It’s a tough time for small business owners and their employees. Surging operational costs and supply chain issues are colliding with a rate of inflation that’s limiting how much consumers are willing and able to spend. And as the pandemic continues, there could be more legal and economic hurdles on the way. Startups and other small businesses are fighting to keep their doors open, or to open them in the first place.
It is often stated that security is hard. Whether it is the people, processes, and technology, or any combination of the three, security is a never ending challenge. Conversely, compliance is the opposite. Compliance is relatively straightforward. For too long, and for too many organisations, meeting a compliance standard was seen as a satisfactory way to boast of security. The competing ideologies of security versus compliance have long vexed even the most optimistic cybersecurity professional.
Call me David. As you might have heard, Log4Shell, “the single biggest, most critical vulnerability ever”1 was recently disclosed to the public. You may even have seen us make mention of it here, here, here, or even maybe here. Splunkbase was impacted by way of apps both made by Splunk and third-party developers.
With the release of CMMC 2.0, and the significant changes that come with it, we have to update our cost expectations. This post covers whether CMMC is appropriate for your business, provides a cost breakdown of the 3 major effort areas, offers a rough estimate of the costs of CMMC compliance, and answers the question of whether an expert can save you time and resources.
Recently I shared with you our excitement about our agreement with TA Associates (TA) to make a significant growth investment in Veracode. I am pleased to share that the deal is now closed, opening up a tremendous new chapter in Veracode’s journey.
Everyone is at risk of a data breach or cyber attack, no matter how small or large a company is. Hackers and cybercriminals come up with new ways every day to steal sensitive information or personal data that they can potentially sell or ransom for money. According to a report published by the Identity Theft Resource Center (ITRC), a record number of 1862 data breaches occurred in 2021 in the US.
The first few months of 2022 have brought with them plenty of breaches and vulnerabilities for threat experts to sink their teeth into; in March alone, Microsoft has patched 71 CVEs, two of which, CVE-2022-22006 and CVE-2022-24501, were deemed critical–but more on those later. Meanwhile, cloud-based software company Okta has suffered a cyber-attack, believed to be at the hands of threat actor “Lapsus$”, which has put thousands of its 15,000 customers on high alert.
On April 28 and April 30, respectively, WhiteSource Diffend identified, blocked, and reported two packages we deemed were malicious versions of original Amazon Web Services (AWS) packages. Whitesource security experts have reached out to contacts at Amazon to notify them of our findings. This discovery may point to a new takeover method that targets packages of well-known origins, in this case, AWS.
In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough.
