Despite years of effort encouraging a DevSecOps approach, development and security teams tend to remain divided. For example, according to 2020 research, 65% of security professionals reported that their companies had successfully shifted security left. Good, right? But the same research also shows that almost a third of people believe the security team is primarily responsible for security — despite shifting left.
"People tell you who they are, but we ignore it, because we want them to be who we want them to be.” - Don Draper Earlier this year we announced some security enhancements to how we handle submissions to Splunkbase. The simple statement is we are making things faster/cheaper/better where Splunkbase security is concerned. Faster in that it takes less time for a developer to get an app into our platform. Cheaper in that it’s more automated.
Being a developer, it has become your moral responsibility to offer clean and safe software products for users to install on their systems. You can easily tackle this by signing your software code and other executables with a digital security certificate.
Fileless threats are on the rise. These threats occur when cybercriminals use pre-existing software in victims’ systems to carry out attacks, instead of using a malicious attachment or file. More often than not, a criminal’s favorite tool for a fileless attack is PowerShell.
Ransomware attacks continue to make headlines and cause havoc on organizations on an international scale. Unfortunately, we should expect that ransomware attacks will persist as one of the primary threats to organizations. Ransomware attacks have grown 350% in recent years, and while the best strategy is to prevent attacks from happening in the first place, there is no guarantee your data won’t be compromised.
The California Consumer Privacy Act (CCPA) is a law that allows California consumers to ask companies to provide them with all the information they have stored about them as well as a full list of any third parties that the company has shared that data with. In addition, the California law gives consumers the right to sue companies if the privacy guidelines are violated, even if there have been no actual breaches of privacy.
The current cyberattack landscape has forced companies to look for new forms of protection, which is why they are increasingly resorting to the use of cyber insurance. The figures are alarming: 148,104 malware attacks are launched every day, which translates into 6,172 attacks per hour. The consequences of a breach can mean dedicating a large part of a company’s resources to restoring computer systems and dealing with any ensuing penalties and lawsuits.
Read also: Europol dismantles 'iSpoof' online spoofing service, Meta fires employees for hijacking user accounts, and more.
Have you ever had to set up your Gmail account on a secondary device, such as your tablet, and when you tried to login, verification prompts were sent to your original device to confirm that the login attempt was done by you? You confirmed the login, and that ended it. That is exactly what happened to an Uber employee whose account was compromised.
