Week of February 21st, 2025
Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.
Here are this week’s top takeaways:
Read Your All-In-One Guide to Social Engineering Security Testing
Social Engineering is often reported as the most common initial access vector in ransomware attacks and one of the biggest threats to enterprise cybersecurity. In 2024, IBM's X-Force Threat Intelligence Index found that phishing was the most common leading infection vector, identified in 41% of incidents. Similarly, Sophos's The State of Ransomware 2024 report, ranked malicious email and phishing as the root cause in 34% of ransomware breaches.
These findings place enormous focus on the "human factor" of cybersecurity. Given the high risk, a pressing question emerges: how do cyber leaders best tackle people-centric security challenges?
Our ethical hackers have compiled a comprehensive guide to Social Engineering security assessments in which they describe how they differ from other types of security assessments. The takeaway? A solid understanding of Social Engineering as a cybersecurity threat, how Social Engineering assessments address this threat, and what you should expect from an engagement that focuses on assessing your organization's resilience to Social Engineering.
?? Learn more about our Social Engineering services
Education Sector Threats: Recent Breach Impacts Students and Faculty Dating Over 10 Years
A major school board in Canada is offering more details on the severity of a recent cyber attack, and what information was compromised.
The Rainbow District School Board in Ontario says the cyber criminals responsible for an attack on the board's computer systems earlier this month stole sensitive personal information belonging to staff and students– including, but not limited to, social insurance numbers and bank account information belonging to current and former staff members; social insurance numbers belonging to former students who received scholarships; and medical information for current and former students.
The data breach affects people who worked for the board as early as 2010, as well as students who attended a school in the Rainbow District School Board dating back to 2011.
Criminals may have accessed the following information belonging to students, the board said in a recent statement:
In addition, the attack exposed school photos from the 2012-2013 to 2024-2025 school years.
领英推荐
?? Read more about pentesting services for the education sector
Out of 17 reported-on industries, the education sector ranked as the least secure (with financial and healthcare ranking closely behind.) This was determined by the education sector having, on average:
What is the reason for this? While much of it is attributed to human error, device standardization (which is common across all industries, but significantly more difficult to achieve in an educational setting due to their wide number of part-time, remote, and interned workers) is rarely enforced, meaning that educational device management policies and authentication protocols for connected devices are a weak link.
Another primary reasoning for why education sector cybersecurity is lacking is that employee awareness training is seldom executed on: with human risk accounting for 82% of security breaches throughout 2024, organizations open themselves to threat actors by not having robust, periodic awareness training in place.
Recent Posts From Our Ethical Hackers
Every month, our ethical hackers work to provide free resources so that your team can continue improving your organization's security posture.
Here are just some of our recent posts: