The information security professional’s mission has gradually become extraordinarily complex. At times, this mission borders on contradiction. Quite often, responsibility for the various components that form an enterprise environment is spread not only among multiple teams within the enterprise but also among vendors, partners, and service providers.
Two-thirds of API incidents in 2020 were attributable to either no authentication, no authorization, or failed authentication and authorization.
In 2020, four sectors—finance/insurance, education, health care, and professional/technical services—experienced a greater number of breaches than retail (the leader in 2018 and 2019), partly driven by the growth in ransomware.
The most important controls are privileged account management, network segmentation, restricting web-based content, data backup, and exploit protection (i.e., WAF).
DevCentral Connects featuring Sander Vinberg
Or, if you prefer, listen to Jason & John talk to Sander, directly, on DevCentral Connects.