can be validated during a Security And Risk Assessment (SARA).

WHY DO THIS: Network segmentation restricts unauthorized access, preventing ransomware from spreading across critical banking systems.

INSIGHT: As digital banking expands, so does the attack surface. Proactive measures are essential to protect assets and maintain customer trust.? It’s important to understand that it’s not just “digital banking” but all organizations’ expansions and integrations increase its attack surface.? We recommend attack surface management to help mitigate and limit these risks.

GOVERNMENT – Intelligence Service Breach Investigated

SUMMARY: Belgium's federal prosecutor is investigating a potential breach of the State Security Service (VSSE) by Chinese state-backed hackers. Attackers allegedly accessed the VSSE's external email server, compromising sensitive communications.

LIKELY CAUSE: Exploitation of vulnerabilities in third-party cybersecurity solutions may have facilitated unauthorized access.

PROACTIVE PREVENTION: Encrypt all sensitive communications and data to prevent unauthorized access, even in case of a breach.

WHY DO THIS: Encryption ensures that intercepted data remains unreadable to attackers, protecting classified intelligence.

INSIGHT: Even intelligence agencies are vulnerable to cyber threats. Continuous vigilance and stringent security protocols are imperative. This news begs the question – “What don’t we hear about!”

TECHNOLOGY – Misconfigured Building Access Systems Expose You

SUMMARY: Researchers identified over 49,000 misconfigured Access Management Systems (AMS)v worldwide. These vulnerabilities could allow unauthorized individuals to manipulate building entry systems, compromising physical security.

LIKELY CAUSE: Inadequate configuration and lack of secure authentication protocols in AMS devices have led to widespread exposure.

PROACTIVE PREVENTION: Enforce strict access controls and require unique credentials for all AMS devices.

WHY DO THIS: Strong authentication prevents unauthorized users from exploiting misconfigured systems to gain access.

INSIGHT: Overlooking device configurations can lead to significant risks. This is an area of physical security that organizations often overlook the requirement of third-party vendors to follow strict security controls, including regular audits, strong authentication, and encrypted communication for AMS.

CYBERCRIME – EncryptHub Compromises 618 Organizations Globally

SUMMARY: The cybercriminal group EncryptHub has breached at least 618 organizations worldwide since June 2024, using spear-phishing and social engineering tactics to deploy infostealers and ransomware.

LIKELY CAUSE: Sophisticated phishing campaigns and exploitation of inadequate security measures have facilitated widespread intrusions.

PROACTIVE PREVENTION: Use advanced email filtering to detect and block phishing attempts before they reach users.? Don’t forget that these need to be “tuned” to let legit emails in, while keeping the bad out.

WHY DO THIS: Effective email filtering minimizes exposure to phishing campaigns, reducing the risk of malware and credential theft.

INSIGHT: This incident highlights the persistent threat of phishing. Your organizations should consider adopting a multi-layered security approach to defend against sophisticated email attacks – they’re getting better.

HEALTHCARE – Australian IVF Provider Genea Suffers Data Breach

SUMMARY: Hackers have published sensitive patient data allegedly stolen from Australian IVF provider Genea. The breach has raised significant concerns regarding patient privacy and security in the healthcare industry.

LIKELY CAUSE: The breach likely resulted from a ransomware attack exploiting vulnerabilities in Genea's network security infrastructure.

PROACTIVE PREVENTION: Implement immutable, offsite backups to ensure data recovery even if ransomware encrypts primary systems.

WHY DO THIS: Immutable backups provide a secure copy of data that cannot be altered or deleted by ransomware, ensuring business continuity.

INSIGHT: We include stories about healthcare orgs for a reason – they are prime targets because patient data is valuable and often less protected than financial information. Unlike a credit card that can be replaced, stolen medical records are permanent and can be exploited for years through identity fraud, blackmail, or insurance fraud. While this incident was not in the US, it does highlight why compliance alone is not enough—organizations must adopt proactive security measures to safeguard patient trust and prevent long-term reputational and financial damage. Recognizing this need is why HHS is proposing revisions to the HIPAA Security Rule to mandate stronger security controls aligning risk management with modern cybersecurity frameworks like NIST.

INSIGHTS & EXPERT PERSPECTIVES

284 Million More Reasons to Rethink Your Password Security

The latest breach has dumped 284 million compromised passwords into Have I Been Pwned? (HIBP)—one of the most trusted public breach notification databases. If you’re still reusing passwords… WHY?!

Why does this password database addition matter? Because attackers leverage these leaked credentials in brute force and credential stuffing attacks—where they use stolen passwords to break into multiple accounts. If you’re reusing passwords, you’re giving them an easy win.

What to Do Now:

• Check HIBP (haveibeenpwned.com) to see if your email or passwords are in a breach.
• Change Compromised Passwords Immediately—and don’t just tweak an old one.
• Enable Multi-Factor Authentication (MFA)—a password alone isn’t enough.
• Use a Password Manager—strong, unique passwords for every account are non-negotiable.

Using stolen passwords is a money-making business so “bad guys” don’t get weekends or days off, and neither should your security habits. Reusing passwords is an outdated, high-risk behavior—you and your organization must fix it now before you become the next cyber statistic.

This is one of the reasons we promote the adoption of multi-factor authentication (MFA) and the shift toward passwordless authentication methods, and the impact of mass password breaches isn’t as severe as it once was. Yet not enough organizations rely on device-based authentication, biometric logins, and one-time passcodes, to make stolen passwords alone far less effective for attackers.

While password hygiene is still important, the days of a single leaked password leading to widespread account takeovers are fading—the real risk now lies in users who fail to enable MFA or fall for phishing attacks that bypass traditional login security altogether.

Strengthen Your Cybersecurity with Netswitch

Achieve Compliance & Reduce Risk:

• Comprehensive Security Audit: Uncover network vulnerabilities with our automated Security And Risk Assessment (SARA). Gain a clear understanding of your risk landscape, prioritize enhancements, and make the most of your security investments. Contact Netswitch.
• Free "Quick Start" Program: Kickstart your cyber risk and governance journey with a complimentary health check. Enroll today to build lasting resilience.

Expand Your Cyber Knowledge:

• Join: Our Cyber Risk Governance Community and connect with a dynamic network of professionals on LinkedIn. Exchange insights, transform risks into readiness, and stay ahead of evolving threats.
• Engage in Live Events: Attend interactive LinkedIn Live sessions. Dive into critical cyber risk topics with industry leaders from executive, technology, and governance backgrounds.

Take Action Now!

Reach out to Netswitch Technology Management today and seize control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.