Cyber Risk Governance Insights | April 14, 2025
WEEK IN BRIEF
GOVERNMENT – Regulator Gets Regulated & Shakes Trust
SUMMARY: The U.S. Office of the Comptroller of the Currency (OCC) disclosed a breach where attackers accessed internal emails, including correspondence with banks and confidential regulatory insights. While details remain under wraps, the incident has already prompted congressional notifications and serious questions about the cyber hygiene of regulatory bodies themselves.
PROBABLE CAUSE: Inadequate email security controls and insufficient monitoring of privileged access within a government network.
PROACTIVE PREVENTION: Mandate zero-trust email gateways and enforce anomaly detection on privileged communications, especially for agencies entrusted with financial oversight.
INSIGHT: When the watchdog can’t secure its own inbox, maybe it’s time to start reviewing their own compliance. Hypocrisy level? Fire marshal leaving the stove on in their kitchen while telling everyone else to check their smoke detectors.
CRITICAL INFRASTRUCTURE – Confirmed! "Yes, We Hacked You"
SUMMARY: In a private diplomatic exchange, Chinese officials admitted to cyberattacks on U.S. infrastructure, reportedly targeting utilities and ports as part of a broader retaliation campaign. While not news to intelligence agencies, this rare acknowledgment escalates the cyber cold war narrative and puts renewed focus on digital infrastructure resilience.
PROBABLE CAUSE: Systemic lack of segmentation and resilience in operational technology (OT) systems tied to national infrastructure.
PROACTIVE PREVENTION: Implement micro segmentation and air-gapping for critical OT assets - stop connecting century-old water pumps to Slack channels.
INSIGHT: They say "admitting you have a problem is the first step." Too bad it’s China’s problem… and still our infrastructure that’s exposed. The US has a cybersecurity lack of awareness that we all collectively need to address, for we most certainly will fail collectively.
FINANCIAL SERVICES – Breach Shockwaves the Sector
SUMMARY: Wolters Kluwer, a linchpin for regulatory and compliance tools in the finance sector, suffered a data breach with widespread client impact. The breach disrupted services and raised concerns about sensitive financial data exposure, especially considering its role as a trusted provider for banks and insurers.
PROBABLE CAUSE: Insecure vendor environment and poor downstream visibility into third-party data handling practices.
PROACTIVE PREVENTION: Demand continuous security validation (not just annual audits) from vendors and require SOC 2+ runtime visibility as table stakes.
INSIGHT: It’s all fun and games until your compliance software vendor forgets to comply with basic cybersecurity hygiene. That’s like a dentist with cavities. Organizations can not continue to ignore TPRM – your vendors may well be your weakest link. Trust but verify!
RANSOMWARE – Group Evolves to Just Keep Winning
SUMMARY: Scattered Spider - a ransomware group with a flair for social engineering—has evolved again, using advanced impersonation tactics and living-off-the-land attacks. Targeting major enterprises with surgical precision, they continue to bypass traditional defenses and wreak havoc across sectors.
PROBABLE CAUSE: Overreliance on perimeter defenses and outdated incident response playbooks.
PROACTIVE PREVENTION: Invest in behavioral threat detection and insider-risk tooling with 24/7 SOC capabilities to catch attackers who mimic employee behavior.
INSIGHT: Turns out if you give hackers a LinkedIn Premium account and some ChatGPT prompts, they can waltz right in dressed as your CIO. Welcome to phishing-as-a-service, now with extra sass. You must review your governance, policies, and processes at least once per year if not more frequently. Your business changes to meet the shifts in demand and competition, and your threats and risks change just as often.
EDUCATION – Schools Get Schooled by Bullies on the Playground
SUMMARY: A 69% spike in ransomware attacks hit the global education sector, forcing schools offline and compromising student and faculty data. Already under-resourced, many institutions struggle to rebuild systems while facing legal scrutiny and rising insurance costs.
PROBABLE CAUSE: Legacy IT infrastructure paired with minimal endpoint security and lack of centralized threat detection.
PROACTIVE PREVENTION: Standardize on secure cloud-based systems with built-in zero-trust architectures, and pool resources across districts for threat monitoring.
INSIGHT: When your computer lab is running on Windows 7 and hope, ransomware isn't just probable - it’s part of the curriculum. We all know budgets are tight, and you need solutions that provide value instead of a subscription bill. If you’re in Education, you ought to be looking at taking advantage of open source security solutions to provide your district a defense-in-depth posture.
SOCIAL ENGINEERING – Thumb Drive Trick Still Works in 2025
SUMMARY: Russian hackers breached a Western military mission by planting a malicious USB drive - a tactic old as time, but still devastating. The breach exposed sensitive mission details, and while the scope isn’t fully disclosed, it raises alarms about basic operational security in defense environments.
PROBABLE CAUSE: Lack of physical media controls and inadequate device lockdown policies within secure facilities.
PROACTIVE PREVENTION: Deploy endpoint protection that auto-detects rogue USB devices and enforces strict removable media policies - even in the field.
Recommended by LinkedIn
INSIGHT: If your organization’s ops can be undone by a glittery thumb drive left in the parking lot, it’s not cyberwar—it’s slapstick. This is an organizational culture issue, and you’re not educating your staff. Security Awareness and Education (SAE) is fundamentally essential to any organization to get your employees as your first line of defense.
HEALTHCARE – Hospital Data Breach Hits the Charts
SUMMARY: Loretto Hospital is under investigation following a data breach that potentially exposed protected health information (PHI). While details remain limited, the incident highlights ongoing struggles in securing patient records and complying with HIPAA obligations amid outdated systems.
PROBABLE CAUSE: Unpatched systems and lack of routine security audits across internal and third-party platforms.
PROACTIVE PREVENTION: Automate patch management and implement real-time data loss prevention (DLP) for PHI at rest and in transit.
INSIGHT: Still thinking cybersecurity’s too expensive? Try explaining to your patients why your servers are running like their grandma’s rotary phone. We get how medical equipment may be difficult to update due to its necessity, but at some point, you have to schedule downtime to perform critical updates, even for functionality, let alone security.
INSIGHTS & EXPERT PERSPECTIVES
Risk Meets Reason: Unpacking AI's Role in Third-Party Vulnerabilities
AI integration into third-party services introduces sophisticated new risks. In a recent expert panel, Linda Tuck Chapman and Stanley Li dissect the interplay between AI capabilities, data governance, and vendor oversight. They urge leaders to update due diligence, embed ethical AI frameworks, and ensure executive-level cyber literacy. The session emphasizes that AI’s potential is matched only by its capacity to magnify third-party vulnerabilities—unless managed with intentional governance and technical discipline. Read full article
HIGHLIGHTS:
INSIGHTS: Organizations rushing to adopt AI through third-party vendors often overlook one fundamental step: understanding the business impact if that AI fails. A Business Impact Analysis isn’t just for disaster recovery—it’s a lens to evaluate how AI-driven decisions, errors, or outages could disrupt critical operations.
We prepared a Business Impact Analysis Playbook and Workbook to help you DIY the integration of Cyber Risk Management into Enterprise Risk Management with guidance from NIST IR8286. We give it away for free so you may maximize your resource allocation for implementing what works for your organization.
A well-executed BIA:
Before trusting a vendor’s algorithm, assess the blast radius if it goes wrong.
Skipping a BIA is like insuring your building but ignoring the server room—it’s technically covered, but practically exposed.
If you want a free download of the BIA Playbook, just ask.
Strengthen Your Cybersecurity with Netswitch
Achieve Compliance & Reduce Risk:
Expand Your Cyber Knowledge:
Take Action Now!
Reach out to Netswitch Technology Management today and seize control of your cyber risk.
Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.