Our Blog

Looking to learn about all things ITSM, ESM, Self-Service, Knowledge Management, AI, and more? We've got you covered.

Resource Center

We’re committed to providing resources that help you address all of your ITSM software needs.

Webinars & Events

Stay up to date on our latest ITSM, ITOM or ESM webinars and events now

EV Blog

EasyVista | March 20, 2024

The Risks of Poor IT Security

In 2021, 60,000 companies globally were negatively affected by the almost three months it took Microsoft to realize parts of their Exchange servers were compromised by zero-day vulnerabilities. The servers, Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, and Microsoft Exchange Server 2019 were targeted by cyberattacks taking advantage of their vulnerabilities.  

Due to coding errors in the servers, the hackers only needed connection to the internet and access to on-premises, locally managed systems to request data, deploy malware, and take over the company’s servers. Most of the requests were approved because the requests looked like they were coming from the Exchange servers – leading Microsoft staff to think the requests were legitimate. The attack exploited the following four Common Vulnerability Exposures (CVEs): 

  • CVE-2021-26855 (a server-side-request-forgery (SSRF) vulnerability. Once exploited, HTTPS connections are then established to authenticate user access), with a CVSS of 9.1 
  • CVE-2021-26857, with a CVSS of 7.8 
  • CVE-2021-26858, with a CVSS of 7.8 (hackers could then deploy web shells to establish backdoor connections to grant themselves remote access to a computer system.) 
  • CVE-2021-27065, with a CVSS of 7.8 

Zero-day exploits are when a cyberattack takes advantage of an unknown security flaw in computer software or hardware, and their severity can vary greatly. But the above example from Microsoft in 2021 is a great example of how 3 months of exposure from a mistake that gives a hacker access to a system or network (leading to data leaks and data breaches), can occur without anyone noticing or fixing it. 

Another example of a zero-day exploit is Google Chrome’s, CVE-2022-4135 in 2022 (their 8th exploit of the year). The attack was a heap buffer overflow, which is a vulnerability that allows data to be written to forbidden locations without being checked. This type of attack leads to data corruption, arbitrary code execution, and a bypass of security controls. 

The costs of security breaches 

In 2023, the average cost of a data breach in the United States was $9.48 million – up from $9.44 million in 2022. Globally in 2023, the average cost of a data breach was 4.45 million U.S. dollars. 

Not only can they sink your organization’s stock price (publicly traded companies suffered, on average, a decline of 7.5% in their stock values post data breach—Okta lost $6 billion from their market cap the week the news spread of their third-party supplier's data breach) – resulting in a market cap loss that may not be recovered – but they can also consume your company’s resources.  

Examples of cyber-attacks: 

  • MOVEit – A zero-day exploit file transfer that took the form of an SQL Injection of Progress Software's, impacted more than 62 million people (about twice the population of California) in 2023. The attack ended up costing the company roughly $10 billion.  
  • 23andMe – Hackers stole the ancestry data of 6.9 million platform users. Cyber hackers stole data containing users’ names, birth year, 23andMe relationship labels, the percentage of DNA shared with relatives, and self-reported location. 
  • GoAnywhere – The exploitation of a zero-day flaw, CVE-2023-0669, enabled hackers to steal data from over a hundred companies in 2023. 

When a cyber incident happens, exorbitant amounts of money and time are required for reparations. In the literal sense, if applicable, those impacted need to be compensated appropriately. Likewise, money also needs to go towards updated processes, procedures, and hardware. Time needs to be spent on educating employees on cybersecurity best practices. 

 Then, there is the lost revenue from the reputational damage to consider. Customers need to be kept happy and paying. Though, customers who need support may be put on the back burner as critical and/or high-priority items that need attention ASAP will be at the forefront of what your employees focus on. 

Security breaches impact everyone—companies, customers, and employees alike. Which is why preventing or avoiding them is the best option for your business. How can you do that? With AI and automation IT monitoring solutions. On average, organizations that use AI and automation for their security protocols save 1.76 million US dollars compared to those that don’t. 

Proactive IT Management: IT Monitoring with EV Observe 

To supplement your broader cybersecurity initiatives, a proactive approach to IT monitoring will only positively benefit your business. If you’re not already investing in an IT monitoring solution that utilizes AI and automation to save your business money by alerting you of real-time changes and updates within your IT infrastructure, you need to. 

An IT infrastructure monitoring solution can significantly enhance IT security by providing early detection of unusual activity or performance anomalies that may indicate security threats, such as unauthorized access or malware activity. By continuously tracking system performance and alerting on deviations from the norm, it enables swift identification and mitigation of potential security incidents before they escalate. Remember that IT infrastructure monitoring is about performance and issues, and it is not a security solution. 

With an IT monitoring solution like EV Observe, you’ll get real-time monitoring of your IT infrastructure, network, IoT, cloud and applications. This access to up-to-date system information will enable you to never miss an alert or notification, avoid blind spots, and reduce false positives by 30%. Additionally, in the event of a cyber-attack or routine IT issue (e.g., a user’s system is down), you’ll be able to accelerate IT incident resolution with dependency mapping, root cause analysis, and interactive dashboards. The proactive monitoring of selected business indicators and activity peaks, combined with the mapping of dependencies of a complex IT network system will enable you identify the root cause of a service failure or downtime even faster. Utilize technology to continuously monitor your IT network to prevent zero-day vulnerabilities and any other cyber-attacks – know what’s going on within your network 24/7.  


What is CVSS in cybersecurity? 

CVSS, otherwise known as the Common Vulnerability Scoring System (CVSS), is a framework for communicating the severity of software vulnerabilities. The framework consists of four metrics: Base, Threat, Environmental, and Supplemental. 

What does “zero-day” refer to? 

The term "Zero day" refers to when a company or software vendor discovers there’s a flaw in their systems or products that are already being used or exposed maliciously by hackers—giving the company zero days to fix the flaw before it’s exposed. 

What is a botnet? 

A botnet is a collection of infected Internet-connected devices (e.g., PCs, mobile devices, and servers) that are remotely controlled by a common type of malware. The infected devices search for vulnerabilities across the internet, in the hopes of infecting as many connected devices as possible.  

Subscribe to Email Updates


EasyVista is a global software provider of intelligent solutions for enterprise service management, remote support, and self-healing technologies. Leveraging the power of ITSM, Self-Help, AI, background systems management, and IT process automation, EasyVista makes it easy for companies to embrace a customer-focused, proactive, and predictive approach to their service and support delivery. Today, EasyVista helps over 3,000+ enterprises around the world to accelerate digital transformation, empowering leaders to improve employee productivity, reduce operating costs, and increase employee and customer satisfaction across financial services, healthcare, education, manufacturing, and other industries.