At Snyk, we strongly believe in empowering developers to take ownership of security. Developers are the builders of today and ultimately hold the keys to successfully securing their code. Only a developer-first approach, one that combines developer-friendly tooling together with guidance by security, can help organizations traverse the path to better-secured applications.

While the COVID-19 pandemic has disrupted business models around the world, the adoption of modern application and cloud technologies continues to grow. This year’s Continuous Intelligence Report by Sumo Logic provides an inside look into the state of the modern application technology stack, including changing trends in cloud and application adoption and usage by customers, and the impact of COVID-19 as an accelerant for digital transformation efforts.

Sharing data is the basis for all business processes and what drives operations and productivity. Today, more than 50% of organizations’ data is in the cloud and the typical enterprise now deploys more than 2,400 cloud applications. Concurrently, data protection remains the nexus between cloud apps, web services, and an increasingly larger number of remote users in support of modern business initiatives.

The Cloud Threats Memo is a weekly series from Paolo Passeri, digging into a recent cloud threat and highlighting how Netskope can best help mitigate it. The Anti-Phishing Working Group has recently released its Q4 Phishing Trends Report 2020, which analyzes the top phishing attacks and other identity theft techniques, as reported by the members of the group.

The MITRE ATT&CK framework is a universally accepted knowledge-base of tactics, techniques and procedures designed to organize and display how adversaries attack real-world assets. Blue teams use ATT&CK to better understand the multitude of new (and old) attacks and map those to their internal tools and systems.

Conducting a data protection impact assessment (DPIA) or privacy impact assessment (PIA) is a complex and challenging task. Nevertheless, it’s critical to do. Data privacy concerns have become a significant focus across all industries, and for good reason: data is at higher risk than ever before. In its 2020 Q3 Data Breach QuickView Report, Risk Based Security revealed that 36 billion records were exposed during the first three quarters of 2020.

In striving to make sure in-office and remote employees’ work is secure, organizations often rely on technology-centric approaches. Although user monitoring tools and other cybersecurity solutions do their jobs, they still can’t affect employee behavior and fully secure remote work. To engage remote employees into cybersecurity, organizations are now shifting to a human-centric approach.

First identified in 2014, Emotet evolved from a niche banking Trojan into what was classified this year by Europol as one of the most prevalent strains of malware in the world. The sheer scale of Emotet’s impact on organisations means that its disruption by authorities in early 2021 ranks as one of the most significant takedowns in cyber security history.

Security is an essential part of any modern IT foundation, whether in smaller shops or at enterprise-scale. It used to be sufficient to implement rules-based software to defend against malicious actors, but those malicious actors are not standing still. Just as every aspect of IT has become more sophisticated, attackers have continued to innovate as well. Building more and more rules-based software to detect security events means you are always one step behind in an unsustainable fight.