Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It's that time of year again when ghouls, creeps, ghosts, and goblins take to the streets and scare the living daylights out of regular, everyday folk. None of these monsters compare to something much scarier, much more heinous–hackers! Cybercriminals don't wait until October to wreak havoc on the living, they do it every day, and their cyberattacks become bolder with each passing year. It's difficult to fathom how many cyberattacks actually happen.

As both consumer and commercial banking clients shift to primarily utilize online banking, they still have high expectations that their financial assets will be secure. In 2021, the banking industry reported 703 cyberattack attempts per week — a 53% increase from 2020. And the cost of cyberattacks in the industry has reached $18.3 million annually per breach.

The adoption of cloud software in organizations continues to grow. In 2020, the combined end-user spending on cloud services totaled $270 billion, according to Gartner. By 2022, projections indicate that this total will rise to a staggering $397.5 billion. In fact, according to Arcserve, there will be over 100 zettabytes of data stored in the cloud by 2025. To give you some perspective, a zettabyte is equivalent to a billion terabytes. But are cloud services superior to an on-premises solution?

OpenSSL.org has announced that an updated version of its OpenSSL software package (version 3.0.7) will be released on November 1, 2022. This update contains a fix for a yet-to-be-disclosed security issue with a severity rating of “critical” that affects OpenSSL versions above 3.0.0 and below the patched version of 3.0.7, as well as applications with an affected OpenSSL library embedded.

You and your board have the same goal: to drive your organization in the right direction. That makes everything easy, right? Well, not always. Whereas the problem used to be an overall lack of security awareness, boards now are very much aware of the business risk less-than-robust cybersecurity poses. Today, it’s all about communicating effectively and fluently, especially when introducing cybersecurity solutions.

OpenSSL is the most popular implementation of the TLS protocol (Transport Layer Security) which is essentially the de-facto security protocol of the internet today. The OpenSSL team announced critical security updates of versions above version 3.0 (OpenSSL 3.0 was released on September 7, 2021). The myriad of projects and software depending on OpenSSL must update and release a new version to enable end users to start patching their systems.

Fuzzing is a software security testing technique that automatically provides invalid and random input to an application to expose bugs. The goal of fuzzing is to stress the application to cause unexpected behavior, crashes, or resource leaks. It allows us, as developers, to understand the behavior and vulnerability of applications more comprehensively. We use fuzzing tools, referred to as fuzzers, to perform this kind of testing.

A report published by Cybersecurity Ventures predicts that by 2031, ransomware will attack a business, individual, or device every two seconds. The consequences of such an attack extend beyond the leak of sensitive information and financial losses; customers and clients don’t want to do business with organizations that neglect security of customer data. You can’t simply hope an attack will never happen.

Attack surface management (ASM) software is a set of automated tools that monitor and manage external digital assets that contain, transmit, or process sensitive data. ASM software identifies misconfigurations and vulnerabilities that cybercriminals could exploit for malicious purposes that result in data breaches or other serious security incidents.

Cybercriminals exploit vulnerabilities and misconfigurations across an organization’s attack surface to gain unauthorized access to sensitive data. The prevalence of digital transformation and outsourcing in the current threat landscape means an organization’s attack vectors can easily increase by millions each day. This ever-growing number makes it hard to identify cyber threats and prioritize remediation before a data breach occurs.