> ## Documentation Index > Fetch the complete documentation index at: https://developer.upsun.com/llms.txt > Use this file to discover all available pages before exploring further. # The pandemic has indeed caused a massive spike in cybercrime > Insights from Joey Stanford, VP of Privacy & Security at Platform.sh, on cybersecurity trends, challenges, and the future of security for modern businesses. export const PostMeta = ({data = {}}) => { const {author, date} = data; const authors = Array.isArray(author) ? author : author ? [author] : []; const resolveAuthor = slug => { const entry = AUTHOR_MAP[slug] || ({}); const name = entry.name || slug; const github = entry.github || null; const linkedin = entry.linkedin || null; const url = github ? `https://github.com/${github}` : linkedin || null; const avatarUrl = github ? `https://github.com/${github}.png?size=64` : null; return { name, url, avatarUrl }; }; const formattedDate = date ? new Date(date).toLocaleDateString('en-US', { year: 'numeric', month: 'long', day: 'numeric' }) : null; if (authors.length === 0 && !formattedDate) return null; const AUTHOR_MAP = { "aaron-collier": { "name": "Aaron Collier" }, "aaron-dudenhofer": { "name": "Aaron Dudenhofer" }, "aaron-porter": { "name": "Aaron Porter" }, "adriaan-odendaal": { "name": "Adriaan Odendaal" }, "ajmal": { "name": "Ajmal Siddiqui" }, "akalipetis": { "name": "Antonis Kalipetis" }, "alexander-varwijk": { "name": "Alexander Varwijk" }, "alicia-bevilacqua": { "name": "Alicia Bevilacqua" }, "amelie-deguerry": { "name": "Amelie Deguerry" }, "anacidre": { "name": "Ana Cidre", "linkedin": "https://www.linkedin.com/in/ana-cidre" }, "andoni": { "name": "Andoni Auzmendi" }, "andrei-taranu": { "name": "Andrei (Alex) Taranu", "linkedin": "https://www.linkedin.com/in/andrei-alex-taranu/" }, "andrew-baxter": { "name": "Andrew Baxter" }, "andrew-melck": { "name": "Andrew Melck" }, "antoine-crochet-damais": { "name": "Antoine Crochet Damais" }, "augustin-delaporte": { "name": "Augustin Delaporte", "linkedin": "https://www.linkedin.com/in/augustindelaporte/" }, "branislav-bujisic": { "name": "Branislav Bujisic" }, "carl-smith": { "name": "Carl Smith" }, "caroline-leroy": { "name": "Caroline Leroy" }, "cati-mayer": { "name": "Cati Mayer" }, "catplat": { "name": "C Trinkwon" }, "ceelolulu": { "name": "Celeste van der Watt" }, "chadwcarlson": { "name": "Chad Carlson", "github": "chadwcarlson", "linkedin": "https://www.linkedin.com/in/chadwcarlson" }, "chris-ward": { "name": "Chris Ward" }, "chris-yates": { "name": "Chris Yates" }, "christian-sieber": { "name": "Christian Sieber" }, "christopher-lockheardt": { "name": "Christopher Lockheardt" }, "christopher-skene": { "name": "Christopher Skene" }, "chuck-morgan": { "name": "Chuck Morgan" }, "corey-dockendorf": { "name": "Corey Dockendorf" }, "crell": { "name": "Crell" }, "damz": { "name": "Damz" }, "dan-morrison": { "name": "Dan Morrison" }, "davidbonachera": { "name": "David Bonachera", "github": "davidbonachera", "linkedin": "https://www.linkedin.com/in/davidbonachera" }, "dereliahmet1": { "name": "Ahmet Faruk Dereli" }, "devicezero": { "name": "Jonas Kröger", "github": "devicezero", "linkedin": "https://www.linkedin.com/in/jonaskroeger/" }, "doug-goldberg": { "name": "Doug Goldberg" }, "duncan-naves": { "name": "Duncan Naves", "github": "duncannaves", "linkedin": "https://www.linkedin.com/in/duncan-naves-a94423aa" }, "erika-bustamante": { "name": "Erika Bustamante" }, "fabpot": { "name": "Fabien Potencier" }, "flovntp": { "name": "Florent Huck", "github": "flovntp", "linkedin": "https://www.linkedin.com/in/florenthuck" }, "fred-plais": { "name": "Fred Plais" }, "gauthier-garnier": { "name": "Gauthier Garnier" }, "gilzow": { "name": "Paul Gilzow" }, "gmoigneu": { "name": "Guillaume Moigneu", "github": "gmoigneu", "linkedin": "https://www.linkedin.com/in/guillaumemoigneu/" }, "gregqualls": { "name": "Greg Qualls" }, "guguss": { "name": "Augustin Delaporte" }, "haylee-millar": { "name": "Haylee Millar" }, "ivana-kotur": { "name": "Ivana Kotur" }, "jackrabbithanna": { "name": "Mark Hanna" }, "jared-wright": { "name": "Jared Wright", "github": "jww-sh", "linkedin": "https://www.linkedin.com/in/jaredwaynewright" }, "jessica-orozco": { "name": "Jessica Orozco" }, "joey-stanford": { "name": "Joey Stanford" }, "john-grubb": { "name": "John Grubb" }, "jonas-kruger": { "name": "Jonas Kruger" }, "kathryn-frazer": { "name": "Kathryn Frazer" }, "kemiojo": { "name": "Kemi Elizabeth Ojogbede" }, "kieronsambrook-smith": { "name": "Kieronsambrook Smith" }, "laurent-arnoud": { "name": "Laurent Arnoud", "linkedin": "https://www.linkedin.com/in/laurent-arnoud-861b44121/" }, "letoya-boyne": { "name": "Letoya Boyne" }, "lolautruche": { "name": "Jérôme Vieilledent" }, "lyly-lepinay": { "name": "Lyly Lepinay" }, "manauwar-alam": { "name": "Manauwar Alam" }, "marc-antoine-porri": { "name": "Marc Antoine Porri" }, "maria-antinkaapo": { "name": "Maria Antinkaapo" }, "maria-de-anton": { "name": "Maria De Anton" }, "mark-dorison": { "name": "Mark Dorison" }, "markus-hausammann": { "name": "Markus Hausammann" }, "mary-thomas": { "name": "Mary Thomas" }, "mathias-bolt-lesniak": { "name": "Mathias Bolt Lesniak" }, "mathieu-strauch": { "name": "Mathieu Strauch" }, "matthias-van-woensel": { "name": "Matthias Van Woensel", "linkedin": "https://www.linkedin.com/in/matthias-van-woensel-267a069" }, "maz-mohammadi": { "name": "Maz Mohammadi" }, "michael-sharp": { "name": "Michael Sharp" }, "mupsi": { "name": "Marine Gandy" }, "natalie-harper": { "name": "Natalie Harper" }, "ngommenginger": { "name": "Nicolas Gommenginger", "linkedin": "https://www.linkedin.com/in/nicolas-gommenginger" }, "nicholas-bennison": { "name": "Nicholas Bennison" }, "nicholas-vahalik": { "name": "Nicholas Vahalik" }, "nick-hardiman": { "name": "Nick Hardiman" }, "nickanderegg": { "name": "Nickanderegg" }, "nicolas-grekas": { "name": "Nicolas Grekas", "github": "nicolas-grekas", "linkedin": "https://www.linkedin.com/in/nicolasgrekas/" }, "niti-malwade": { "name": "Niti Malwade" }, "opensocialteam": { "name": "Opensocialteam" }, "ori-pekelman": { "name": "Ori Pekelman" }, "otavio-santana": { "name": "Otavio Santana" }, "palwandi": { "name": "Pawan Alwandi", "github": "pawpy", "linkedin": "https://www.linkedin.com/in/pawanalwandi" }, "patrick-boest": { "name": "Patrick Boest" }, "patrick-dawkins": { "name": "Patrick Dawkins", "github": "pjcdawkins", "linkedin": "https://www.linkedin.com/in/patrickdawkins" }, "patrick-klima": { "name": "Patrick Klima" }, "pjcdawkins": { "name": "Pjcdawkins" }, "prineet-kaurbhurji": { "name": "Prineet Kaurbhurji" }, "quentin-sinig": { "name": "Quentin Sinig" }, "ralt": { "name": "Florian Margaine", "github": "ralt", "linkedin": "https://www.linkedin.com/in/florian-margaine-43971136" }, "ramanathanramakrishnamurthy": { "name": "Ramanathanramakrishnamurthy" }, "remi-lejeune": { "name": "Rémi Lejeune" }, "ribel": { "name": "Taras Kruts" }, "robert-douglass": { "name": "Robert Douglass" }, "rudy-weber": { "name": "Rudy Weber" }, "ryan-hicks": { "name": "Ryan Hicks" }, "sabri-helal": { "name": "Sabri Helal" }, "savannah-bergeron": { "name": "Savannah Bergeron" }, "shannon-vettes": { "name": "Shannon Vettes" }, "shawn-ogasawara": { "name": "Shawn Ogasawara", "linkedin": "https://www.linkedin.com/in/shawn-ogasawara-83a9a0/" }, "shawna-spoor": { "name": "Shawna Spoor" }, "shedrack-akintayo": { "name": "Shedrack Akintayo" }, "simon-ruggier": { "name": "Simon Ruggier" }, "sophie-van-der-kindere": { "name": "Sophie Van Der Kindere" }, "stefanos-thampis": { "name": "Stefanos Thampis" }, "stephen-weinberg": { "name": "Stephen Weinberg" }, "sukhman-virk": { "name": "Sukhman Virk" }, "sumaira-nazir": { "name": "Sumaira Nazir" }, "sumer": { "name": "Sümer Cip" }, "syed-raza": { "name": "Syed Raza" }, "tamara-bacchia": { "name": "Tamara Bacchia" }, "tara-arnold": { "name": "Tara Arnold" }, "theosakamg": { "name": "Mickael Gaillard", "github": "theosakamg" }, "thomasdiluccio": { "name": "Thomas di Luccio" }, "tim-anderson": { "name": "Tim Anderson" }, "tom-helmer-hansen": { "name": "Tom Helmer Hansen" }, "tylermills": { "name": "Tyler Mills" }, "upsun": { "name": "Upsun" }, "veronika-tolkachova": { "name": "Veronika Tolkachova", "linkedin": "https://www.linkedin.com/in/veronika-tolkachova-169167a2" }, "vince-parker": { "name": "Vince Parker" }, "vinnie-russo": { "name": "Vincenzo Russo" }, "vrobert78": { "name": "Vincent Robert", "github": "vrobert78", "linkedin": "https://www.linkedin.com/in/vincent-robert-498a883" }, "yuriy-babenko": { "name": "Yuriy Babenko" }, "yuriy-gerasimov": { "name": "Yuriy Gerasimov" } }; return
{(authors.length > 0 || formattedDate) &&
{authors.length > 0 &&
{authors.map(slug => { const {name, url, avatarUrl} = resolveAuthor(slug); const inner = <> {avatarUrl && {name}} {name} ; return url ? {inner} : {inner}; })}
} {authors.length > 0 && formattedDate && } {formattedDate && {formattedDate}}
}
; }; This post was originally published on the Platform.sh blog and reflects information from the time of publication. ***Recent events of the pandemic have facilitated a rapid implementation of remote working tools, causing an increase in ransomware attacks – businesses suffer from financial and data losses.*** In order to prevent such attacks, companies must not only educate their employees about best cybersecurity practices but also embed professional security solutions within the internal business processes and systems. So today, we had a chat with Joey Stanford, the VP of Privacy & Security at Platform.sh – a company that offers a cloud hosting platform, about the essential security measures for modern businesses and the latest cybersecurity trends. **What has your journey been like? How did the idea of Platform.sh come about?** The idea of Platform.sh sprung from the need to provide easy, reliable, and secure hosting for Drupal projects so that organizations of any size would be able to [deploy applications](https://devcenter.upsun.com/posts/best-practices-in-deploying-web-apps-updated-for-2020/) anytime without having to worry about breakage. When designing the initial minimum viable product (MVP), thought was given to making the product flexible, allowing it to support multiple applications and languages. Since 2016, we’ve continued to enhance our product and service offering. Now, Platform.sh is used by more than 62,000 developers and thousands of companies worldwide. **Can you tell us a little bit about what you do? What are the main challenges you help navigate?** My responsibilities include managing our privacy and security efforts. During my tenure, we’ve successfully developed a platform that puts security at the heart of its service, something that cannot be celebrated without noting the significant efforts of my teams and the many other functions inside the company. Together, we work to be good custodians of our customers’ data. Compliance with industry standards, such as PCI and SOC2, and legal requirements, such as GDPR, PIPEDA, CCPA, and APA, have always been a priority for me, but my main focus is really on *trust*. Trust that Platform.sh is secure and trust that we are doing the right things to keep people safe. By people, I mean not only our customers but also our employees. If you trust and have confidence in an organization, then you are more willing to do business with them. As a result, we hold ourselves to high standards by securing several external industry certifications and taking part in audits to ensure that our customers and employees are secure. **What threats surrounding web applications do you find the most concerning nowadays?** We generally track the [OWASP Top Ten](https://owasp.org/www-project-top-ten/) list. We tend to see customer applications often lack timely security-related patching of their own applications and dependencies, as well as a lack of consistent attention to access control reviews. The most concerning aspect in my opinion, for everyone, is software dependency management. There are multiple software tools and services that can help in this area but we’re still somewhat far away from having an easy-to-generate and easy-to-use, software bill of materials (SBOM) and an associated process to manage security vulnerabilities in dependencies. **Do you think the recent global events altered the way people approach cybersecurity?** We’ve started to talk about how to protect people more. The pandemic has indeed caused a massive spike in cybercrime, specifically ransomware which boomed over 2020 and 2021. Researching the total cost of activity, [Chainanalysis](https://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-ransomware/) named 2020 the year of ransomware after it found that payments exceeded half a billion USD. This spike is being driven by the uptick in phishing, social engineering, and a general increase in what I call the routine exploit behavior. Cybercriminals know that the weakest point in the chain is through a company’s people which has led businesses to have more conversations about implementing a Zero Trust approach. Although the uptick in activity is bad, it’s positive to see businesses start to put security higher on their priorities list. After all, if a business is taking its security seriously, so will its employees. **Why do you think companies often hesitate to try out new and innovative solutions that would enhance their IT operations?** There are two principal reasons for this, the first being cost and ease of integration. Good solutions do not come cheap and despite there being bigger investments in digital transformation, companies struggle to find ways to justify spending on new solutions they don’t know they need. The second is complications with integration. There may be several reasons why integration is difficult. It could require a lot of manpower, it may not have the right connectors, and/or it may require administrative/root permissions to sensitive environments that you don’t want to give. Many businesses also lack the right skills and expertise, so even if they do identify the right solution, they may not have the right knowledge about taking it to the next step. On top of this, the solution may not be compliant with privacy laws, such as GDPR. We require all our vendors who touch personal data of any sort, even employee data, to be GDPR compliant. We’ve had to reject a non-trivial number of vendors who don’t care about privacy, don’t comply with industry standards, and don’t have any third-party audits. As to my earlier point, if I can’t trust them, I can’t entrust them with our data or our customers’ data. **In your opinion, what security details are often overlooked when developing a website or an application?** There are three items I consistently see as failures: * Lack of adherence to at least one audited security standard (e.g. PCI, SOC2, ISO 27001). * Lack of support/integration with a single sign-on provider and MFA support. * A total lack of support for privacy laws, like GDPR. **Besides implementing cloud solutions, what other security measures do you think are essential for organizations nowadays?** There is a clear list of measures a company should take and these include: * Timely security patching. * Dependency management, ideally integrated with CI/CD. * Both QA and security reviews of all code. * Regular access control reviews. * Timely off-boarding. * Anti-malware solutions that are proper and enforced on endpoints and servers. * At least one third-party external security certification with twice-a-year external penetration testing. * A dedicated, adequately staffed, and funded security team. * Executive attention and championship. * Proper vendor management. * A focus on complying with privacy laws. * A well-honed incident, and breach, response process. * A regularly tested disaster recovery process. * Cybersecurity insurance. * Utilizing VPNs as appropriate. * Auditable administrative actions (e.g. logging of all ssh sessions). * Requiring SSO and MFA everywhere. **Talking about individual users, what security tools do you think should be a part of everyone’s daily lives?** There are a few things an individual can do to upgrade their personal security, the first is password hygiene. The single-use password is still the most popular form of authentication and with so many accounts needed, it makes sense that people will reuse the same credentials. As this is incredibly unsafe, users should [take advantage of password managers](https://cybernews.com/best-password-managers/), so they don’t need to remember passwords. In addition, it’s not possible to see if your credentials have been compromised. I use [Have I been PWNED](https://haveibeenpwned.com/) to get notified if my credentials have been breached. Although it’s not a tool, people should educate themselves or request that their business invests in cyber awareness education. Phishing and scams are still the main tools used by hackers, so being able to identify and avoid them is how you can stop hackers at the first point of entry. In short: * Don’t click links in suspicious emails. * Don’t take someone’s word for it on the phone. * Require proof/confirmation that your CEO really wants that \$200 gift card. **What does the future hold for Platform.sh?** We’ve experienced wonderful growth over the last few years and it’s going to continue. We keep adding new features while improving our product to make Platform.sh more attractive to customers, large and small. Most recently we announced that we were renewing our partnership with Adobe to help its e-commerce enablement – something that more and more small businesses need help with because of the pandemic. We’ve also made strides in [Green Hosting](https://upsun.com/greener-hosting/) and will continue to improve in this area as the wider world looks at how we can do more to improve the future of our planet. As we grow, we will continue to focus on security and privacy to retain the trust of our customers and win new business. *** \_Originally published on \[Cybernews]\([https://cybernews.com/security/joey-stanford-platform-sh-the-pandemic-has-indeed-caused-a-massive-spike-in-cybercrime-specifically-ransomware/)\\](https://cybernews.com/security/joey-stanford-platform-sh-the-pandemic-has-indeed-caused-a-massive-spike-in-cybercrime-specifically-ransomware/\)\\)\_