Indeed the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) are reporting the recent attacks against cryptocurrency firms using phishing and malware in order to steal funds and conduct fraudulent blockchain transactions.

It is likely that the threats are coming from the Lazarus Group, known as APT38, to steal cryptocurrency and launder funds to support the North Korean regime. The attacks start with spear-phishing messages targetting developers and DevOps teams within cryptocurrency firms, which contain a malware-laced cryptocurrency application.

It is then vital that organizations and staff are vigilant and take the necessary measures to avoid these hacking attacks.

The post US government warn developers against malware attacks targeting cryptocurrency firms appeared first on DevOps Online North America.

The survey respondents revealed that breaches related to open source components grew at a staggering 50% since 2017, and 121% since 2014.

Despite this, resourcing and training still present challenges, with 48% of respondents admitting that they don’t have enough time to spend on application security, while 35% of developers from companies with no DevOps practices received no training on application security in the past year.

The survey also found:

• 77% of mature DevOps organisations have open source policies in place, with a 76% adherence rate. Conversely, only 58% of respondents without mature DevOps practices had a policy with a 54% adherence rate – revealing that DevSecOps automation is difficult to ignore.
• 59% of mature DevOps companies are building more security automation into their development process as attention toward GDPR compliance grows.
• 88% of those with mature DevOps practices are investing in application security training, while 35% with immature practices said they had no access to security training. This finding points to stronger cybersecurity readiness postures of those investing in DevOps.
• 63% of respondents with mature DevOps practices say they leverage security products to identify vulnerabilities in containers, as these components become more ubiquitous in modern IT landscapes.

The findings demonstrate that more organisations are waking up to the DevOps approach, with mature DevOps practices showing a 15% year-over-year growth in applying security practices throughout the development lifecycle.

The survey also found that those companies with mature DevOps practices are 24% more likely to have deployed automated security practices throughout their development lifecycle.

Written from press release by Leah Alger

The post Survey finds data breaches are catalysts for DevSecOps investments appeared first on DevOps Online North America.

According to a survey conducted by Gemalto, consumers’ main fear is hackers taking control of their device. Despite 54% of respondents owning an IoT device, just 14% believe that they are extremely knowledgeable when it comes to the security of these devices, showing education is needed among both consumers and businesses.

In terms of the level of investment in security, the survey found IoT device manufacturers and service providers spend just 11% of their total IoT budget on securing their IoT devices.

67% of organisations reported encryption as their main method of securing IoT assets, with 62% encrypting the data as soon as it reaches their IoT device. 92% of companies also see an increase in sales or product usage after implementing IoT security measures.

Integrity of data

Jason Hart, CTO for data protection at Gemalto, said: “It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the  created, stored and transmitted by these devices.”

“With legislation like GDPR showing that governments are beginning to recognise the threats and long-lasting damage cyber attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption.”

According to the survey, businesses are in favor of regulations to make it clear who is responsible for securing IoT devices and data at each stage of its journey (61%) and the implications of non-compliance (55%). In fact, almost every organisation (96%) and consumer (90%) is looking for government-enforced IoT security regulation.

Government-enforced IoT security regulation

Hart continued: “The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit.

“Within this ecosystem, there are four groups involved – consumers, manufacturers, cloud service providers and third parties – all of which have a responsibility to protect the data.

“Security by design is the most effective approach to mitigate against a breach. Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers.”

Businesses are realising they need support in understanding IoT technology, so are turning to partners for help

Written from press release by Leah Alger

The post Gemalto survey confirms ‘consumers lack confidence in IoT security’ appeared first on DevOps Online North America.