UncategorizedOctober 6, 2025
Image from Pixabay

Eternal Vigilance Is the Price You Pay to Assure Cybersecurity

Overview

  • October is recognized as Cybersecurity Awareness month in not just the US and Australia, but also in many countries around the world, especially in Europe.
  • The cyberattackers are never off duty. They do not rest. Everyone is a potential target.
  • With so much activity being performed online, being cybersecure is vital.
  • Cyberattacks are becoming increasingly more targeted and sophisticated.
  • While generative AI and deep fakes are the biggest threats; zero-day vulnerabilities and exploits of diverse software are proving equally dangerous.
  • You stand to lose not just personal data and money ― your reputation could be grievously jeopardized.
  • Different countries are ramping up their data protection legal frameworks. The US already has several data protection and privacy laws.
  • Your options for ensuring better and improved cybersecurity remain much the same: training of personnel, multi-layered cybersecurity systems, sharper penetration testing, robust vulnerability management, and remaining alert to social engineering attacks, including impersonation.

Introduction

Cybersecurity is not an issue that impacts only business giants. Nobody is safe from the bad actors of the dark web ― government departments, financial and healthcare institutions, small businesses, individuals, non-profit organizations, even professionals working from home ― anyone and everyone is fair game for hackers and other online threats. Be it social media activities, online marketing, food delivery, or web searches for information on various subjects ― most of your waking hours are spent online for some reason or the other. What is even more alarming is that the cyber attackers are creating newer and deadlier ways to target their victims, even harnessing the power of AI and deepfakes to achieve their ends.

Background

The US Cybersecurity and Infrastructure Security Agency (CISA) has been working for more than two decades to raise awareness about the need for cybersecurity as well as how to go about it. It has now become a global practice to observe October as Cybersecurity Awareness month. As it happens every year, this year too CISA has released a cybersecurity awareness month toolkit. They have reminded people that cyber threats don’t take time off.

Building a Cyber Strong America

“This year’s theme is Building a Cyber Strong America, highlighting the need to strengthen the country’s infrastructure against cyber threats, ensuring resilience and security”, says the CISA website.i It adds, “vendors, suppliers, and other parts of the supply chain that support or are connected to critical infrastructure play a critical cybersecurity role”. This is an often-overlooked aspect of cybersecurity.

Everything and Everyone Is Fair Game to the Cyber attackers

Image from Pixabay

The only thing that can keep your data secure is staying completely offline ― but that too is not always. For example, there are people who have a bank account, but do not keep debit or credit cards, a smartphone, and reject the facility of online banking. However, even they become vulnerable if the server of the financial institution they have dealings with is hacked. For most people, staying completely offline is not a practical proposition. You must keep your organization and business secure, just as you must keep yourself and your family safe from cyberattacks. The worrisome aspect is that the smaller businesses have very low cyber resilience, meaning that a major cyberattack can potentially cause them to shut shop. With the cyberattacks becoming swifter and exploiting advanced zero-day vulnerabilities with greater sophistication, the challenges facing IT and data security specialists, especially in the context of recovery and restoration of mission-critical data, are multiplying. However, cybersecurity budgets are getting tighter.

You Are Never Completely Secure

Remember, you are vulnerable even when you are simply checking out information using any search engine, including Google, Bing, MSN, Yahoo, Dogpile, etc. Even interacting with loved ones on a messaging app or on some social media platform comes with inherent risks. The cyber attackers don’t discriminate: they cheerfully attack utilities, government departments, online buying and selling platforms, diverse kinds of apps, industry verticals like manufacturing, education, hospitality, and travel; online gaming sites, and are not averse to taking advantage of civilian crises like the Covid-19 pandemic, and evacuation of civilians during military operations. In the US alone, in April 2025, it was identified that hackers had been spying on the emails containing sensitive financial information of around 103 U.S. bank regulators at the Office of the Comptroller of the Currency for over a year.

The Changing Face of Cybersecurity

Image from Pixabay

While there has been a flurry of politically motivated cyberattacks on several European countries, especially in the wake of the Russo-Ukrainian War, the bulk of all recent cyberattacks were motivated by the desire to illegally gain access to vital personal information of customers of industry majors and make money on the move. Of these the most damaging was probably the compromise of a Microsoft Exchange server, which resulted in the exposure of numerous zero-day vulnerabilities. While the ProxyLogon vulnerability was first identified by Microsoft in January 2025, the security patch was issued only in March. The net result was that all systems that had not been patched by then, or even later, remained vulnerable to hacktivists. Phishing, zero-day exploits that target hidden security flaws, identity theft, and similar actions are now harnessing the power of generative AI. This indicates that social engineering remains one of the biggest cybersecurity threats.

The Monetary Implications of Cyberattacks Are Humongous

Cryptocurrencies have been used to pay for ransomware. The hackers prefer to use that means of payment as it becomes that much more difficult to trace the recipient, thanks to the blockchain security. However, in February 2025, North Korean hackers stole more than $1.5 billion in Ethereum (a cryptocurrency) from the Dubai-based exchange ByBit, making it the biggest cryptocurrency heist to date. They exploited a vulnerability in the third-party wallet software during a fund transfer, with at least $160 million being laundered within the first 48 hours of the attack. Organizational resilience against cybercrime is hampered by a marked deficiency in the talent pool in most countries.

Fix Vulnerabilities Before Attackers Exploit Them

Image from Pixabay

Unfortunately, few people realize that most software has some inherent flaws that can be utilized by hackers to hijack servers and individual systems within a network. It becomes worse when updates of certain software require you to bypass the antivirus or other data security measures installed in your computer or other electronic device. In the Microsoft zero-day attack, CVE-2025-29824, a zero-day flaw in the Windows Common Log File System (CLFS) was exploited to escalate privileges. The attackers created a malware named PipeMagic to escalate privileges and spread the ransomware worldwide.

What You Can Do Under the Circumstances

While an organization might take all necessary steps to be compliant with regulations governing data security; it is third-party risk which might take down the company or service provider. To protect sensitive, unclassified data, you should use compliance frameworks like CMMC 2.0. Running regular penetration tests, vulnerability scanning as part of vulnerability testing, and patch management are required to have in place a robust vulnerability management system. While providing regular training to your personnel on the importance of how social engineering can adversely impact IT security hygiene is vital; you need to buttress your efforts by initiating a multi-layered defence system. You must teach them the importance of recognizing attempts at impersonation.

Taking Daily Action Reduces Online Risks

Even a simple action such as responding to ads on a job site is fraught with danger as was demonstrated in a March 2025 attack targeting recently laid-off federal workers. This tactic has earlier been utilized by the FBI to recruit counter-espionage networks ― a tactic that is coming home to roost for the lay Americans. Verifying before responding to job ads might seem a simple hack, but in these economically challenging times, people are willing to clutch at straws ― and the hackers know it.

US Federal Laws to Protect Personal Data

As early as 1986, the US enacted the Computer Fraud and Abuse Act (CFAA) to prohibit unauthorized computer access. The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) makes it compulsory for critical infrastructure to report breaches. The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to safeguard sensitive customer data and to explain their information-sharing practices. The Health Insurance Portability and Accountability Act 1996 (HIPAA) protects the privacy, security, and integrity of personal health data. Federal information systems and data must be protected by federal agencies and their contractors under the Federal Information Security Management Act (FISMA). The California Consumer Privacy Act (CCPA) and the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act are state specific laws to protect the personal data of their residents.

Countries Are Beginning to Buttress Legal Framework

The United States of America, various European countries including UK, Middle Eastern and Asian nations like India are strengthening their legal framework to protect personal data. The UK is proposing to bring a law to protect public services by prohibiting public sector payments to ransomware which would disincentivize the hackers. In the European Union (EU) laws like the Digital Operational Resilience Act, the Cyber Resilience Act and the AI Act will come into force soon to enhance digital resilience to people and businesses in the EU. Simultaneously, INTERPOL and the AFROPOL are working in tandem to dismantle cryptocurrency mining centers with significant success.ii

Conclusion

Assuring cybersecurity is your duty apart from being in your own interest. Never let your guard down as the malicious elements are always on the prowl.

Contact us if You Need Guidance or Immediate Assistance

For help in identifying vulnerability gaps, penetration testing, setting up access controls, creation of compliant data security policies and privacy procedures, and other compliance needs.

Get in touch with us at: service@friggp2c.comamit.sarkar@friggp2c.com, or Call us at: +1 (905) 261-9124  |  +1 (905) 261-9123  |  +1 (866) 907-7227  |  +91 733-113-2288

(i) https://www.cisa.gov/cybersecurity-awareness-month
(ii) https://www.weforum.org/stories/2025/09/cybersecurity-awareness-month-cybercrime-ai-threats-2025/

About the Authors

Amit Sarkar

Amit Sarkar (amit.sarkar@friggp2c.com) is the Founder of Frigg Business Solutions at Sheridan, Wyoming, USA, and Hyderabad, Telangana, India. A seasoned writer whose multiple articles have been published in HCCA and SCCE. He is a former CEO of a US Healthcare Regulatory Compliance service organization, and a senior global leader in HIPAA Compliance, IT Security, Risk Management, and Compliance Governance.

LinkedIn:  Amit Sarkar | LinkedIn

Harini Pallavi

Harini is one of the principal auditors for Frigg Business Solutions. She is an accomplished information security expert who led critical security initiatives that shielded multinational corporations from cyber-attacks, thwarted data breaches, and secured critical infrastructure.Harini has successfully implemented the Health Information Trust Alliance – (HITRUST) common security framework and ensured 100% compliance in all these organizations. She is a Certified Risk Professional (CRiSP), Information Security Lead Auditor, HITRUST Implementor, HIPAA Compliance Expert, and Certified in Six Sigma (Black belt & Green belt).