Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As the financial sector continues to adopt cloud technology, regulatory frameworks such as the updated NIS2 Directive and the Digital Operational Resilience Act (DORA) are shaping the cybersecurity landscape. Every second counts in such a complex environment: attackers can move quickly in the cloud, so defenders must change their strategies and tools to keep up. The financial sector has always been a prime target for cyber attacks, with the average breach costing almost 6 million US dollars.

When looking for sensitive information and other valuable assets, attackers rarely access their target directly. Instead, they find vulnerabilities in other components and use them to weave through the system and escalate privileges where they can. Because containers add a layer of complexity to already large and complex applications, the attack surface is increased, giving threat actors more to work with.

How would you feel about your home security system if it only checked to see if your doors and windows were locked periodically? This security system would provide great visualizations of your house and how a criminal could get from one room to another, ultimately reaching one of your prized possessions, like a safe. However, it doesn’t have cameras on your doorbell or windows to alert you in real time when someone suspicious was approaching, or worse, trying to break into your house.

Occasionally, you get exposed to something so logical that you literally take pause and smile quizzically asking yourself “Why didn’t I think of this before?”

The recent discovery of a backdoor in XZ Utils (CVE-2024-3094), a data compression utility used by a wide array of various open-source, Linux-based computer applications, underscores the importance of open-source software security. While it is often not consumer-facing, open-source software is a critical component of computing and internet functions, such as secure communications between machines.