2020 was the year of the phish. Well, not officially. According to the Chinese Zodiac, 2020 was the Year of the Rat. But if you look at it from a cyberattack trends perspective, plenty of third parties reported a huge uptick in phishing attacks during 2020. The SANS 2021 Top New Attacks and Threat Report points to both the Microsoft Digital Defense Report 2020 and the 2021 Data Breach Investigations Report as key sources that validate phishing as the most common initial compromise vector.

For many cybersecurity professionals, October’s annual "cybersecurity awareness month" is met with scorn and ire, or mocked on social media for likes and hearts. Meanwhile they forget that, outside the small percentage of humanity that exist in our cybersecurity bubble, there are an enormous number of people that can and do benefit from the additional outreach, engagement, and focus that Cybersecurity Awareness Month brings.

In this blog post, we outline how the campaign works and the steps organisations can take to reduce the potential risks created by this and other email-based attacks.

September confirmed some things we already knew about the current state of cybercrime: While undersecured corporate targets remain tempting targets for hackers, the situation is increasingly worse for data-rich organizations such as governments, schools, and healthcare facilities. All of those sectors had cause for concern as the month drew to a close.

Supply chains are at the front of everyone’s minds right now. From fuel and food to toys at Christmas – the general public are starting to understand just how finely balanced the global supply chain truly is. Events like microchip shortages in Taiwan and the Ever Given blocking the Suez canal show how interconnected modern economies are, and how dependent our huge populations are on effective supply chains.

Since the covid-19, the cyber incident ratio has drastically increased and shows no signs of settling down. In just one year, cyber-attacks have targeted big enterprises, government agencies of the world’s leading countries, educational institutes, non-government organisations (NGOs), and small to mid-sized businesses. It is estimated that threat actors carry out cyber attacks every 39 seconds, which is relatively faster than before.

As the threat landscape evolves faster than we can keep up with, organizations must be aware of the type of threats they may face. Certain threat types, like ransomware and malware, are more prominent and therefore must be fought with the appropriate resources. On the other hand, some threat types are not prevalent and pose significantly less risk. However, just because a specific threat isn’t as widespread does not mean we shouldn’t take it seriously.

There is a lot of information out there (and growing) on software supply chain security. This info covers the basics around source and build, but does it cover all of your full software supply chain lifecycle? Is your build env at runtime protected? Is your application post deploy protected at runtime? This article will not only discuss what these concepts are, but provide additional discussions around the following: Read on brave reader…

Attacks executed through builds abuse trust we have in our build tools, IDEs, and software projects.