Let’s break some patterns

Turbulent. Can you think of a better word to describe 2021? I can’t.

As we were putting the finishing touches on the 2021 Threat Landscape Retrospective, the cybersecurity industry was rocked by the revelation of a critical vulnerability in Apache Log4j 2, a widely used Java logging library. The vulnerability, dubbed Log4Shell, emerged as cybersecurity professionals continued to grapple with fallout from the COVID-19 pandemic.

Now in its second full year, the pandemic has triggered unprecedented changes in how we all live and work. We saw organizations around the world embracing remote work models, transforming how we define “the perimeter.” We watched as the pace of digital transformation accelerated, driving the mass migration of mission-critical applications to the cloud. And we observed as attackers continued to make effective use of the age-old tactic of daisy chaining vulnerabilities to facilitate ransomware attacks and breaches like SolarWinds and Kaseya, all of which served to remind us how risky the software supply chain has truly become.

Yet, even in the midst of all this turbulence, we are frustrated by all the many things that haven’t changed enough in 2021. We’ve seen far too many organizations still trying to apply traditional cybersecurity tactics to modern deployments of cloud infrastructure. We’ve seen far too many legacy vulnerabilities still being left unpatched, even when they’re known to have been actively utilized by attackers to gain entry to an organization’s environment. And — as Log4Shell makes clear — we’ve seen organizations overlooking obvious points of security failure throughout their software supply chain, from the initial creation of code to how updates are deployed to users.

To read full download the whitepaper:


Leave a Reply

Your email address will not be published. Required fields are marked *