Thousands of secrets leak daily on public git repositories, including over two million corporate secrets in 2020 alone. This can happen to anyone! For example, in January 2021, an Amazon cloud engineer accidentally committed almost a gigabyte worth of sensitive data that included their own personal documents, as well as passwords and cryptographic keys to various AWS environments on his personal GitHub repository.
2020 was the year of the DDoS attack. Distributed Denial of Service (DDoS) attacks spiked over the last year, driven by the pandemic and the fact that so many people were locked down, working from home, and using online services to get through the pandemic. According to a report from NETSCOUT, more than 10 million DDoS attacks were launched last year, targeting many of the remote and essential services people were using to make it through the lockdown.
Every day, billions of emails are sent out, some legitimate, while others are used to target unsuspecting users. According to the FBI, phishing attacks were the most common type of cybercrime in 2020. The reason these are so commonly used is because phishing tools are easy to get a hold of and attackers are taking advantage of the weakest link when it comes to security – the employees.
Snyk has been long invested in promoting application security awareness and practices through many of our initiatives, including actively participating in communities and foundations. Some examples include: Today, we’re proud to further engage with the community by announcing the Snyk Ambassadors program.
It used to be that technological innovations such as the internet made the world smaller and bought us all closer together. Sadly, that augmented ability to reach others brought with it a new avenue for unwanted and unpleasant interactions. In 2021, a study by Sapio Research on behalf of Respect in Security, showed around one third of cybersecurity professionals claimed to have personal experience of harassment, either online or in the workplace.
If you’re a developer who lives and breathes code all day, you probably don’t mind having to write complex configuration files to set up an automation tool or configure a management policy. But the fact is that many of the stakeholders who stand to benefit from security automation are not developers.
The NYDFS Cybersecurity Regulation (23 NYCRR 500) is a set of regulations from the New York State Department of Financial Services (NYDFS) that places cybersecurity requirements on all Covered Entities (financial institutions and financial services companies). It includes 23 sections outlining requirements for developing and implementing an effective cybersecurity program, requiring Covered Entities to assess their cybersecurity risk and develop a plan to proactively address them.
In an age of big data and connected devices, security information and event management (SIEM) is one of the key priorities for businesses of all sizes. At a time when data is everywhere, and cyber threats are growing, security information and event management is more important than ever. This is where information management meets security as companies seek to manage their incident response, compliance requirements, security, and analytics.
