Another day, another supply chain attack. No sooner did we recover from the SolarWinds breach, than we found ourselves reeling from a new ClickStudio attack. That’s why we’ve decided to launch this new series, fondly named The Source, to provide you with the latest news and updates on supply chain security. On this installment of ‘The Source’, get to know the red hot supply chain attack methods du jour.

As organizations continue to rely on software for core business processes, application security is an ever-critical consideration. Snyk recently held a roundtable with Reddit to discuss application security in 2021. In this post, we’ll recap the discussion between Guy Podjarny, President & Co-Founder of Snyk, and Spencer Koch, Security Wizard at Reddit.

The Solarwinds supply chain attack has made the danger of third-party breaches very clear. Businesses globally are realizing that their vendors may not be as secure as they originally thought. The concerning truth about vendor relationships is that you can never be confident of a prospective vendor's cybersecurity. In fact, onboarding new third-party vendors increase your digital risk and the likelihood of becoming victim to a third-party breach.

The Biden administration said it’s drafting an executive order to help the United States government better defend itself against digital supply chain attacks.

Cyber security experts weigh in on what we’ve learned about President Biden’s cyber security strategy in his first 100 days in office. President Joe Biden declared in mid-December, more than a month before he took office, that cyber security would be a “top priority” of his administration. It should be. The digital world, as we are all now reminded daily, has a direct impact on the real world, for better and worse.

Clop Ransomware has been active since 2019 and has been mostly associated with financially-driven criminal groups. However, lately this ransomware payload has been observed in campaigns against universities and other institutions in the education vertical.

Data privacy has been a hot topic in the tech world for years now. With every new technology come new regulations that require companies to completely re-examine the way they handle private data. Most companies already have a basic data privacy policy they constructed alongside lawyers and tech experts to avoid facing serious fines and penalties. However, compliance isn’t just about focusing on current regulations and meeting the bare minimum requirement to avoid legal consequences.

Most large-scale entities need to prove compliance with multiple regulatory standards. In their efforts to meet their compliance mandates, organizations could suffer a major drain on their time and resources. This possibility holds true regardless of whether they’re finance companies, retailers, manufacturers or hospitality firms. Organizations face an additional obstacle when they have an internally created compliance standard that demands enforcement.

Implementing any IT project requires time, planning, and effort and AIOps probably requires even more planning and stakeholder involvement, because of the breadth of coverage and potential to bring profits to multiple IT domains/functions (ex: ITOps/ITSM/NOCOps). Customers have high expectations from AIOps, but, even after taking such major projects, most AIOps vendors are only able to support a few core AIOps use cases, which severely limits the utility and potential of AIOps.

I recently attended a Snyk roundtable with Intuit, and it was such a good session that I wanted to write a post sharing some of the insightful discussion and takeaways — starting with this great artistic impression of the session! As a TL;DR, here are my biggest takeaways from the session.