If you missed the PtaaS Exchange in person, join us virtually to learn how to improve your security program in 2023.

Looking back: Our Most Popular Blogs for 2021

On the first day of PtaaS, we’re wrapping up our top 5 blogs to provide an overview of the history of hacking, key cybersecurity and pentester insights, tips for protecting your organization, and more.

The holidays are typically a busy time of year filled with gifts, celebrations, and all kinds of cheer. It’s also a busy time for cyber attackers on the hunt to exploit business-critical assets — ‘Tis the season to ensure your organization is prepared for the holiday rush.

Arkose Labs Network predicts a 60 percent increase in attacks for the 2021 holiday season. (Cybercrime Never Takes a Holiday)

To kick off this holiday season, we’re introducing the 12 days of PtaaS. For the next 12 days, we'll be pairing a fun holiday-themed prize with a piece of PtaaS content to share insights that will help spruce up your security posture. On the first day of PtaaS, we’re wrapping up our top 5 blogs to provide an overview of the history of hacking, key cybersecurity and pentester insights, tips for protecting your organization, and more.

1. Top Ten Famous Hackers

As computers gained popularity, especially in the business realm, so did hacking. Diving into 10 of the most famous hackers in the world, each comes from a different background with one main commonality: an early passion for technology. Learning more about the top hackers throughout history helps to understand the reality businesses of all industries and sizes are in and how cybersecurity can play a key role in operations.

From Aaron Swartz starting out as an early pioneer of the social network Reddit turned hacktivist, to Michael Calce who attacked Dell, eBay, CNN, and Amazon using his now infamous DDoS attack, to Kevin Mitnick known today as the world’s best hacker after he hacked into the North American Defense Command (NORAD) in the 1980s.

These individuals and many more have impacted cybersecurity and paved the way for others to follow. As we move further into an increasingly digital era, more threats will begin to surface and the demand for robust cybersecurity practices will follow as a result. Read about all of the Top Ten Famous Hackers to learn more.

2. Cybersecurity Statistics for 2021

The year 2020 brought change to the way people around the world use and view technology and security efforts. Heading into 2021, this information relayed key insights into what’s new in ransomware, social engineering, and many other security threats. Companies can benefit from knowing cybersecurity statistics as the digital environment continues to change.


Here are a few highlights from the cybersecurity statistics:

  • Ransomware attacks cost businesses an estimated $20 billion in 2020, having grown by over 50 times since 2015. (Cybersecurity Ventures)
  • Research from CSO Online shows that nearly 95% of all malware attacks are delivered via email. (CSO Online)
  • In April of 2020, Zoom reported over 500,000 account credentials had been stolen by attackers. (Bleeping Computer)
  • 66% of businesses experienced some form of phishing, including the most common type, spear-phishing attacks in 2020. This is down from 83% in 2019. (Proof Point)

Last but not least, there are over 2,200 attacks each day which breaks down to nearly 1 cyberattack every 39 seconds according to Security Magazine. As we look forward to 2022, it’s important to stay up-to-date and read Cybersecurity Statistics 2022 to prepare and protect your business.

3. iOS Pentesting 101

__What is application security? __

Application security defines how mobile apps, web apps, or Application Programming Interfaces are secured from potential attackers. With no device remaining 100% secure from threats, it’s valuable to learn more about the methods to discover unseen flaws in iOS devices. iOS is a dominant operating system in the mobile device market. When considering the importance of mobile security, also consider how consumers now spend almost half of their time across devices, according to the 2021 Nielsen Total Audience Report.

These devices include TV, TV-connected devices, computers, smartphones, and tablets. With that in mind, the top 3 vulnerabilities for all mobile devices from the State of Pentesting 2021 include:

  • Lack of Binary Hardening: Lack of Jailbreak Detection
  • Broken Access Control: Insecure Direct ObjectReferences
  • Mobile SecurityMisconfiguration: Absent SSL Certificate Pinning

For a full overview of the iOS Pentesting methodology and more, check out iOS Pentesting 101.

4. Pentester Spotlight: Martina Matarí


Martina Matarí joined the Cobalt Core of highly-experienced pentesters from around the world in 2020, being one of the 270+ pentesters worldwide who has helped Cobalt secure over 3000 assets.

When asked what top 3 traits a pentester should possess to be successful at Cobalt, Martina shared the following tips:

  • Have good communication skills. This helps information flow with both customers and colleagues, and it leads to better findings.
  • Know how to write good documentation on the findings. This makes it easier for the lead and customers to understand what happened and how the issue can be reproduced. The sooner it is understood, the sooner it can be mitigated.
  • Be a team player. Individualism must be put aside. Asking for help or other points of view from your colleagues helps the project in every way and you will achieve better results.

To drive further into Martina’s tips for other pentesters, what a good pentest engagement looks like, personal experiences and background that led to joining the cybersecurity industry, and more, read the full Pentester Spotlight: Martina Matarí.

5. Business Cost of Cybercrime

It’s no secret that cybercrime can take a major toll on businesses, leading to financial costs, damaged reputation, theft of intellectual property, and more. According to the FBI, the cost of cybercrime in the US was $3.5 billion in 2019. By 2021, ransomware was expected to cost $6 trillion per year according to cybercrime magazine. Considering the business cost of cybercrime, it becomes more and more imperative that companies deploy cybersecurity best practices to help protect their digital assets.

Every industry is at risk, with some of the most vulnerable sectors including:

  • Government entities
  • Healthcare institutions
  • Higher education facilities

So, what can your company do to proactively prevent being the victim of a cyberattack? Check out the Business Cost of Cybercrime.

Regardless of what or how you celebrate, everyone is invited to the PtaaS party this holiday season. Join the PtaaS party for a chance to be randomly selected to win a prize by entering to win during 12 days of PtaaS. And that wraps up our top 5 blogs for Day 1 — stay tuned for more to come, and in the meantime visit the Cobalt blog for in-depth resources on cybersecurity insights, compliance, pentester stories, and more.

Back to Blog
About Caroline Wong
Caroline Wong is an infosec community advocate who has authored two cybersecurity books including Security Metrics: A Beginner’s Guide and The PtaaS Book. When she isn’t hosting the Humans of Infosec podcast, speaking at dozens of infosec conferences each year, working on her LinkedIn Learning coursework, and of course evangelizing Pentesting as a Service for the masses or pushing for more women in tech, Caroline focuses on her role as Chief Strategy Officer at Cobalt, a fully remote cybersecurity company with a mission to modernize traditional pentesting via a SaaS platform coupled with an exclusive community of vetted, highly skilled testers. More By Caroline Wong
Introducing Hacker Corner; Episode 1: Redteaming vs Pentesting Demystified
Introducing Hacker Corner! Hacker Corner is a podcast for hackers made by hackers. Join host Sheeraz Ali for episode one with guest Saad Nasir as they discuss redteaming vs. pentesting.
Dec 13, 2022
Faster and More Affordable Cybersecurity Compliance With SmartComply
Today we give the stage to SmartComply, whose app helps rapidly expanding businesses reduce time and money spent on compliance. 
Jan 17, 2023