Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code are a growing threat, and they may have unknowingly infiltrated your applications.

Organizations of all kinds are experiencing increasing volumes, frequency, and severity of cyberattacks. 71% of IT and security leaders say that their portfolio of applications has become more vulnerable in the last year alone, and cybercrime is expected to cost companies worldwide around $10.5 trillion annually by 2025. To fight this trend, organizations need a resilient AppSec strategy that can reinforce trust, reliability, and security when faced with adverse conditions.

Supply chain attacks made headlines in 2022, sending shockwaves through the industry as security and business leaders scrambled to reexamine the security of their own supply chains. In this webinar, experts talk through the stages of a supply chain attack and the different types of attacks to look for. You will also learn what tools and strategies you can start using immediately to assess your own supply chain security and put defenses in place to keep your supply chain protected.

Threat actors operate by an ironclad rule: If it’s important to businesses, it’s important to them. And they certainly understand the crucial business role of applications. Applications are now the number one attack vector, while software supply chain attacks increased 650 percent in a year. Clearly, if you don’t already have a modern application security program that can support today’s digital world, you need to build one.

Open source vulnerabilities are in permanent growth mode. A significant quarterly increase in the number of malicious packages published in registries such as npm and rubygems have shown the increasing need to protect against this trending attack. At the same time, companies struggle to close the remediation gap on known vulnerable open source code. It’s all in The Mend Open Source Risk Report, which details these and other significant risks posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.

In this enlightening discussion with expert Paul Dwyer, we explore the changing landscape of penetration testing within the context of the Digital Operational Resilience Act (DORA). Paul addresses the concern of traditional, snapshot-in-time penetration testing being costly and asks whether this will drive organizations towards more regular and ongoing testing to enhance security. The answer is a resounding "yes." DORA includes a dedicated section that mandates various types of tests, ranging from standard assessments to highly specific threat lab penetration testing.

How can security leaders be effective and resilient in one of the world's most fast-paced sectors? We're joined by Chief Security Advisor at Microsoft, Sarah Armstrong-Smith, who offers her advice on crisis management and building a human-first security culture. 🚨🧑‍💻 We also serve up our latest 1Password tips in Did You Know? Plus, an episode wouldn't be complete without a game of HackerNoHacker! 🔐💻

To foster a culture of data protection that enhances global enterprises through secure application development, Protegrity developed the Shift Left Developer community. Our community recognizes the discrepancies and challenges data teams face when it comes to implementing solutions – both technologically and professionally – and offers the resources, guides, and cross-collaboration from teams around the world to help develop effective and efficient approaches to integration processes.

Join this webinar with Sumo Logic and SANS to learn: What impact do human targets have on cybersecurity Why solving the human problem may ultimately be a technology problem Where AI/ML technologies can help security teams better understand human behaviors and protect the enterprise.