While this attack could have been significantly worse and it was lucky that no data was compromised in the attack, attacks like these can be disastrous for any organization. Any time an attack takes place there is a loss of trust from current and prospective users/clients in the organization that was attacked. Even the claim that “no data was compromised” gives little reassurance after numerous organizations in the past has made similar claims only to have to admit later that data was, in fact, compromised. For this reason, it is important for organizations to work to prevent cyber-attacks before they happen and to work to stop attacks as early as possible. Following an attack, it is important to monitor criminal underground forums and marketplaces where cyber-criminals might leverage any stolen data. This can aid in response from both security and public affairs personnel. Endpoint detection and response services and SIEM monitoring aid greatly not only in allowing security personnel to cut off an attack before it is able to cause damage but to also recognize reconnaissance activity from attackers being carried out prior to an attack. Social media and Darknet monitoring can provide vital insight into what cyber-criminals are doing and are interested in, which allows organizations to put security policies in place to defend against attacks before they happen and to respond to further threats from criminals. More information on this incident can be found at: https://news.bloomberglaw.com/business-and-practice/cyber-attack-locks-michigan-bar-exam-takers-out-of-online-test