The data in the new Verizon “Data Breach Investigations Report” (DBIR) offers critical insights into the current state of cybersecurity. After a year of data breaches and cyberattacks consistently dominating headlines, this year’s report closely examines what adversaries are looking for when they’re trying to infiltrate businesses and organizations.

Oftentimes, three-letter acronyms trend and become buzzwords. At other times, they act as catalysts by influencing the business environment in which an organization operates. Such acronyms include CSR (corporate social responsibility), GRC (governance, risk, and compliance), and the most recent one, ESG (environmental, social, and governance). These are important business concepts that drive investment considerations and organizations’ cybersecurity commitments to customers.

Small and medium-sized enterprises are increasingly turning to managed service providers (MSPs) to take charge of their cybersecurity. This trend was highlighted in a Pulse survey last year, where 88% of the businesses surveyed had contracted cybersecurity tools from external providers and 55% had opted directly for an outsourcing model with MSPs. But as the demand for MSPs grows, so does the competition among them.

With how much of our personal and professional lives take place online, it becomes more important each day for us to understand our vulnerability to cyberattacks. Cybercriminals target emails, domains, and accounts in order to impersonate identities and scam consumers and businesses alike. In 2021 alone, email spoofing and phishing increased by 220% and caused $44 million in losses. It is crucial to employ defenses to protect against these attacks.

A recent survey of nearly 2,000 IT professionals found that while most (85%) enterprises believe cloud technologies are critical to innovation, only 40% actually have a security policy in place. On top of this, almost half of the respondents using cloud infrastructure reported their engineers and developers circumvent or ignore cloud security and compliance policies, demonstrating the importance of automation and monitoring technology.

Since the advent of the internet, personal data has been collected by internet companies in exchange for free services or content. This barter was also intended to provide personalized services to users. However, these data harvesters started selling data to advertising agencies for huge profits, which resulted in predatory marketing efforts towards internet users.

Industry analyst Gartner recently published their 2022 report on the state of the DLP market. They consider DLP a mature technology but do talk to the emergence of next generation data security tools for insider risk management and cloud use cases. The enterprise DLP (EDLP) market is growing at around 6.6%.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Some useful tools have been launched on AWS to try and stem the flow of breaches which usually result from bad configuration. Check them out.

Black Duck’s newest release delivers all-new, lightning-fast infrastructure-as-code (IaC) scanning capabilities. The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months to come.

Payment fraud is a huge problem for eCommerce and online retail businesses. Even among the world’s biggest companies, there are horror stories about payment security problems like credit card data theft and financial fraud: Cyberthreats like carding attacks are responsible for most modern large-scale data theft. Payment fraud losses cost companies more than $33 billion in 2021 — and this is expected to rise to more than $40 billion by 2027.