While it wasn’t the first official week of the new season, this week did feel very much like Spring. There is no greater example of the ability to transform than the season of Spring. Flowers are blooming, and where I live, girls of all ages are out on the diamond playing softball. And that got me thinking about how fitting it is that as RSA Conference establishes itself as an independent company, the cybersecurity community will gather at RSA Conference 2022 to Transform in just seven weeks.

So, let’s dive into what Spring, ball games, and cybersecurity have in common. Each of these represents the Hero’s Journey. Look around and see the leaves budding and the flowers in bloom after a long, cold winter. Similarly, softball and baseball start at home plate where the batter has another chance at life, even if she struck out on her last at bat. Let’s say the batter gets a hit and runs to first base safely, there are still risks—obstacles she must overcome as she tries to make her way around the diamond and return home.

Both the batter and the cybersecurity practitioner start in this hopeful place knowing that their task at hand could result in epic failure. With each pitch or alert, they encounter challenges, even potential ruination. Still, after all the trials and tribulations, they rise again.

Yet, when we are bombarded with news of yet another breach, cyberattack or ransomware attack, it can feel very much like a bases loaded, two outs situation. But then the catcher drops the ball, and you’re telling me there’s a chance! Next thing you know, the Department of Justice announces they’ve seized RaidForums’ website and arrested its administrator, and we’re back in the game! Hope springs eternal.

Now let’s look at what else made industry headlines this week.

Apr. 15: The Royal Spanish Football Federation (RFEF) was allegedly the victim of a cyberattack in which a malicious actor gained unauthorized access to private emails and texts messages.

Apr. 15: “The US has linked North Korea-backed hackers to a massive cryptocurrency heist worth $615m (£469m) from players of the popular online game Axie Infinity in March,” BBC reported.

Apr. 14: US federal agencies issued an alert warning that APT actors have demonstrated the ability, “to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices.”

Apr. 14: Since Russia invaded Ukraine, security experts have grown increasingly concerned about the security of commercial satellites.

Apr. 14: CSO Online reported, “A wave of digital initiatives by organizations worldwide has created an explosion of human and machine identities that are increasing the exposure of those organizations to ransomware and supply chain threats, according to CyberArk's 2022 Identity Security Threat Landscape report.”

Apr. 13: The Daily Swig reported, “A cybercrime campaign targeting the African banking sector is leveraging phishing emails and HTML smuggling techniques to deploy malware.”

Apr. 13: As part of the 30 security notes issued in SAP’s April 2022 Security Patch Day, three were related to the Spring4Shell vulnerability. (Note: If you missed this week’s webcast on the Future of Open Source, it is available on demand.)

Apr. 12: “A Russian military-linked hacking group has attempted to infiltrate Ukrainian power substations and deploy malicious code capable of cutting electricity, Ukrainian government officials and private investigators said," CNN reported.

Apr. 12: The San Jose Spotlight reported, “An unknown person or group briefly hijacked Mayor Sam Liccardo’s Twitter account last week and used the account to promote non-fungible tokens or NFTs—a digital product similar to cryptocurrency.”

Apr. 11: Microsoft announced the end of Patch Tuesday noting that as of July 2022, patches will be automated.

Apr. 11: Thoma Bravo announced it acquired cybersecurity company SailPoint Technologies for $6.12 billion.