Every time you log on to the Internet, you put your IT systems and the data you handle at risk. At the same time, it’s also impossible to run a successful business without going online, so a key element of modern business management is a strong cybersecurity risk management program. Why? Because the only people in the cybersecurity field working harder than software engineers are the criminals trying to find a new way to breach the latest network security measures.

Trust isn’t given, it’s earned. As the Russian proverb advises, Доверяй, но проверяй — or as U.S. President Ronald Reagan liked to repeat, “Trust, but verify.” We designed JFrog Pipelines to securely support a large number of teams, applications, users and thousands of pipelines.

We have been witnessing an ever growing amount of supply chain security incidents in the wild. Everything from open source package managers security flaws being exploited to continuous integration systems being compromised to software artifacts being backdoored. And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE.

To stay ahead of attackers, we constantly monitor various security threats. One of these threats — supply chain attacks — aims to compromise an organization through its software development process. Recently, a huge spike in supply chain attacks was observed — dependency confusion was discovered, the SolarWinds breach was reported and more malicious packages were flagged. This certainly drew our attention (as well as the rest of the world’s)!

The next iteration in the history of technology convergence emerged with Gartner’s Secure Access Service Edge (SASE). Networking and security vendors have been integrating capabilities for decades, and market adoption of these integrations has only accelerated due to innovations such as virtualization and cloud computing. From a networking perspective, routing of traffic extends far beyond IP and MAC addresses to now include application steering and transport-agnostic overlay networks.

The total number of phishing attacks doubled in 2020, with phishing for cloud credentials, specifically SaaS and webmail app credentials, accounting for nearly a third of the targets of phishing campaigns. Over the same period, we saw cybercriminals hosting 13% of their baits in cloud apps. This blog post summarizes the top phishing trends from 2020 and looks forward at what to expect for the rest of 2021.

Inherent risks include all risks that are present without any security controls. Residual risks are the risks that remain after security controls are implemented. Residual risks are inevitable. Even with an abundance of security controls, vestiges of residual risks will remain that could expose your sensitive data to cyber attacks.This is because the proliferation of digital transformation expands the digital landscape, creating more attack vectors.

Attacks against operational technology (OT) and industrial control systems (ICS) grew dramatically in the past few years. Indeed, a 2020 report found that digital attacks against those two kinds of assets increased by over 2000% between 2018 and 2020. Many of those attacks involved vulnerabilities in Supervisory Control and Data Acquisition (SCADA) systems and other ICS hardware components or password spraying techniques.

King & Wood Mallesons (KWM) is among the world’s most innovative law firms and is represented by 2,400 lawyers in 28 locations across the globe. The international law firm, based in Australia, helps clients flourish in Asian markets by helping them understand and navigate local challenges and by delivering solutions that provide clients with a competitive advantage.

The recent executive order calling for immediate improvements in the federal government’s cybersecurity is impressive. I give the Biden Administration a lot of credit for publicly admitting there are significant problems and weaknesses in the federal government’s IT and cybersecurity infrastructure and practices. The order also includes some key points that are significant for Devo and our customers.