CyberInsights Weekly #22
Your weekly dose of learnings from cybersecurity news
I. Penny wise, pound foolish?
“45% of organizations publish vulnerable code because the vulnerabilities were discovered too late in the cycle to resolve them in time before the code was deployed.”
The article cites developers’ lack of knowledge to mitigate issues, lack of integration between various app sec tools and lack of training on writing and shipping more secure code.
Organizations prefer not to spend on secure coding training or tools.
Pay the farmer today, or pay the doctor tomorrow - pay the secure coding trainer today or pay the ransom tomorrow!
CISO Check:
How do you incentivize developers to write more secure code?
How do you incorporate security user stories in your sprint planning?
II. New kid on the block?
A new ransomware written in C++ encrypts your entire network in one hour. It also uses a unique set of configuration files that hide the connection to the CNC server. They use a public key, private key pair to hide communication between victim and server.
CISO Check:
Does your AV detect Pay2Key ransomware?
III. Quote of the week
Software never was perfect and won’t get perfect. But is that a license to create garbage? The missing ingredient is our reluctance to quantify quality - Boris Beizer
Have an original interesting cybersecurity quote? Let us know in the comments and we will publish it along with your name in our quotes section.