Application security is integral to software development, and the majority of organizations now have dedicated AppSec programs. In the past five years, there has been a marked cultural shift, with application security becoming a strategic initiative that spans departments rather than an activity, like periodic scanning, code reviews, or testing or a transactional event related to a security assessment.
In Q2 2022, Kroll observed a 90% increase in the number of healthcare organizations targeted in comparison with Q1 2022, dropping the final nail in the coffin for the “truce” some criminal groups instituted earlier in the COVID pandemic. Ransomware helped to fuel this uptick against healthcare as attacks increased this quarter to once again become the top threat, followed closely by email compromise.
Application security assessments are more critical than ever before. Digital transformation is required to meet the expectations of customers in many industries, meaning that companies are looking for software products to help them modernize their operations and meet those demands. However, choosing a piece of software is an expression of trust: by bringing your software into their network, customers are looking to accomplish their goals without letting attackers in.
With companies in virtually every industry facing persistent and increasing cyber security threats, federal regulators are taking steps to protect customers and investors. In March, the SEC proposed new cyber security transparency rules that would require publicly traded companies to disclose, among other things, the cyber security expertise—or lack thereof—among their board members. This is despite the evidence that it is a recognized risk within businesses.
Kroll has observed an increase in two social engineering tactics known as “vishing” and “smishing.” These tactics use phone calls, voice altering software, text messages and other tools to try to defraud unsuspecting people of valuable personal information such as passwords and bank account details for financial gain. These types of attacks use similar techniques to the common infection vector, phishing.
