Cybercriminals continue to take advantage of the global pandemic created by COVID-19 and are targeting government agencies and organizations via phishing emails and malware attacks. Learn about some of this month’s most notable data breaches and cyberattacks in our monthly Data Breach Round-Up article series, the May edition.

Configuration drift occurs when unrecorded or unplanned changes are made to a system, application or network. As a system drifts over time, away from the original intended state, the severity of the matter increases. Any user’s actions, however big or small, that result in a given configuration deviating away from one that is considered necessary or secure can have potentially severe consequences and detrimental effects on an organization.

Oracle and KPMG recently issued their 2020 Cloud Threat Report that identifies the key security risks and challenges organizations are faced with as they implement and manage cloud solutions. The joint cloud and threat security report revealed a shift in attitudes towards cloud security, with 75% of respondents viewing the public cloud as more secure than their own data centers.

DevOps and traditional security have historically operated with different schools of thought. In the past, security was seen as a hindrance to the DevOps process and the role of security was left to address at the end of an applications life cycle. But now, there’s a way to make security a part of your DevOps process without reducing speed or scalability – with the adoption of DevSecOps.

Over the past five years, data breaches caused by third-party vendors have continued to increase in severity and frequency. In fact, research found in the latest Ponemon Institute Data Risk in the Third-Party Ecosystem report claims that 59% of companies experienced a data breach caused by one of their third-party vendors. Minimizing your chances of a third-party data breach is a tall order since much of it is out of your direct control.

Starting on September 1, 2020, Department of Defense (DoD) contractors will be required to comply with the new Cybersecurity Maturity Model Certification (CMMC), a new cybersecurity framework designed to enhance security defenses. This new standard draws upon NIST 800-171 Rev 2, ISO 27001 and other security frameworks to create one unified standard for implementing cybersecurity across the entire defense industrial base (IDB).

The popular domain registry and web hosting company GoDaddy is in the headlines this week after the company reported that an unauthorized user accessed login information used by an undisclosed number of its 19 million customers. GoDaddy informed its customer base of the incident on May 4 in an email stating that on October 19, 2019, an unauthorized individual accessed the login credentials used to connect to SSH on the hosting site.