68% of vulnerabilities in 2020 1“NIST security vulnerability trends in 2020: an analysis” by REDSCAN™ did not require user interaction to be exploited. Common malware and targeted attacks demand fewer and fewer user mistakes to cause damages to systems and disrupt business activities.
The Customer Security Controls Framework (CSCF) describes a set of mandatory and advisory security controls. To be compliant, all users need to be in line with all the mandatory security controls and suffer an annual assessment.
The sushi syntax is incorrect
Our story begins on a Friday evening. An InfoSec guy passes an order on an only sushi shop to take a romantic break with his sweetheart. He selects dishes and clicks on the “Checkout” button, however, instead of receiving the expected checkout page, he gets an SQL error page:
|“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near “Sushi”.”|
Market observations show that more than two-thirds of companies over the world anticipate either a decrease or no change of their IT budget in the “Covid-19 recovering phase”. In the meantime, about 80% declare they do not adjust their budget according to the business impact1Source: Gartner. As the market continues to lack skilled cybersecurity staff to meet the growing demand, organizations are forced to do “more with less”.
It’s TheCyberBlogTimes again! Today, it’s all about cyber risks. Ready to read, ready to score (and win our final award?)?
In recent years, ransomware attacks evolved from simple and basic encryption malware to a complex and organized industry. With this evolution, attacks have now a far more important impact on business continuity and company reputation.
For the past two years, we observed growing requests of companies towards realistic tests based on breach and crisis simulations. Indeed, the classic model shows its limits when an application or a network has been tested many times. One can be pretty sure that the first line is secured, but another one can also be completely blind about what could happen next if it is not the case.
The fight against vulnerabilities is a constant battle, a real race between hackers and organizations trying to keep them out. Unfortunately, organizations happen to lose.