AUGUST 2022CIOAPPLICATIONS.COM6Copyright © 2022 ValleyMedia, Inc. All rights reserved. Reproduction in whole or part of any text, photography or illustrations without written permission from the publisher is prohibited. The publisher assumes no responsibility for unsolicited manuscripts, photographs or illustrations. Views and opinions expressed in this publication are not necessarily those of the magazine and accordingly, no liability is assumed by the publisher thereof.AUGUST - 01- 2022, Volume 08 - Issue 13 (ISSN 2644-240X) Published by ValleyMedia, Inc. To subscribe to CIO ApplicationsVisit www.cioapplications.com Managing EditorJoe PhillipSalesSebastian Jacobsebastian@cioapplications.comEmailsales@cioapplications.comeditor@cioapplications.commarketing@cioapplications.comEditorialThe Evolving Approach to Tackle CybercrimesWith the digital revolution across industries, private and public organizations today rely on computerized systems to manage their day-to-day activities. This makes cybersecurity a primary element in safeguarding data from various online attacks and unauthorized access. Continuous change in technologies also implies a parallel shift in cybersecurity trends as news of data breaches, ransomware, and hacks become the norms.Cybersecurity trends have evolved dramatically in the last few years as hackers become more adept at breaking through advanced firewalls. Although cybercriminals continue to use tried and true methods, such as phishing emails, unsecured secrets, and exploiting known flaws, they are today exploring new technologies like Java, Adobe Flash, and WebLogic to gain access. Cybercriminals also mimic the DevSecOps shift left approach by going to the source of an enterprise's infrastructure.By targeting the software supply chain, hackers can easily broaden their victim pool and leapfrog their attack. Software development lifecycle is prone to threats with many opportunities for attack from committing the open-source code to building and testing, and deployment and staging in other pre-production and production environment. The usage of different tools and services by developers throughout this lifecycle further expands the attack surface.As DevOps pipelines hold the keys to the castle, cyber criminals deliberately target popular development software like Kubernetes. This helps them remain unnoticed while penetrating multiple layers of an organization's network. These sophisticated ransomware attacks on the digital supply chain and deeply embedded vulnerabilities have exposed technology gaps and skills shortages, putting security and risk executives at a critical juncture. These disruptions don't exist in isolation and have a compound effect. Thereby, CISOs need to transition their roles from technologists who prevent breaches to corporate strategists who manage cyber risk. Only then can they address the security deficiencies that cost both for-profit and non-profit organizations billions of dollars in losses.In the future, there will be an increase in malicious activities compromising DevOps tools and pipelines to target software supply chains, Kubernetes environments, and infrastructure as code deployments. To deal with these, companies need to grow out of their obsolete centralized cybersecurity controls and place their cybersecurity leaders across their organizations to decentralize security decisions. Businesses must move beyond outdated compliance-based awareness campaigns and invest in holistic behavior and culture change programs designed to facilitate more secure ways of working.Let us know your thoughts.Joe PhillipManaging Editoreditor@cioapplications.comJoe PhillipGraphics & ArtEditorial StaffBen JacksonDaniel HolmesEzra BenjaminCatalina JosephRose DcruzSenior WritersClara MathewLeah JaneRoyce D'SouzaAsher BlakeDisclaimer: *Some of the Insights are based on our interviews with CIOs and CXOs
< Page 5 | Page 7 >