Impacts of changing landscape
- Two years into the deadly and disruptive global pandemic, not only are we continuing to see more attacks, but we’re also seeing more actual breaches which result in significant financial losses, reduction in getting new business, and losing trust with existing customers.
- In today's scenario, most organizations have adopted agile methods for software development which has shortened Go-To-Market by deploying changes quickly to the production environment. A security vulnerability leak could cause significant damage in no time and the cost of such an incident might outweigh the security budget
- Implementing security keeps getting harder with more threats, complexity, and fewer people and hence we see a lot more cyberattacks and breaches
- Top 3 attacks of 2021:
- SolarWinds attack had 18000 customers impacted
- REvil hit Apple supplier Quanta with a $50 million ransomware attack
- Apache Log4j, a zero-day vulnerability attempted to exploit more than 48% of corporate networks globally.
- 2022 so far:
- The war in Eastern Europe has triggered cyber warfare (criminal ransomware, hacktivists or other disruptive attacks against government or critical infrastructure) with potential disruptive activities and information operations to erode popular sentiment and political will.
- Major causes for vulnerabilities:
- Current trend as per Trend Micro:
- 80% of application code is open source
- 2.5x increase in open source vulnerabilities in the last 3 years
- 78% of vulnerabilities are found in in-direct dependencies
- As per Gartner, through 2023, at least 99% of cloud security failures will be the customer’s fault, mainly in the form of cloud resource misconfiguration.
- Current trend as per Trend Micro:
- A 2021 report suggests that because healthcare organizations are less likely to back up their data than those in other industries, they are more prone to paying the demands of ransomware actors. Please refer to Figure 1 for its trend.