Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Into the Breach: How 2020 Became A Tipping Point for Cybersecurity

In the year 2020, the concept of cybersecurity was thrust into the spotlight in an unprecedented way thanks to the FireEye Data Breach & SolarWinds Orion Compromise. The world is still trying to assess the reach and scope of this massive breach, which is expected to have exposed data across the U.S. government, including the White House, the Department of Defense and even the agency that maintains the U.S. nuclear weapons arsenal.

Even worse, the breach is now known to extend beyond the realm of government, as critical infrastructure and private organizations across the world have also been compromised. SolarWinds reported in an SEC filing that almost 18,000 of its private industry customers may have been exposed to the hack. Assessing the full extent of the harm done to global organizations is expected to take months.

The perpetrator of this attack is widely understood to be executed or backed by a nation-state, as the innovation and meticulous planning that made this compromise possible point to a truly impressive level of sophistication. A range of United States Senators have likened the incident to an act of war and called for retaliation, while the incoming Joe Biden presidential administration has issued a statement promising to impose a “substantial cost” on the perpetrators. 

While many have opined that this breach is not an attack, but rather a continuation of the cyber espionage that nation states, including the United States, have long employed against each other, our colleagues at Microsoft have described it as a moment of reckoning – and that, in our point of view, properly reflects the gravity of this moment in time.

Cybersecurity is no longer simply an individual concern, a business concern, or a governmental concern. Cybersecurity is a human concern. And its potential to affect human affairs – and perhaps even the course of history – is growing exponentially. It’s time to reassess that risk.

Consider that, within the lifetimes of most people reading these words, our daily lives will depend almost entirely on the infrastructure of the Internet. Many of us are likely to be working and learning remotely. Our cars will be self-driving. Our health care will be virtual. Artificial Intelligence (AI) will manage our calendars, our communication and our homes. The already staggering amount of personal information that’s currently vulnerable to exploitation will have increased. The organizations that we work for will be even more reliant on information security, along with tools like automation and artificial intelligence – as will virtually all governments around the world. Critical infrastructure will be more vulnerable, and the nexus between cybersecurity and the capacity to inflict real-world harm, even deaths, will be more acute. Cyber exploits, whether weaponized or not, will increasingly carry the potential to tip the world into a chain of events that could potentially spiral out of control – and perhaps prove calamitous.

As our reliance on cyber infrastructures continues to increase, the need for cybersecurity will become ever more vital. But the rules of the game also need to change. While cybersecurity practitioners are helping to thwart and mitigate cybercrime on a daily basis, invulnerability will never be possible. The depth of human ingenuity is boundless – and the financial rewards for practicing cybercrime are too tempting. As long as threat actors, especially nation state actors, are allowed to operate with relative impunity, enjoying safe havens around the globe where they are often immune from consequences to their malicious actions, our risks will continue to increase.  

It’s time for governments around the world to rethink the framework of cybersecurity. New rules, regulations and safeguards need to be enacted. Stricter consequences need to be imposed. But more than that, a new awareness of – and respect and caution towards – the potential consequences of inflammatory cyber behavior should prevail.

We believe that the year 2020 will be remembered as a tipping point for the cybersecurity industry. As we go forward, it’s up to all of us to decide whether it tips us toward a greater level of safety – or even greater peril.


The Underground Economy

What happens after cyber thieves successfully compromise businesses? If you think siphoning sensitive data instantly leads to money in their account, you're wrong. What proceeds is series of anonymous paths they can take to ultimately reap their reward. In this comprehensive guide, the Trustwave SpiderLabs team provides you with a view into the deep abyss of the dark web - where the criminally minded operate to hide their tracks from law enforcement.

Latest Trustwave Blogs

The Two Sides of ChatGPT: Helping MDR Detect Blind Spots While Bolstering the Phishing Threat

ChatGPT is proving to be something of a double-edged sword when it comes to cybersecurity.

Read More

Trustwave MailMarshal Email Security Protects Against WinRAR Vulnerability CVE-2023-38831

The importance of email security cannot be understated. Proof of this can be seen in some recent research conducted by the Trustwave SpiderLabs team around our email security product MailMarshal.

Read More

Bah, Humbug! Grinchbots and Freebie Bots Attempt to Ruin Holiday Shopping for Consumers and Retailers

If the holiday classic “How the Grinch Stole Christmas” was remade in 2023, the mean green guy might be played by an Internet bot.

Read More