Many cybersecurity leaders today express greater levels of confidence than ever before in their cloud security posture. Cloud security tools have greatly matured over the last few years and that, combined with the inevitability of cloud dominance in modern IT, has helped them reach a wary acceptance of the new normal. Nevertheless, recent research indicates that security pros are still dealing with some significant cloud risk factors that justifiably give them heart palpitations now and again.
Last year the OWASP Top 10 committee was prophetic in at least one of its inclusions in the update to its industry benchmark list. For the first time, the group included insecure APIs as one of the most common attack vectors that developers need to avoid adding to their code when creating software. Looking back on 2018, you can see why they sounded the warning.
This year’s online holiday shopping season was kicked off to tremendous fanfare, as deal hunters went crazy last week with record-breaking spending. According to USA Today, holiday sales on Cyber Monday topped $7.9 billion in just the US alone. Meanwhile, mega retailer Amazon reported that Cyber Monday was the single biggest global shopping day in its company history—people ordered more than 18 million toys from Amazon on Cyber Monday and Black Friday combined.
Enterprise software is drowning in vulnerabilities and even organizations highly motivated to fix security flaws in their applications struggle to do it in a timely fashion.
As enterprises look toward the 2019 budget cycle, CISOs and other IT executives are increasingly pushing cloud security to the top of the cybersecurity budgetary priority list.
The annual State of DevOps report is out for 2018 and the study offered up some very strong proof points for the tight relationship between mature DevOps practices and improved security operations.
The importance of a strong enterprise cybersecurity culture to the overall effectiveness of an IT security department can't be understated. It's consistently named by executives as a crucial, if ephemeral, ingredient for cyber risk management success.
Make no mistake, DevOps trends are catching fire in the enterprise these days and for good reason. A new report out by DevOps Research & Assessment (DORA) shows that the highest performing DevOps organizations are crushing their software delivery metrics.
Security professionals, penetration testers and malware investigators are preparing to get energized. In just about a week the hacking community will converge on Las Vegas to drop their biggest discoveries of the year at the podiums of Black Hat USA. This annual confab always offers up a range of great new ideas for defenders, red teamers and security researchers—as well as a boatload of new tools. This year's show should be no different. The buzz is already growing for a number of previously unseen tools that will help security pros solve tough problems and break things in whole new ways. Here are a few highlights.
The rising tide of criminal schemes to steal compute cycles for mining cryptocurrency has reached a high-water mark. This month researchers report that cryptojacking malware and attacks have overtaken ransomware as the number one malware threat online today.
Automation is enterprise cybersecurity's biggest buzzword as organizations seek to keep pace with a threat landscape that grows more frenetic by the hour. But as automation spending skyrockets, many enterprises are finding that they're not getting the most out of their investment.
Electric car manufacturer Tesla is facing a nightmare insider attack scenario for which too many companies today fail to prepare. Tesla CEO Elon Musk admitted this week that an employee managed to intentionally wreak havoc with the software code that underpins the company's manufacturing system. The fallout has resulted in "quite extensive and damaging sabotage to our operations," according to Musk in a company-wide email that was leaked to CNBC two days ago.
