After our initial analysis of grouping the Microsoft Exchange Server Attack, we further analyzed a dataset containing approximately 5000 companies with a total exposure of $34,644,208,987. The distribution of the companies included a distribution across:
- 8 countries,
- 43 industries,
- various sizes (based on employee count)
The analysis was done to better determine which types of companies are potentially susceptible to attacks and damage due to the newly discovered vulnerability.
The analysis first isolated each of the CRA-Zones elements:
Sector and Industry
Company Size (by employee count)
The results clearly show that grouping companies by one characteristic only does not provide accurate information on possible aggregations, however, when the elements are grouped into a CRA-Zone, the types of companies affected by the attack become much clearer. Insights using CRA- Zones can also provide supplementary insights on aspects such as security hygiene and patching cadence.