Impacts of changing landscape

1. Two years into the deadly and disruptive global pandemic, not only are we continuing to see more attacks, we’re also seeing more actual breaches which results in significant financial losses, reduction in getting new business, losing trust with existing customers.
2. In today's scenario, most of the organizations has adopted agile methods for software development which has shortened Go-To-Market by deploying changes quickly to production environment. A security vulnerability leak could cause significant damage in no time and cost of such incident might outweigh the security budget
3. Implementing security keeps getting harder with more threats, complexity, fewer people and hence we see lot more cyberattacks and breaches
4. Top 3 attacks of 2021:
   1. SolarWinds attack had 18000 customers impacted
   2. REvil hit Apple supplier Quanta with a $50 million ransomware attack
   3. Apache Log4j, a zero-day vulnerability attempted exploit of more than 48% of corporate networks globally.
5. 2022 so far:
   1. The war in Eastern Europe has triggered cyber warfare (criminal ransomware, hacktivist or other disruptive attacks against government or critical infrastructure) with potential disruptive activities and information operations with the goal of eroding popular sentiment and political will.
6. Major causes for vulnerabilities:
   1. Current trend as per Trend Micro:
      1. 80% of application code is open source
      2. 2.5x increase in open source vulnerabilities in the last 3 years
      3. 78% of vulnerabilities are found in in-direct dependencies
   2. As per Gartner, through 2023, at least 99% of cloud security failures will be the customer’s fault, mainly in the form of cloud resource misconfiguration.
7. A 2021 report suggests that because healthcare organizations are less likely to back up their data than those in other industries, they are more prone to paying the demands of ransomware actors. Please refer to Figure 1 for its trend.