Security Intelligence has written an article discussing the trend of repeated targets in cyber attacks and why they occur. According to Cymulate, 67 percent of companies that suffered a cyber attack are attacked again within one year, which rises to 80 percent if it’s a ransomware attack.
The author states that a primary reason organizations see additional attacks after the initial successful one is that threat actors will have learned critical pieces of information, including where vulnerabilities are located and what data is important. This makes it easier to continue attacking the same organization than going through the difficulties of performing reconnaissance on a new one. This is why the article suggests that organizations who have been hit should have a laser-focus on remediating the specific vulnerabilities that allowed the exploitation to occur in the first place. Doing this requires a robust postmortem process that can provide leaders with a timely, full understanding of what happened and to significantly reduce the risk of it happening again. Read more at Security Intelligence.