Week of March 21st, 2025

Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.

Here are this week’s top takeaways:

The Far-Reaching Impacts of Cyberattacks on Operational Continuity: Orangeville

As first reported in The Orangeville Citizen, the Town of Orangeville continues to be impacted by a cybersecurity incident that began on Feb. 27th, creating widespread outages across key services.

The town became aware of the cyberattack when IT security monitoring systems discovered suspicious activity. At that time, town staff took immediate action to safeguard information and further secure systems to mitigate potential risks of exposure.

When looking at services impacted, Orangeville Fire cannot process burn permits, sensitive receptor applications, or file search requests. The Orangeville Public Library cannot provide self-serve checkouts, debit payments, printing, scanning, faxing, or Wi-Fi. Customer service for key departments continues to experience limited capabilities.

For corporate services, the clerks and bylaw department’s commissioning of services online has been impacted, as have online burial permits and lottery donation proceeds. The finance department has been impacted in its ability to bill and retrieve water shut-off information, provide copies of tax bills, access account information, and share parking fine balances.

Under infrastructure services, online building permits, email applications, and online payments have experienced disruptions. Building inspection requests by phone/via website have been affected as well. The planning department cannot process online application submissions, online payments, online planning/building compliance request submissions, or online pre-consultation meeting requests.

For transportation, online road occupancy permit applications and payments are impacted.

Recreation facilities are open but in-person debit payments are only available for programs at the Alder Recreation Centre.

Property taxes, building permits, commissions, parking tickets, and account receivables can be paid in person using debit, cash, or cheque.

For the Town’s planning department, application submissions must be in hard copy only; fee payments can be made by cash, cheque, or debit; compliance request submissions must be in hard copy only; and pre-consultation meeting requests must be in hard copy only.

The Town of Orangeville is still working to understand the nature and full scope of the cyberattack by collaborating with cybersecurity experts and local authorities. While all associated parties are taking correct action, the ongoing impact of the cyberattack illustrates the importance of proactive Offensive Security in 2025 for organizations across all industries.

?? The Benefits of Proactive Infrastructure Penetration Testing

Gartner and others in the industry report that the average time to identify a data breach is 194 days and the average cost of a data breach was $4.88 million in 2024, with that number only expected to continue skyrocketing the end of 2025.

What can organizations due to safeguard themselves against widespread operational disruptions related to data breaches?

• Know when to rotate pentest vendors
• Partner with quality penetration testers
• Engage in periodic, in-depth Employee Awareness Training

The World Economic Forum's Analysis of 2025's Top Cyber Concerns

Data breaches continued at historic levels in 2024, with 3,158 data compromises tracked by the Identity Theft Resource Center—on par with the previous record-breaking year. However, victim notices surged 211% to 1.3 billion, largely due to five mega-breaches, each triggering over 100 million notices.

While 66% of organizations see AI as the biggest cybersecurity game-changer this year, only 37% have safeguards to assess AI tools before use. This highlights the gap between awareness of AI risks and its unchecked adoption, adding to the growing complexity of cyberspace, where emerging technologies, geopolitical tensions and supply chain vulnerabilities are creating new challenges for cybersecurity.

Here are six key cybersecurity vulnerabilities anticipated by leaders throughout 2025:

• Supply chain concerns: 54% of large organizations cite supply chain challenges as the biggest barrier to cyber resilience, driven by complexity and lack of visibility into suppliers' security
• Geopolitical tensions: Almost 60% of organizations say geopolitical issues affect their cybersecurity strategy, with CEOs concerned about cyber espionage and IP theft, and cyber leaders focused on disruption of operations
• AI adoption risks: Despite growing reliance on AI for cybersecurity, many organizations lack processes to properly assess the security of AI tools before deployment, creating a gap in managing associated risks
• Generative AI and cybercrime: Almost three-quarters of organizations report rising cyber risks, with generative AI fuelling more sophisticated social engineering and ransomware attacks; 42% saw an uptick in phishing incidents
• Regulatory challenges: Fragmentation of cybersecurity regulations across jurisdictions poses compliance challenges for 76% of CISOs, despite the role of regulations in improving cyber resilience
• Cyber talent shortage: The cyber skills gap increased by 8% in 2024, with two-thirds of organizations facing moderate-to-critical talent shortages and only 14% confident in their current team’s capabilities

What are some of the top security solutions that Packetlabs ethical hackers recommend to stay ahead of the cyber threat curve?

• Dark Web Monitoring
• Attack Surface Penetration Testing
• Ransomware Penetration Testing
• Application Penetration Testing
• Cloud Penetration Testing

In 2025, in-depth scoping (and customizable solutions) have never been more critical. Reach out today to learn more about the price vs. cost of proactive Offensive Security.

Packetlabs at ATLSECCON

Packetlabs is thrilled to both be attending (and sponsoring) this year's Atlantic Security Conference.

AtlSecCon is a non-profit, volunteer-led information-security conference focusing on expanding the IT security knowledge pool. Since its inception, it has garnered a reputation as the "premiere knowledge repository for Atlantic Canada."

Those attending will:

• Hear from North America's top cybersecurity experts on the best way to evolve IT security strategies to counteract this year's most advanced threats
• Have the opportunity to network with a wide variety of industry providers
• Participate in track sessions relevant to organizations' most urgent security needs

Alongside aiding in the future of North America's cybersecurity, ATLSECCON also strives to empower positive change by supporting a range of charitable causes. For this year's cause, the Atlantic Security Conference has selected the Leukemia & Lymphoma Society of Canada as their charity of choice, with attendee donations being matched up to $5,000.

Attending? Visit our team at Booth #35 at the Halifax Convention Center. We'll be there:

• Thursday, April 10, 2025 8:00AM – 4:30PM
• Friday, April 11, 2025 9:00AM – 3:00PM

Recent Posts From Our Ethical Hackers

Every month, our ethical hackers work to provide free resources so that your team can continue improving your organization's security posture.

Here are just some of our recent posts:

• "CVE Discovery" by Kyle Burns , Lead of Offensive Security at Packetlabs
• "The Role of a Pentester" by Denis Kucinic , VP of Operations at Packetlabs
• "Winner of Prompt Injection Challenge" by Joey Melo , Ethical Hacker at Packetlabs