With the continual increase of attacks, vulnerabilities, and misconfigurations, today’s security organizations face an uphill battle in securing their cloud environments. These risks often materialize into unaddressed alerts, incidents, and findings in their security products. However, part of the issue is that many security teams are often stretched too thin and overburdened by alert fatigue.
By way of a brief introduction, I have had a 25+ year career in technology, and this has come with some wonderful experiences and opportunities along the way. One constant throughout my journey has been a need to increasingly leverage data, enabling informed decisions (even automated) at all levels to ensure: secure, high performing and observable products and services are available to the customers and partners I’ve been supporting.
Roughly 212.4 million Americans were affected by data breaches in 2021, according to a report by Surfshark. Using a weak password is one of the root causes of a data breach. Passwords that contain dictionary words may be easier to memorize, but this also makes them much less challenging for attackers to crack. A password generator removes the task of creating unique passwords for each platform.
The CashApp data breach was caused by a former employee who accessed customer financial reports as an act of revenge against the company after their employment was terminated. According to the April 2, 2022 filing with the Securities Exchange Commission by Block (CashApp’s parent company), the employee required access to the financial reports as part of their daily duties.
The conflict between Russia and Ukraine includes a cyberwarfare component with government-supported threat actors and civilian hacktivists taking sides. The goals of disrupting IT infrastructure and utilities have led to a 4-fold increase in DDoS attacks between 4Q21 and 1Q22. Over 150,000 volunteers have joined anti-Russian DDoS campaigns using container images from Docker Hub.
HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR). In 2013, the final Omnibus rule was enacted, binding business associates - or third-party vendors - to the Health Insurance Portability and Accountability Act. This modification added another level of compliance complexity to an industry not accustomed to operating in the cybersecurity domain - the healthcare industry.
SaaS apps have become the “easy button” for organizations seeking a fast and simple way to make foundational business apps available to their employees. According to Gartner, “SaaS remains the largest public cloud services market segment, forecasted to reach $176.6 billion in end-user spending in 2022,” growing 14% over 2021.
With the continual increase of attacks, vulnerabilities, and misconfigurations, today’s security organizations face an uphill battle in securing their cloud environments. These risks often materialize into unaddressed alerts, incidents, and findings in their security products. However, part of the issue is that many security teams are often stretched too thin and overburdened by alert fatigue.
In the latest example of a cloud service being exploited for cyber espionage, researchers from Trend Micro have shed light on a campaign, conducted between March and October 2022, targeting government, academic, foundations, and research sectors of multiple countries including Myanmar, Australia, the Philippines, Japan, and Taiwan.
