As cyberthreats continue to grow more sophisticated, staying proactive is essential for safeguarding our systems, data, and people. At Watermark, November 2024 proved to be a pivotal month for cybersecurity, marked by key incidents, lessons, and improvements. Let’s dive into the highlights.
Watermark’s Security Enhancements
This November, Watermark successfully thwarted a sophisticated password-spraying attack originating from over 1,000 remote systems. A
password spraying attack is a type of cyberattack where hackers attempt to gain unauthorized access to accounts by testing a few commonly used passwords (like "Password123" or "Welcome2023") across many user accounts. While no breaches occurred, the attempt caused temporary account lockouts and underscored the need for robust security measures.
In response, we implemented two key changes:
- Restricted Webmail Access: Access to webmail (OWA) is now limited to Watermark’s network, adding an extra layer of protection against remote attacks.
- Stronger Password Policies: Beginning January 2025, passwords will require increased length, with an emphasis on using secure passphrases. This change reflects our commitment to keeping accounts secure.
Lessons From Industry Headlines
Beyond Watermark, recent industry incidents offer valuable insights into the importance of cybersecurity:
- OnePoint Patient Care Breach: Data from 1.74 million individuals was exposed in a breach, highlighting the critical need for advanced protections in health care.
- Thompson Coburn LLP Lawsuit: A data breach involving personal and health information led to a class-action lawsuit, revealing the risks associated with third-party vulnerabilities.
- Corporate Cybersecurity Fines: Companies like GEICO, Travelers, and Unisys faced hefty fines for inadequate defenses and misleading cyber risk disclosures. These penalties remind us of the financial and reputational costs of lax security practices.
By the Numbers: Watermark’s Cybersecurity Performance
Our November metrics illustrate the effectiveness of Watermark’s proactive approach:
- Patching Compliance: We achieved 100% compliance for critical vulnerabilities and 98.38% overall compliance. Patching compliance refers to the process of ensuring all software, systems, and devices within an organization are updated with the latest security patches and updates. These patches are released by vendors to fix vulnerabilities, improve performance, and address bugs.
- Email Security: Of nearly 900,000 emails processed, we blocked 469,716 spam attempts and stopped 6,252 instances of malware.
- Phishing Training Results: A phishing fail rate of just 1% — well below industry averages — demonstrates the success of our ongoing employee training programs.
Proactive Threat Management
Threat monitoring and swift remediation remain at the core of our cybersecurity efforts. In November alone:
- Blocked Threats: Watermark stopped over 24,000 malicious network events and prevented 4,500 potential compromise attempts.
- Vulnerability Management: Regular scans identified and resolved 30 critical issues, ensuring our systems remain resilient against emerging threats.
Looking Ahead
Cybersecurity is not a one-time achievement but a continuous effort. By learning from our experiences and staying vigilant, Watermark is committed to protecting our systems, our community, and our reputation. Together, we can make cybersecurity a cornerstone of our IT strategy.
Let’s stay proactive and prepared — because the best defense is a strong offense.
Contact
