Attack Surface Management (ASM) is the ongoing discovery, inventory, classification, prioritization, and security monitoring of an organization’s IT infrastructure. The attack surface is all of the entry points where an unauthorized user or attacker can pull data from.

Software supply chain risks are escalating. Between 2020 and 2021, bad actors launched nearly 7,000 software supply chain attacks, representing an increase of more than 600%. Without identifying and managing security risks within the supply chain, you could be exposing your critical assets to attacks. Implementing a supply chain risk management strategy is essential to staying ahead of the potential threats and making the most of your software.

For modern IT firms, developing secure software while meeting the market speed and scale needs has always been a paradox. Because of the fear of lagging behind in terms of speed to market, more than 52% of the businesses sacrifice security. That is why adopting DevSecOps and building security into software right from the start becomes an obvious solution. Sooner or later, this strategy is going to conquer the field of software development.

This blog was written by an independent guest blogger.

Read also: DeadBolt ransomware targets Asustor NAS devices, logistics company Expeditors falls victim to a cyber attack, and more.

Global supply chains are bearing the brunt of ransomware attacks, according to a new report that finds manufacturing was the most targeted industry during 2021. Knocking financial services and insurance off the top of the heap after a long reign, the manufacturing industry was found by IBM to be the most attacked sector – accounting for 23% of reports of ransomware.

In January 2022, Microsoft announced that Excel 4.0 macros will be restricted by default, as a measure to protect customers against malware based on XLM 4.0 macros. As a more aggressive measure, on February 07, 2022, Microsoft announced that they will start blocking VBA macros for files downloaded from the internet.

Policies and procedures are an integral part of an organisation. They determine the company’s culture, beliefs, norms, and expectations, thus they must be carefully drafted and regularly updated.

As technology folks, we are often under a lot of pressure to fix some deployed code, update an infrastructure component, or patch some code. Often it’s with little notice and needs to be done 5 minutes ago. The gamble with any “zero turnaround” is the rush to fix now vs. taking the time to test and check.

Trustwave security and engineering teams are on heightened alert and are actively monitoring malicious cyber activity associated with and adjacent to the escalating military conflict between Russia and Ukraine. Trustwave is working closely with its clients around the world to enhance cyber preparedness during this time.