Gone are the days when gate-based security processes were the most effective way to ensure security of an organization’s external attack surface. Getting the security team to sign off on every new application or asset before they go live simply is not scalable.

You don’t have to look far for proof that cybercrime is soaring to new heights. Early in the pandemic the U.N. reported cybercrime had increased 600% and other experts estimate damages from global cybercrime to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. Last year alone, we started 2021 in the fog of the SolarWinds attack and finished with the infamous Log4j vulnerabilities, the full impact of which will take years to understand.

As technology continues to evolve rapidly, so do the techniques used by adversaries. This may be considered a given, but it is important to appreciate how attackers may leverage existing and commonly used applications within an environment to attempt to seize control and achieve their objectives.

According to the FBI Internet Crime 2020 Report, phishing scams were the most prominent attack in 2020 with 241,342 complaints reported and adjusted losses of $54 million. In particular, whaling (a highly targeted phishing attack) has been on the rise and is only expected to grow from here. A whaling attack targets high-profile executives with access to valuable information and systems. Let’s take a closer look at whaling attacks and how to stay protected.

Apple iPhone users are one of the largest targets when it comes to cyber-attacks. Apple uncovered its biggest hack in history last November, which went undetected for five years. At the time they alerted users who had fallen victim to the colossal Apple cyber attack. The hack targeted Apple’s iCloud service and was able to gain access to users’ photos, videos, and other personal information.

As per the Varonis Global Data Risk Report for 2021, 13% of all the files and folders; and 15% of sensitive files in an organization are open to everyone. Further, when it comes to the SMEs, only 16% of them have done thorough cybersecurity posture reviews, and that too after encountering an attack. While organizations across the globe have very little or no preparedness when it comes to cybersecurity, cyberattacks are becoming more and more sophisticated.

Read also: Google and Adobe address zero-day flaws, the US issues an alert over Russian hackers, and more.

A SQL injection flaw allows for an attacker to modify or inject SQL syntax into the request to make the application behave in a manner that was not initially intended. In other words, an attacker can change a database query to: Now with almost all web applications having integrations with databases in some way, this flaw has the potential to arise often. However, many frameworks and libraries are available to make database connections and queries safe.

One very predictable part of cybersecurity is that the work is unpredictable. here are routines that help to create a predictable rhythm, but you don’t necessarily know when the next attack will come, how intense it will be when it does, or when you will get to go back to a predictable and hopefully manageable rhythm again.