For application security in the corporate environment, Keith Hoodlet said ransomware attackers are going big-game hunting.

While attackers will continue to use a VPN from a consumer application as a backdoor to a phone, the application experience director for Thermo Fisher Scientific said threat actors are after a bigger return on their investment. 

Citing the SolarWinds attack or ubiquitously used technologies such as Microsoft’s Outlook or Exchange, Hoodlet likened ransomware groups to predators preying on large organizations during an SC Media eSummit with Executive Editor Jill Aitoro. 

“You're in a defender standpoint where the predators will always evolve faster than the prey,” he said. “The attackers are going after the bigger game and they're catching them — and they're catching them to the millions of dollars. It's crazy.”

Click here to watch the on-demand eSummit: “Integrating Application Security: Reengineering AppSec as a business catalyst”

When it comes to third-party risk, organizations can reduce their risk by simply talking with the security personnel of a vendor, Hoodlet said.

“You can pretty quickly tell the measure of a company in terms of their security posture when you sit down and actually talk with some of their security personnel,” he said. “And if they don't have security personnel, that should send quite a number of alarm bells to you as a consumer.”