The biggest shift the IBM X-Force team observed in 2023 was a pronounced surge in cyberthreats targeting identities. Attackers have a historical inclination to choose the path of least resistance in pursuit of their objectives. In this era, the focus has shifted towards logging in rather than hacking in, highlighting the relative ease of acquiring credentials compared to exploiting vulnerabilities or executing phishing campaigns. Lack of identity protections was corroborated by IBM X-Force penetration testing data for 2023, which ranked identification and authentication failures as the second most common finding.

The IBM Security X-Force Threat Intelligence Index 2023 tracks new and existing trends and attack patterns and includes billions of datapoints ranging from network and endpoint devices, incident response (IR) engagements, vulnerability and exploit databases and more. This report is a comprehensive collection of our research data from January to December 2022.

This report offers IT, risk management and security leaders a lens into factors that can increase or help mitigate the rising cost of data breaches. This report also examines root causes, short-term and long-term consequences of data breaches, and the mitigating factors and technologies that allow companies to limit losses.

The IBM Security X-Force Threat Intelligence Index maps new trends and attack patterns we observed and analyzed from our data - drawing from billions of datapoints ranging from network and endpoint detection devices, incident response (IR) engagements, domain name tracking and more. This report represents the culmination of that research based on data collected from January to December 2021.

In this report, we show how this combination of AI and automation can deliver substantially better performance, whether in the form of speed, insights, or flexibility. These performance improvements enable cybersecurity teams to shift their focus to what really matters: proactively protecting against, detecting, responding to, and recovering from threats while reducing costs and complexity.

The 17th edition of the Cost of a Data Breach report. Focuses on survey derived information to determine the cost of data breach incidents.

A survey-baed report of 1,848 IT and IT Security professionals on the challenges with vulnerability prioritization and the importance of patch management for the prevention of breaches. Touches on the challenges of CMDBs and container security.

The 2020 update of this survey-based review of the costs of a data breach, as reported by practitioners in the field.

The fifth annual survey uses survey results from over 3,4000 It and security professionals on organization’s ability to detect, prevent, contain, and respond to cybersecurity incidents.

Using case data from IBM’s external incident response service involvement in cloud-related security incidents over 2019, this report covers threat actors, threat actions, common control weaknesses, and makes recommendations for increase cloud security postures. Additional data contributed by Intezer and DarkOwl.

Ponemon Institute is pleased to present the findings of the 2020 Cost of Insider Threats: Global study. Sponsored by ObserveIT and IBM, this is the third benchmark study conducted to understand the direct and indirect costs that result from insider threats.

X-Force Incident Response and Intelligence Services (IRIS) compiled IBM Security software and security services analyses from the past year, which show that 2019 was a year of reemerging old threats being used in new ways.

This poll was conducted from April 23-24, 2019, among a national sample of 2201 U.S. Adults. The interviews were conducted online and the data were weighted to approximate a target sample of Adults based on age, race/ethnicity, gender, educational attainment, and region. Results from the full survey have a margin of error of plus or minus 2 percentage points.

Some key headlines from this report include; A majority of the public is more concerned about cyber security that it was five years ago, A majority are confident that companies can protect their data and help in the wake of a breach, Most feel business’ focus on profits could negatively impact cybersecurity commitment. Read on for further insight.

Researchers from the IBM X-Force Incident Response and Intelligence Services (IRIS) team identified a missing link in the operations of a threat actor involved in recent Shamoon malware attacks against Gulf state organizations. These attacks, which occurred in November 2016 and January 2017, reportedly affected thousands of computers across multiple government and civil organizations in Saudi Arabia and elsewhere in Gulf states. Shamoon is designed to destroy computer hard drives by wiping the master boot record (MBR) and data irretrievably, unlike ransomware, which holds the data hostage for a fee.

IBM fielded a US-based consumer and business research study to determine the value people place on data and their awareness and knowledge about ransomware. The results are alarming.

This white paper contains IBM’s suggestions for accelerating the process of becoming compliant with Europe’s GDPR.

IBM Security and Ponemon Institute are pleased to release the 2018 Cost of Data Breach Study: Global Overview1. They conducted interviews with more than 2,200 IT, data protection, and compliance professionals from 477 companies that have experienced a data breach over the past 12 months. According to the findings, data breaches continue to be costlier and result in more consumer records being lost or stolen, year after year.

This paper takes a look at how cognitive technologies will impact security in the IoT systems. It addresses a variety of issues related to CIoT and the future that lies ahead.

This global study examines 383 companies in 12 countries. It finds that $4 million is the average total cost of a data breach. It sees a 29% increase in total costs of data breaches since 2013. It finds that $158 is the average cost per lost or stolen record. Finally, there has been a 15% increase in per capita cost since 2013.

This paper is an Analysis of cyber attack and incident data from IBM’s worldwide security services operations.