Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyber attacks are very common in today’s corporate world. Consequently, they are becoming an increasing concern for organizations. With cyber incidents of different intensity and nature happening every day all over the world, businesses are turning to cybersecurity solutions and cyber insurance as a way to protect themselves from harmful effects of data breaches.

For a Cloud Service Provider (CSP) to be FedRAMP accredited, it must complete the following six phases. They are diagnostic assessment, boundary and architecture review, documentation, technical remediation, testing preparation & residual risk, and Final Authorization to Operate.

The Federal Trade Commission (FTC) put significant updates into effect on January 10th, 2022, to strengthen the Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA) to protect consumer data collected by financial institutions. The amendment applies to nonbank financial institutions and requires them to develop, implement, and maintain a comprehensive cybersecurity program in order to protect their customers’ information.

CrowdStrike continues to support coverage of MITRE, first through the MITRE ATT&CK® framework and now with the latest findings from the MITRE Center for Threat-Informed Defense (CTID). Today MITRE CTID released a report examining threat trends and patterns frequently used by malicious insiders to exfiltrate data, access confidential information and commit fraud.

As per the Varonis Global Data Risk Report for 2021, 13% of all the files and folders; and 15% of sensitive files in an organization are open to everyone. Further, when it comes to the SMEs, only 16% of them have done thorough cybersecurity posture reviews, and that too after encountering an attack. While organizations across the globe have very little or no preparedness when it comes to cybersecurity, cyberattacks are becoming more and more sophisticated.

Photo by ThisIsEngineering from Pexels Considered one of the largest exploitable vulnerabilities in history, Log4Shell affects many as Log4J is one of the most extensively used logging libraries. An issue that has existed for almost a decade but just recently was discovered, Log4Shell leaves companies vulnerable to the full extent of these attacks. AT&T Alien Labs blogged about the vulnerability back in December 2021, with more technical detail.

Read also: Google and Adobe address zero-day flaws, the US issues an alert over Russian hackers, and more.

Today, I am excited to announce Snyk’s acquisition of Fugue and welcome their team to the Snyk family. The addition of Fugue to Snyk’s platform will allow us to continue our mission to help developers find and fix security issues in the applications they create, by providing visibility into the security of applications and the cloud services they use. But it’s about more than just visibility of the cloud posture.