This year’s research shows that, while most businesses have a ransomware strategy in place, many are incomplete. They’re either missing a documented plan or the right people to execute it. As a result, we see that many organizations are paying the ransom. Likewise, whilst many have cyber insurance, too many simply don’t know if or to what degree it covers them for ransomware attacks.

In the new Cybereason survey, 1,203 cybersecurity professionals from eight countries and a dozen industries were asking to describe the challenges currently faced by their SOCs and how they impact their plans for modernization. Nearly half of the respondents (49%) said ransomware is the most common incident type they deal with daily, followed closely by supply chain attacks (46%). Thirty-seven percent said daily alerts consumed most of their time, and 31% identified targeted attacks as a top daily concern.

A survey-driven report of 1,200 cybersecurity professionals from several countries. This survey focuses on the prevalence and impact of ransomware.

From the report, “What does 2018 hold in store for the defenders? Unfortunately, more of the same security drama, according to Cybereason’s researchers and analysts. Specifically, they identified the following as some of the bigger security trends in the new year: 01. Supply Chain Attacks Increase & Remain Underreported 02. Destructive Attacks Do Not Let Up 03. The Line Blurs Between APT Actors & Cybercriminals 04. Fileless Malware Attacks Become Ubiquitous” Read on to find out more.

The investigation of a massive cyber espionage APT (Advanced Persistent Threat) became a game of one-upmanship between attackers and defenders. Dubbed Operation Cobalt Kitty, the APT targeted a global corporation based in Asia with the goal of stealing proprietary business information. The threat actor targeted the company’s top-level management by using sophisticated spear-phishing attacks as the initial penetration vector, ultimately compromising the computers of vice presidents, senior directors and other key personnel in the operational departments. During Operation Cobalt Kitty, the attackers compromised more than 40 PCs and servers, including the domain controller, file servers, Web application server and database server.

This report offers a threat actor profile and indicators of compromise around the OceanLotusGroup actor.

Overpowering today’s attackers and responding to threats requires EDR plus NGAV. The bad guys treat all of an organization’s machines as possible entry points. EDR plus NGAV takes this concept and uses it to the defender’s advantage by using all of a company’s endpoints for protection.

Whether it’s referred to as threat hunting or hunt teaming, companies are increasingly taking a proactive approach to security by looking for evidence of threats that are already in their environments. Organizations have realized that waiting for antivirus, SIEMs and other security solutions to trigger an alert is not a practical approach to detecting sophisticated and stealthy adversaries since they know how to evade these tools. Hunting enables security teams to proactively answer the question “Am I under attack?”

There’s no clear and direct career path to the role of infosec executive. But, there are skills that can help you advance your career to the management level, such as deep technical knowledge, strong communication skills and having business acumen.

Don’t let Hollywood fool you: carrying out an attack doesn’t resemble the plot of an action movie. Attackers don’t automatically breach a network, immediately locate the information they want and then swiftly exit the organization. Attacks are complicated operations that unfold over multiple steps and take time, weeks and oftentimes months to achieve the desired goals.

What’s not open to discussion is that the role of information security executives has evolved. CISOs may now find themselves talking to investors about how an attack impacted quarterly earnings in addition to more traditional duties like managing a SOC.