Feed Sponsorship Ads

We recently attended the RSA conference in San Francisco -- security's biggest event of the year -- and we were struck by how infatuated everyone was with the promise of new, shiny solutions to fix new, shiny problems. On some level that's not surprising -- tech is constantly driving toward the future, and security is one of the fastest-moving areas of tech.

But on the other hand, it seems like the security industry is walking away from some of its most foundational problems before they've actually been solved. People would rather talk about AI-powered behavioral analytics that can detect when a worker's mouse is moving strangely than the decidedly un-glamorous work of rolling out patches and managing permissions.

This disconnect was especially clear in the 2024 Verizon Data Breach Investigations Report (DBIR). This year's report found that "the human element" (accidental breaches caused by human error or victimization in phishing attacks and the like) was the number one cause of breaches. The same was true last year, and the year before that, and the year before that.

The single biggest culprit in breaches continues to be weak and stolen credentials. The 2024 DBIR found that "use of stolen credentials" is the number one initial action during a breach, and that credentials are the number one way attackers get in in non-error, non-misuse breaches, followed by phishing and vulnerability exploits.

What's frustrating about the persistence of credential-based attacks is that they are eminently solvable! Roll out a password manager to your end users, put SSO and MFA in front of sensitive applications, and implement passkeys when possible. Yet in 1Password’s 2022 State of Access Report, only 29% of respondents said they used a password manager at work.

The same narrative about credentials is also true about compromised devices and, especially, employee training. The DBIR's authors said as much in a webinar about the report, claiming that “You can address two-thirds of these breaches by training and equipping your employees appropriately.”

But at RSAC, it was tough to fill a room for a talk on employee training or credential management. The popular talks tended to focus on things like the dangers of AI deepfakes, which is ironic, since the 2024 DBIR said that GenAI hasn't made much of an impact on breaches so far.

This needs to change, and the 2024 DBIR offers a clear look at where we're falling short and where we go from here.

To get more insights about the report and its implications for security, read the full blog.

Greetings, Daring comrades!

Wish to dominate the creative realm with the finest Apple machinery? Your desires align with our grand plan.

Introducing the MacBook Upgrade Program: the ultimate strategy against obsolescence!

Here’s the operation:

1. Select your instrument — the nimble Air (from $36.06/mo at 0% APR) or the formidable Pro (AppleCare+ included).
2. Pay monthly over 36 months; upgrade after 24.
3. After 2 years, exchange for a new MacBook, transfer data, return the old. We’ll refurbish it.

Prefer to keep your device? Finish payments, and it’s yours!

Seize the future; consign obsolete tech to oblivion!

With WorkOS you can start selling to enterprises with just a few lines of code. It provides a complete User Management solution along with SSO, SCIM, and FGA. The APIs are modular and easy-to-use, allowing integrations to be completed in minutes instead of months.

Today, some of the fastest growing startups are already powered by WorkOS, including Perplexity, Vercel, and Webflow.

For SaaS apps that care deeply about design and user experience, WorkOS is the perfect fit. From high-quality documentation to self-serve onboarding for your customers, it removes all the unnecessary complexity for your engineering team.

Check out our Launch Week announcements to see our latest.

Streaks first appeared on Daring Fireball back in 2016, and since then has won an Apple Design Award and remained one of the most well-known and effective habit-tracking apps.

It's a once-off purchase, and the latest update has added seasonal themes, just in time for Christmas (and your New Year's resolutions!).

If you have young children, be sure to also try Little Streaks. It's a great way to help them focus on routines: meal-time, bed-time, learning to ride, whatever you like! It's free for one routine, or use code "DARING" for 50% off the first year.