Technology

The new feature is designed to better secure your data.

The car rental giant said a hacking incident of a company it works with exposed personal information of its customers.

Ocala may have fewer internet providers, but CNET experts found top options worth considering for your needs.

A Simple Favor introduced us to Emily (Blake Lively) in a deliciously dark comedy thriller. And now she's coming back for Another Simple Favor, and from the newly released trailer it looks like Prime Video may have another campy hit on its hands.

How many trailers will you see where a character proclaims that "I'd rather cut my balls off with a rusty knife than go to this wedding"?

I do hope he isn't the groom.

Another Simple Favor looks like it'll be tons of fun

Another Simple Favor reunites the team: Lively as Emily Nelson, Anna Kendrick as Stephanie Smothers, and Paul Feig in the director's chair. But this new Prime Video movie is going straight to streaming; the first film was also shown in theaters.

This time the action takes place in the beautiful Italian island of Capri, where Smothers is going to be maid of honor at Emily's extravagant wedding to a rich Italian businessman.

If you’re thinking that being asked to be maid of honor by someone you put in jail is a bit odd, Stephanie is thinking much the same. "I've got to figure out what she's up to," she says in the trailer. And if there's one thing we know about Emily, it's that where she goes, trouble tends to follow.

The original film attracted very mixed reviews, it has become something of a camp classic since it debuted on Prime Video, making it one of the best Prime Video movies. This new movie attracted similar reviews when it was shown at SXSW, which suggests that if you loved the first movie you're likely to love this one too.

Another Simple Favor will be streaming on Prime Video from May 1, 2025.

You may also like

• Every new movie coming to Prime Video this month
• The best Prime Video movies to stream
• This new Prime Video show is the funniest I've ever seen, and I'm still laughing about it

• Orange 'O' Edition Mk II ANC headphones announced
• 40mm drivers, 50-hour battery life, customizable ANC and 10-band EQ
• $229 / £169 / about AU$352

Orange has announced new headphones, and I think it's missed a key trick again: even if they turn out to be the best headphones ever made, they don't look very Orange.

What I mean by that is that Orange is one of the most recognizable brands in audio thanks to a very consistent visual style. Whether it's a Thunderbird 50 guitar amplifier or the Orange Box bluetooth speaker, if its Orange it's orange.

But the new Orange 'O' Edition Mk II ANC headphones are not. And its previous headphones weren't either.

I think that's a shame, because Orange has generally been very faithful to its decades-long history of iconic, orange-colored amps.

Marshall has always absolutely nailed this, so for example its latest Bluetooth speakers look like little Marshall amps, and its Bluetooth headphones look like someone's stuck tiny Marshall speaker cabinets to your ears.

But to my eyes these new Orange headphones look like they might as well just be Sony headphones in a custom McLaren colorway. Marshall's stuff is cool because it evokes rock and roll in a way that indelibly tied to the design of guitar equipment – is that the vibe you get here?

(Image credit: Orange) Orange ‘O’ Edition MKII: key features and pricing

Looks aside, the specification here appears to be decent: 40mm close voice-coil drivers, ANC with three preset modes and in-app customization, a 10-band customizable EQ, and touch controls on the right headphone.

There's Bluetooth 5.2, an included 3.5mm aux cable for wired connections, and up to 50 hours of battery life – with a 15-minute rapid charge delivering a claimed seven hours of play time.

And the price is competitive, too: $229 / £169 / about AU$352. That puts it in line with the likes of the Sennheiser Accentum Plus or Sony ULT Wear headphones – good mid-range products, and there's definitely scope for more great-sounding players in this region among the best noise-cancelling headphones.

The Orange 'O' Edition Mk II ANC headphones are available to buy now.

I understand why these aren't bright orange in a world where headphones tend to be black or beige. But I still think it's a bit like Nike sneakers without the swoosh, Adidas without the stripes, Netflix without the tu-dum: the whole reason that Orange amps are orange was to make them stand out from their none-more-black rivals.

You might also like

• The Orange Box: a great-sounding Bluetooth speaker
• Marshall Monitor III ANC: great sound and comfort
• The best headphones, tested by our experts

• Apple rebrands ‘Search Ads’ to ‘Apple Ads’
• It says it’s because they’re now available beyond just search results
• Apple might also be looking to extend its ads into other services

Apple has rebranded its ‘Search Ads’ to ‘Apple Ads’ to mark the broader advertising options beyond search results as it looks to generate more income – and help advertisers generate more income – from more sources.

Initially only offered within the App Store’s search results, Apple now displays ads within the Today tab and under ‘You Might Also Like’ sections of specific app pages.

Apart from offering more clarity that ‘Apple Ads’ are no longer just search-specific, the name also takes a step in the direction of consistency across other services, for example ‘Apple Music’ and ‘Apple TV+.’

‘Apple Ads’ is the new name for Apple’s advertising business

As well as changing the name for simplicity and consistency purposes, it’s possible that Apple might also be looking to expand its ads businesses, hence the removal of ‘Search.’

For example, Apple might be planning to introduce ads across more services, including Apple Maps, to grow its revenue further.

All of this is just speculation, though, because Apple’s justification (via 9To5Mac) to participating developers was that its advertising placements have simply expanded since launching in 2016:

“When Apple Search Ads launched in 2016, we offered a single ad placement at the top of search results. Today, advertisers can run ads in multiple placements across the App Store, so we’ve decided to change our name.”

It’s not the first time we’ve reported on Apple looking to expand its ads business. Just over a year ago, it came to light that the Cupertino giant was possibly testing an AI-powered tool designed to optimize App Store ad campaigns.

It had also reportedly made hires in its TV-ad sales business – another indication that it could be expanding the business in a move similar to Netflix, which has a cheaper ad-supported subscription.

You might also like

• Apple is working on an AI-powered platform that might make mobile ads even more annoying
• Reach your audience with the best social media management tools
• These are the best online marketing services

It’s official: OnePlus is ditching the Alert Slider for an iPhone-style customizable button on the upcoming OnePlus 13T, and although that phone is set to release exclusively in China on April 24, its new shortcut key will surely be a permanent feature of future OnePlus phones globally.

The Alert Slider has been a defining feature of the best OnePlus phones, and long-time OnePlus fans will no doubt be sad to see it go, but OnePlus is adamant that its replacement – whatever it may be called on the OnePlus 13T – will ultimately improve the user experience.

Indeed, in his announcement about the upcoming switch, OnePlus CEO Pete Lau noted that the decision, while “not easy”, is “the right step forward” for the brand, and in an exclusive interview with TechRadar at OnePlus HQ in Guangdong, China, the company’s Senior Product Marketing Manager, Rudolf Xu, echoed Lau’s optimism.

“We want to give more freedom to our users, to [let them] customize [that button],” Xu explained. “And actually, this is not a removal of the Alert Slider. You’ve now got the freedom to switch between ring, vibrate, and silence – these things still work – but you’re also getting greater freedom to customize your commands.

“For example, [you can now] launch certain apps [using the new button]. So, it’s actually not a removal – it’s an evolution of the Alert Slider.”

Xu added that OnePlus has “also brought some dedicated features” to the user experience via the new shortcut key, though he's not yet at liberty to share what those are.

Apple introduced the Action button on the iPhone 15 Pro (above) (Image credit: Future | Alex Walker-Todd)

It’s clear, then, that OnePlus doesn’t see the removal of the Alert Slider as a loss – according to the brand, users only stand to gain functionality from the switch to an Action button-style key. Mind you, that doesn’t mean the company’s decision to axe a longtime feature was an easy one.

In his aforementioned statement, OnePlus CEO Pete Lau admitted that “the Alert Slider has always been one of [his] favorite OnePlus features,” and that “when the team first came to [him] with a proposal to make a change to our Alert Slider, [he] was skeptical.

“But I knew that if we wanted to build something truly better, we had to take this leap,” Lau explained. “As iconic as it is, it is a huge piece of hardware just to switch sound profiles. That didn’t sit right with me.”

The OnePlus 13T in three shades (Image credit: OnePlus)

As for what OnePlus’ Alert Slider replacement looks like, the brand’s latest teaser video for the OnePlus 13T reveals a grain-of-rice-sized button that sits alone on the left-hand side of the device. Incidentally, Apple’s Action button sits in the same place, though it’s positioned above the iPhone’s volume buttons, where the OnePlus 13T’s volume buttons appear to be placed on the right-hand side of the phone, above the power button.

The video also reveals that the OnePlus 13T will feature two main rear cameras stacked vertically à la the iPhone 16, and OnePlus has confirmed (via a Weibo post) that the phone will have a 6.32-inch screen and a 6,000mAh-plus battery.

Rumored specs include a Snapdragon 8 Elite chipset, 16GB of RAM, a 50MP main camera, and a 50MP telephoto (with 2x optical zoom), which, if true, would make the OnePlus 13T an attractive compact alternative to the premium OnePlus 13. Here’s hoping it launches outside of China later this year (we've got our fingers crossed).

You might also like

• ‘It will take time for foldables to become mainstream’: OnePlus defends decision to delay the OnePlus Open 2
• ‘The key is to build a bridge with iOS’: OnePlus has a plan to tackle Apple's smartphone industry dominance
• OnePlus Open 2 rumors are heating up – here are 5 things I want to see from the foldable follow-up

• New tipoffs suggest Samsung's One UI 7 delay will be lifted on April 15
• Also, new images claim to show an early version of One UI 8 running on a Galaxy Z Fold 6
• Samsung has yet to finish rolling out One UI 7

Samsung has already caught a lot of flak for the generationally chaotic rollout of One UI 7, the company’s implementation of Android 15 for Samsung Galaxy phones – and a last-minute delay announced on April 14 hasn’t helped the situation.

However, a notable tipster has posited that this delay could be more of a bump in the road than a full-on halt, with the latest rumors suggesting the pause will be lifted on April 15 – that’s today at the time of writing.

This comes from Ice Universe, a prominent tipster who shared the suggestion in a seemingly deleted post to X (formerly Twitter), which was subsequently reported by Android Authority.

According to an April 15 post made by an unnamed Samsung solutions manager and forum moderator to Samsung’s Korean community forum, the update rollout was paused due to “some issues requiring maintenance”, but they also note that Samsung has “completed its inspection and will resume updates soon."

One UI 7 is the long-awaited Android 15-based update for Samsung Galaxy phones and tablets. Though a pre-release version of the update can be found loaded on Samsung Galaxy S25 series phones, as well as the latest A-series models, One UI 7 is still considered unreleased as it has not yet completed its rollout to older handsets like the Samsung Galaxy S24.

It has taken so long for Samsung to implement One UI 7 – based on Android 15, which released back in September 2024 – that we previously reported on concerns that Android 16 could release before Samsung manages to issue the update.

One UI 8 possible leaked images Image 1 of 3

(Image credit: Smartprix)Image 2 of 3

(Image credit: Smartprix)Image 3 of 3

(Image credit: Smartprix)

Though Samsung seems to have just about won the race against Android 16, another rumor has served to visualize just how far we are into the next development cycle.

Images shared by Smartprix claim to show a Samsung Galaxy Z Fold 6 phone running an early alpha version of One UI 8, based on Android 16.

Besides a few minor visual tweaks to a handful of apps, the report suggests that One UI 8 is focused primarily on optimization.

The report adds that the fact that only a few apps have had any changes made suggests that One UI 8 is in very early stages of development.

Indeed, if the launch of One UI 7 marks a reset of Samsung’s yearly development cycle, we may not expect to see One UI 8 launched until 2026.

I’d personally be happy with a smaller, easier update next time around, if it means a quicker rollout than we’ve seen with One UI 7. Running older software can really take the wind out of the sails of even the best Samsung phones.

Let us know what you think of Samsung’s update antics in the comments below.

You might also like

• Android 15 devices must have at least 32GB of storage, which should benefit the best cheap phones
• My favorite iOS 18 app is a tool you're probably not using – and I suggest you try it right away
• This wild phone battery rumor has me wondering whether iPhone will ever catch up to Android

From Google's Pixel 9 and foldable phones like Motorola's Razr Plus to Samsung's Galaxy S25, these are the best Android phones that we tested and that you should buy.

• VMware ESXi 8.0 Update 3e brings back the free version of the hypervisor
• It was removed in February 2024 when VMware went subscription-only
• Broadcom has addressed customers’ concerns

VMware has resumed offering a free hypervisor once more, an announcement quietly included in the release notes for ESXi version 8.0 Update 3e has revealed.

The company had previously offered a popular free version of its hypervisor, but this was discontinued in February 2024 when VMware shifted fully to a subscription-based model, which meant the free version had to go.

However it now appears to be available once more as a free download from the Broadcom Support portal, which requires users to be signed in.

Broadcom offers free VMware hypervisor again

Broadcom hasn’t explained why it reversed its decision, but it could be a strategic decision to attract new customers.

The company got a lot of criticism when it changed its subscription models – CEO Hock Tan acknowledged widespread “unease” shortly after Broadcom’s VP for Cloud Platform addressed “questions and concerns.”

Moreover, VMware’s competitors, like Nutanix and Platform9, offer free community editions of their hypervisors, while open-source alternatives also offer a free option, potentially prompting Broadcom to reconsider its decision.

The company also recently reversed a licensing policy change, reducing the minimum license purchase back from 72 cores to 16 cores, thus making it cheaper for certain customers to access VMware services.

Apart from reintroducing a free version, VMware ESXi 8.0 Update 3e also addresses a number of critical bugs and security vulnerabilities.

Still, the company continues to face sharp criticism from customers, who have been unhappy with the licensing model shift to subscriptions, the product portfolio simplification and reported price increases.

All of this has happened amid the relocation of Broadcom’s headquarters to VMware’s Palo Alto campus, while VMware’s workforce has been reduced by around half from 38,000 to 16,000 under its Broadcom ownership (via Business Insider).

TechRadar Pro has asked Broadcom to share more context behind its decision to reinstate the free hypervisor, but we did not receive an immediate response.

You might also like

• We’ve listed the best virtual machine software
• Access the most advanced chips with the best cloud computing services
• VMware is making its Workstation and Fusion desktop hypervisors free for everyone

• Android 15 devices require at least 32GB of storage
• This is double the previous requirement
• They also require the ability to share emergency contacts with emergency services

If you’re reading this site then – as a tech fan – there’s a good chance your phone has 128GB of storage or more, but that’s not true of all handsets. In fact, some Android phones ship with just 16GB of storage. With Android 15 though, that's no longer allowed.

Digging into a GMS (Google Mobile Services) requirements document, Android Authority has found that Google has raised the minimum storage requirement from 16GB to 32GB for any devices that ship with or get updated to Android 15.

At least 75% of that storage must be allocated to the data partition, which is the area used for apps and files.

Many cheap phones – like the Galaxy A54 – already have more than 32GB (Image credit: Future | Alex Walker-Todd) A big boost for the cheapest phones

This should be of major benefit to the very cheapest Android phones, as 16GB simply isn’t enough in 2025 – especially when some of that is eaten up by the operating system itself. Arguably 32GB isn’t enough either, but it’s a step in the right direction.

That said, there are a couple of potential downsides. For one thing, as noted, existing 16GB devices won’t be able to get Android 15 – though we doubt many phones that shipped with just 16GB of storage would have been getting much in the way of Android updates anyway.

For another, this requirement could push manufacturers to increase the price of their cheapest phones. But it’s likely some people were buying 16GB phones without realizing how restrictive that would be, so at least this prevents that happening.

Along with the new 32GB requirement, Google has also made it a requirement that phones running Android 15 or later allow users to share their emergency contacts during emergency calls. Users have to opt into this but it’s a handy feature that would allow emergency services to update emergency contacts on what’s going on.

Technically, phone makers will still be able to avoid these requirements, but they’ll be locked out of GMS like the Google Play Store if they do, so we don’t imagine many will choose to do that.

You might also like

• Best cheap phones: all the top smartphone bargains
• Android 15: latest news and everything you need to know
• Android 16 will bring these 5 upgrades to your phone – including one I can’t wait to try out

Here's how to hitch a Waymo self-driving ride.

• The Switch-compatible version of the 8BitDo Ultimate 2 can be pre-ordered now in the US
• It's available at Amazon for $69.99
• In the UK, just the Windows and Android-compatible model is available

Looking to buy a new controller in anticipation for the release of the Nintendo Switch 2? You may want to check out the 8BitDo Ultimate 2, which has just had its pre-orders go live at Amazon US.

US shoppers can pre-order the 8BitDo Ultimate 2 for $69.99 at Amazon, and the controller is due to ship between April 21 - 28 depending on your location and delivery options.

Pre-orders have also been available in the UK for a while; here, you can place an order down for an impressively affordable £49.99 at Amazon.

That's a good deal cheaper than its US counterpart. In the UK, the 8BitDo Ultimate 2 is slated to release on April 25. However, it's worth noting that this model is specifically the Windows and Android-compatible model. No Switch version in this region as of yet.

Pre-order the 8BitDo Ultimate 2 controller

The 8BitDo Ultimate 2 is worth considering especially if the lack of Hall effect sticks on the Switch 2 Pro Controller is a factor of disappointment for you. By all accounts, this looks to be an improved version of the Ultimate, which is currently sits atop our best Nintendo Switch controllers guide.

UK pre-order price: Amazon - £49.99View Deal

While I've yet to personally test and review the 8BitDo Ultimate 2, it does seem like a straight upgrade over the original 8BitDo Ultimate which still sits as our 'best overall' entry in our best Nintendo Switch controllers buying guide.

According to the manufacturer, the Ultimate 2 boasts TMR thumbsticks which are essentially a Hall effect variant that offers even greater precision and longevity. We've also seen TMR sticks employed in the GameSir Tarantula Pro to great effect.

If you've already managed to secure a Nintendo Switch 2 pre-order, then I highly recommend checking out the 8BitDo Ultimate 2. While I thought the Switch 2 Pro Controller was a marked upgrade in my recent hands-on impressions, the Ultimate 2 is slightly cheaper ($69.99 as opposed to $74.99) and is confirmed to have drift-resistant sticks.

And of course, if you're sticking with the original Nintendo Switch, the 8BitDo Ultimate 2 will be compatible with it as well as PCs and Android devices.

You might also like...

• The PS5 Digital Edition has been hit with a price hike in some regions, but in great news for PS5 Pro owners the disc drive has seen a price cut
• Nintendo Switch 2 Edition games will contain the upgrades on the cartridge, but it seems Breath of the Wild DLC will still need to be purchased separately
• Nintendo says its divisive Game-Key Cards will help 'future-proof' the Switch 2

• Metro 2033 was first released on March 16, 2010
• To celebrate the game's 15th anniversary, its 2014 remake is now free to keep on Steam
• The developers have also shared some small details on the next Metro game

Post-apocalyptic first-person shooter Metro 2033 originally released on March 16, 2010. The debut title from developer 4A Games, the game spawned multiple sequels and even a recent VR (virtual reality) spin-off in Metro Awakening.

Now, the studio has shared a new blog post to commemorate the game's 15th anniversary. "The legacy and success of Metro over the past decade and a half is something we at 4A Games are incredibly proud of," the post begins. It then reveals that long-time collaborator Dmitry Glukhovsky, author of the Metro book series upon which the games are loosely based, will continue working closely with the studio on "our next Metro title."

"It is amazing to see the advancement from the pages of a novel, into a fully realized game, through ever-improving sequels, and now into a global franchise with million of players," it continues. The anniversary will be marked with "events, deals and celebratory content on the Metro social media channels" with fans encouraged to share their fondest memories and favorite moments with the hashtag #Metro15.

Originally founded in Ukraine, 4A Games is now headquartered in Silema, Malta - though retains a 150 strong team in Kyiv. In addition to a new Metro game, the studio is currently working on "a brand-new unannounced IP" and wants to assure fans that "work is continuing on both of our projects despite missile strikes, air-raid sirens, and terror still raining down on Ukraine."

"These circumstances are incredibly challenging, the situation remains dangerous and not within our control, but we are currently as safe as possible," the post reads. "We want to manage your expectations around the reveal of the next Metro title, it will be ready when it is ready, and we can’t wait for you to see it."

With this in mind, I wouldn't expect much more news about the upcoming game any time soon. Still, the post reveals that it will feature "an even darker story" with an emphasis on themes like "conflict, the struggle for power, the horrors of tyranny, and the price of freedom" for a "hard-hitting, political, anti-war" story.

If you head over to Steam right now, you are able to claim a free copy of Metro 2033 Redux, the 2014 remaster of Metro 2033, to keep which would be the perfect introduction to the franchise for newcomers. This offer is only available to until April 16, so I would act fast if you want to get your hands on it.

You might also like...

• Nintendo Switch 2 vs Nintendo Switch: comparing price, specs, design, features and more
• Nintendo Switch 2 pre-orders live: all the latest links to check as UK begins second week, while US pre-orders remain delayed
• I spent four hours with Nintendo Switch 2, and it hasn't just exceeded my expectations – it's blown them away

• OnePlus has confirmed that the OnePlus 13T will be announced on April 24
• This initial launch is just for China
• The company has also revealed the screen size and colors of the phone

The OnePlus 13T will be announced on April 24, the company has confirmed, although in typical OnePlus fashion you won’t have to wait until then to get an official look at the phone, as it has already been shown off.

A short teaser video posted to Chinese social media platform Weibo (via GSMArena) shows the front and back of the OnePlus 13T in full, complete with a flat back, curvy corners, and a choice of gray, pink, or black shades, as you can see below.

You can also see that there’s a new button on the side in place of the alert slider we’re used to on OnePlus phones, and the company has previously confirmed that it's a customizable key that sounds similar to the Action button on iPhones.

The OnePlus 13T (Image credit: OnePlus) A small screen and a big battery

In another post the company revealed that the 13T will have a 6.32-inch screen, and in an earlier teaser OnePlus said its battery would be at least 6,000mAh, which is especially impressive given that the OnePlus 13T sounds fairly compact by modern smartphone standards.

That’s all the official news we have, but leaks have suggested that the OnePlus 13T will have a Snapdragon 8 Elite chipset, 16GB of RAM, a 50MP main camera, a 50MP telephoto (with 2x optical zoom), and possibly an ultra-wide camera, the specs of which haven’t yet been the subject of leaks or rumors.

So this is sounding like an impressive phone – if the price is right. We should have a clearer idea of how good the OnePlus 13T is very soon, although note that, as mentioned, the April 24 announcement is just for China.

Hopefully though we won’t be waiting too much longer for a global launch, as it sounds like a promising compact alternative to the OnePlus 13.

You might also like

• Best OnePlus phones: the top flagship, budget, and foldable models ranked
• OnePlus 13 review: I'm dumbfounded, I can't find anything wrong with this phone
• Best Android phones: top performing and most affordable

Rates this high won't last forever.

• Car rental giant Hertz confirms suffering a data breach
• The attack occurred through Cleo, a file transfer service provider
• The threat actors abused a zero-day to get in

Car rental giant Hertz has confirmed suffering cyberattack which saw it lose sensitive customer information.

In a data breach notification letter published on its website, the company said that the incident involved Cleo Communications, a software company that provided file transfer services for Hertz “for limited purposes”.

The report says an unidentified threat actor exploited a zero-day vulnerability in the Cleo platform to exfiltrate sensitive data in October and December 2024. The attack was spotted in mid-February 2025, prompting an investigation, with the analysis concluding some customer data was taken.

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)View Deal

Hallucinating malware

“We completed this data analysis on April 2, 2025, and concluded that the personal information involved in this event may include the following: name, contact information, date of birth, credit card information, driver’s license information and information related to workers’ compensation claims,” the announcement reads.

“A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event.”

The exact number of affected individuals is not known at this time, with a company spokesperson saying it would be, “inaccurate to say millions” of customers are affected.

The identity of the attackers, or the nature of the breach, is also unknown at this time. It most likely wasn’t a ransomware attack, since it took the company months to realize it was hacked. That being said, this was most likely a simple data smash-and-grab.

To mitigate the damages, Hertz is offering two years of identity monitoring and dark web monitoring services to potentially impacted individuals, through Kroll, at no cost.

At press time, there was no evidence that the stolen data was misused in any way.

Via TechCrunch

You might also like

• Cl0p resurgence drives ransomware attacks to new highs in 2025
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Commentary: The paid feature helps you edit and track changes as you go. I took it for a spin.

Need reliable internet in Auburn? We've found the best providers in the city, from those offering low-cost internet plans to super-fast speeds.

More than 250 companies have signed the “Secure-by-Design” (SBD) pledge from the Cybersecurity and Infrastructure Security Agency (CISA). By committing to the voluntary pledge, software manufacturers are promising to increase multi-factor authentication (MFA) for products; better enable customers to do their own patching; reduce default passwords; and decrease vulnerabilities, among additional proactive, protective practices.

By embedding cyber defense from the outset of product development and system architecture, SBD is intended to transform cybersecurity from an afterthought to an essential, core element of design. Companies that fail to adopt this approach run the risk of falling behind in their security and compliance maturity, while losing consumer trust. They also could run into some very expensive problems, as the average cost of a data breach has increased to $4.88 million – up from $4.45 million in 2023.

Implementing an SBD strategy

So how do organizations effectively implement an SBD strategy? They can start by looking at the financial services sector, which is often more willing to invest in innovative approaches to security upskilling and additional preventative measures than other industries. These institutions are taking such steps because, frankly, they have to, given the immense challenges they face:

Increasing – and more costly – threats

If history has taught us anything, it’s that cyber criminals always follow the money. Financial organizations are experiencing 1,115 breaches a year, which ranks #4 among all verticals.

Regulatory pressures

The Payment Card Industry Data Security Standard (PCI DSS) and the European Union’s General Data Protection Regulation (GDPR) require financial organizations to achieve higher levels of governance and security. As part of the ongoing compliance process, the industry’s developers must bring verified skills to properly configure sensitive databases, payment gateways and portals.

The critical – and fragile – state of consumer trust

Financial service firms’ customers expect no less than the absolute fortification of their personal data and transactions. If an institution suffers an attack that compromises any of this, it runs the risk of losing consumer trust with potentially devastating market/revenue consequences – if not extinction.

SBD developer readiness

Fortunately in our research, we have found that the financial industry is doing an exceptional job of positioning for SBD developer readiness. There is no quality that is more “make or break” in significance than the upgrading of the skills and tools of the people who innovate, develop and disseminate code at the heart of our digital systems.

Indeed, in taking a closer look at what these companies are doing, we get a better sense of the level of developer risk management this industry is pursuing– and can help lift other industries as they “shift left” in seeking to make good on the CISA pledge.

Investments in upskilling

On average, in organizations, there are less than four software security group (SSG) specialists for every 100 developers. Given how few of these specialists are on board, it’s no wonder that code-level vulnerabilities continue to plague most verticals.

This speaks to the urgency of developer upskilling, with a focus on flexible, dynamic training programs that align learning within the context of “real life” threats – a “learning by doing” approach. The financial sector is considered an early adopter of these and other initiatives aimed at building security into the software development life cycle (SDLC), and has achieved high maturity rates here as a result.

Benchmarking

To ensure upskilling initiatives are working, organizations must establish baselines and benchmarks to assess whether SBD is recognized as an indispensable part of their DNA. Such benchmarking should cover the state of developers’ security skills, awareness and the measurement of their success profile against that of other industry members. With this, these leaders will truly know if their teams have earned a “license to code,” and that the inherent risk of developers with low security skills is being managed and effectively improved.

Proactive threat modeling and testing

Financial services providers are quite good at regularly conducting threat modeling to address risks sooner rather than later – preferably before an attack ever has a chance to strike. The industry also relies upon strict code reviews, testing and audits to reveal vulnerabilities and additional areas of concern.

By following financial institutions’ lead in establishing a baseline for developer risk management activities and implementing the described best practices, organizations across the board will cultivate a winning developer-driven security culture. This environment will prepare developers to implement robust, secure code from start to finish, to the point in which this emerges as a habit they can perform at speed.

That’s when companies of all kinds will demonstrate they’re doing far more than simply signing CISA’s pledge – they’re delivering on its promise to make SBD a universal norm by acting now to defend the future.

We rate the best school coding platform.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro