CISAO
Company Details
Linkedin ID:
cannabis-isao
Website:
Employees number:
4
Number of followers:
452
NAICS:
519
Industry Type:
Homepage:
cannabisisao.org
IP Addresses:
0
Company ID:
CAN_1622626
Scan Status:
In-progress
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) Company CyberSecurity Posture
cannabisisao.org
The Cannabis Information Sharing & Analysis Center
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) A.I CyberSecurity Scoring
CISAO Risk Score (AI oriented)Between 700 and 749
CISAO
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CISAO Global Score (TPRM)XXXX
CISAO
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CISAO Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Everest ransomware group
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The Everest ransomware group experienced a significant security breach when their Tor leak site was defaced and subsequently taken offline. This group, known for its ransomware activities and initial access broker operations, has been a threat since 2020, listing more than 200 victims including healthcare organizations. In 2024, the group targeted a U.S. healthcare facility, demonstrating its continuous impact on sensitive sectors. The defacement, which left a message deriding crime, suggests a potential backlash from the cyber community or an inside exit scam, although no party has claimed responsibility. This incident impacts the group's operations by disrupting their communication and data leak platform, likely affecting their extortion capabilities.
CISAO Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CISAO
Incidents vs Information Services Industry Average (This Year)
No incidents recorded for Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) in 2025.
Incident Types CISAO vs Information Services Industry Avg (This Year)
No incidents recorded for Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) in 2025.
Incident History — CISAO (X = Date, Y = Severity)
CISAO cyber incidents detection timeline including parent company and subsidiaries
CISAO Company Subsidiaries
The Cannabis Information Sharing & Analysis Center
Loading...
CISAO Similar Companies
NielsenIQ
NielsenIQ (NIQ) is the world’s leading consumer intelligence company, delivering the most complete understanding of consumer buying behavior and revealing new pathways to growth. NIQ combined with GfK in 2023, bringing together the two industry leaders with unparalleled global reach. Today NIQ has
Experian
Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, deliver digital marketing solutions, and gain deeper insights into the automotive market, all us
Wolters Kluwer (EURONEXT: WKL) is a global leader in professional information, software solutions, and services for the healthcare, tax and accounting, financial and corporate compliance, legal and regulatory, and corporate performance and ESG sectors. We help our customers make critical decisions e
CASA
CASA is an industry leading association that can provide you with the edge you need to be an effective business owner with a substantial property portfolio and gives you the power to confidently manage your business and structures to enable you, the business owner, to later on become a member of our
Gartner
We deliver actionable, objective business and technology insights. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission-critical priorities. Our unrivaled combination of business and technology insights steers clients toward the right
Springer Nature
Be Part of Progress - together we bring greater understanding to the world Springer Nature is one of the leading publishers of research in the world. We publish the largest number of journals and books and are a pioneer in open research. Through our leading brands, trusted for more than 180 years,
GLG is the world’s largest insight network. We connect decision makers to the right experts so they can act with the confidence that comes from true clarity and have what it takes to get ahead. Our network of experts is the world’s largest source of first-hand expertise, and we recruit hundreds of n
.png)
CISAO CyberSecurity News
December 12, 2025 12:35 PM
The facts on ‘scromiting’ – an intense bout of vomiting linked to overindulgence in cannabis
Scromiting refers to an intense form of illness – a mix of screaming and vomiting – brought on by overindulging in cannabis.
November 25, 2025 08:00 AM
How digital transformation exposes cannabis businesses to hackers
The cannabis industry's digital transformation is creating a new challenge for dispensary owners: cybersecurity.
November 18, 2025 08:00 AM
Cannabis Retailer Sued under My Health My Data Act (via Passle)
Washington cannabis dispensary Uncle Ike's is subject to a proposed class action in federal court alleging that it shared information on...
November 10, 2025 08:00 AM
Article | Senate shutdown deal includes language to renew two key cyber laws
The Senate version of legislation to reopen the federal government includes language to temporarily reinstate two key cyber laws that...
October 30, 2025 07:00 AM
Article | ICE made expansive request for taxpayer data amid IRS pushback
Federal immigration enforcement officials sought a wide range of sensitive information about suspected undocumented immigrants from the IRS,...
October 17, 2025 07:00 AM
GPhC medicinal cannabis supply review flags gaps in information sharing
GPhC medicinal cannabis supply review flags gaps in information sharing ... The General Pharmaceutical Council (GPhC) has called for stronger...
October 09, 2025 07:00 AM
Article | Peters to introduce bill reviving key cyber info-sharing law with retroactive safeguards
Senate Homeland Security ranking member Gary Peters (D-Mich.) plans to introduce a new bill to reauthorize a foundational cybersecurity...
October 02, 2025 07:00 AM
Article | Government flying partially blind to threats after key cyber law expires
A key law that helps the federal government guard against cyber threats to U.S. critical systems expired as the government shut down...
October 01, 2025 07:00 AM
Article | Senate Republicans shut down Democrats’ attempts to revive key cyber threat-sharing law
The fight to reinstate a bedrock cyber threat-sharing law that expired on Tuesday continued on Capitol Hill on Wednesday in between fiery...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CISAO CyberSecurity History Information
Official Website of Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)
The official website of Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) is http://www.cannabisisao.org.
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)’s AI-Generated Cybersecurity Score
According to Rankiteo, Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)’s AI-generated cybersecurity score is 735, reflecting their Moderate security posture.
How many security badges does Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)’ have ?
According to Rankiteo, Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) have SOC 2 Type 1 certification ?
According to Rankiteo, Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) is not certified under SOC 2 Type 1.
Does Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) have SOC 2 Type 2 certification ?
According to Rankiteo, Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) does not hold a SOC 2 Type 2 certification.
Does Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) comply with GDPR ?
According to Rankiteo, Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) is not listed as GDPR compliant.
Does Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) have PCI DSS certification ?
According to Rankiteo, Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) does not currently maintain PCI DSS compliance.
Does Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) comply with HIPAA ?
According to Rankiteo, Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) is not compliant with HIPAA regulations.
Does Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) have ISO 27001 certification ?
According to Rankiteo,Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) operates primarily in the Information Services industry.
Number of Employees at Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) employs approximately 4 people worldwide.
Subsidiaries Owned by Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) presently has no subsidiaries across any sectors.
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)’s LinkedIn Followers
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)’s official LinkedIn profile has approximately 452 followers.
NAICS Classification of Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) is classified under the NAICS code 519, which corresponds to Other Information Services.
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)’s Presence on Crunchbase
No, Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) does not have a profile on Crunchbase.
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)’s Presence on LinkedIn
Yes, Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cannabis-isao.
Cybersecurity Incidents Involving Cannabis Information Sharing & Analysis Organization (Cannabis ISAO)
As of December 15, 2025, Rankiteo reports that Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) has an estimated 2,362 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Cannabis Information Sharing & Analysis Organization (Cannabis ISAO) ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Everest Ransomware Group Tor Leak Site Defacement
Description: The Everest ransomware group experienced a significant security breach when their Tor leak site was defaced and subsequently taken offline. This group, known for its ransomware activities and initial access broker operations, has been a threat since 2020, listing more than 200 victims including healthcare organizations. In 2024, the group targeted a U.S. healthcare facility, demonstrating its continuous impact on sensitive sectors. The defacement, which left a message deriding crime, suggests a potential backlash from the cyber community or an inside exit scam, although no party has claimed responsibility. This incident impacts the group's operations by disrupting their communication and data leak platform, likely affecting their extortion capabilities.
Type: Defacement
Attack Vector: Defacement of Tor leak site
Threat Actor: Unknown
Motivation: Potential backlash from the cyber community or an inside exit scam
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Defacement CAN000041125
Systems Affected: Tor leak site
Operational Impact: Disruption of communication and data leak platform
Which entities were affected by each incident ?
Incident : Defacement CAN000041125
Entity Name: Everest Ransomware Group
Entity Type: Cybercriminal Group
Industry: Cybercrime
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unknown.
Impact of the Incidents
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=cannabis-isao' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
