Today’s cyber threat landscape is extremely challenging. Ransom this, ransom that, ransom everywhere – information technology (IT) professionals must work to protect organizations against the next big ransomware attack. Over the years, the sophistication of ransomware attacks has increased as well as the amount of money demanded and paid out in exchange for the ransom-held information.

Nearly all U.S. executives (98%) report that their organizations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-U.S. executives, according to Deloitte’s 2021 Future of Cyber Survey. Further, COVID-19 pandemic disruption led to increased cyber threats to U.S. executives’ organizations (86%) at a considerably higher rate than non-U.S. executives experienced (63%). Yet, 14% of U.S.

Protecting sensitive data with multi-factor authentication (MFA) has become a requirement for cyber insurance policies. Recent attacks (SolarWinds, Colonial Pipeline, Kaseya) and mandates like the White House’s Executive Order to implement MFA in 180 days or less, are proving that identity and password-related vulnerabilities are a top security threat, and one where you can lose a lot of money.

We’ve recently discussed application security and the trend we’re seeing in which companies are increasingly implementing security early on in the Software Development Life Cycle (SDLC). In our blog post exploring the impact of adopting application security, we described a common scenario involving assessing an application that was ready for release. Through the assessment, critical vulnerabilities were identified, such as an SQL injection, close to the go-live deadline.

This year’s Cybersecurity Awareness Month has come to an end and, with every passing year, cyberthreats are increasing in number and complexity. Reactive solutions are no longer enough to confront cyberattacks. Organizations must implement proactive strategies to secure their IT assets.

Many Gmail users were recently greeted with a message that alerted them that 2-step verification will be required to log into their accounts starting on November 9th (today). While many in the security community have been advising people to turn on 2-factor, 2-step, or any other secondary security method on every account as a way to protect the login process, the Twitterverse showed that many people were unhappy with Google’s implementation of this mandatory change.

When David McCheyne, DevOps Engineer at Datto, outlined a plan to ease the company into developer-first security using Snyk, he thought it would take his teams a year to prove the concept. A seasoned DevOps pro, David understood very well the enormity of this change and was prepared to slowly introduce Datto security champions to the Snyk platform and not force the process.