This report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked data bot requests, anonymized over thousands of domains. The goal os this report is to provide meaningful information and guidance about the nature and impact of these automates threats.

In this report, data reveals that on average, in 2021, a typical company with 400 developers would discover 1,050 unique secrets leaked upon scanning its repositories and commits. With each secret detected in 13 different places on average, the amount of work required for remediation far exceeds current AppSec capabilities: with a security-to-developers ratio of 1:100.

The 2022 report included data from NetDiligence studies published in 2018-2021, representing 4,036 incidents that occurred in previous years. After the elimination of claims that were less than $1,000, the combined dataset included 6,411 incidents each one a cyber incident insurance claim.

This report, Keeper’s second annual U.S. Cybersecurity Census, maps the transforming landscape of cybersecurity based on these expert insights. It provides leaders with a forensic assessment of the threats their businesses face, and details the urgent strategies necessary to overcome them.

The 2021 VPN Risk Report surveyed 357 cybersecurity professionals, providing insight into the current remote access environment, the state of VPN within the enterprise, the rise in VPN vulnerabilities, and the role that zero trust will play in enabling access to apps going forward.

In this edition, we look at the attacks and trends in the gaming industry during 2020. It was a volatile year, and we’re not just speaking about the pandemic. Web attacks targeting the gaming industry were up 340% year over year between 2019 and 2020, and credentials stuffing attacks were up 224%. Strangely enough, DDoS attacks against the gaming industry fell by nearly 20% during the same period.

Mimecast’s State of Email Security 2022 (SOES) study sheds light on the gains in cyber resilience that many companies are making, even as it reveals shortfalls and places where there is considerable room for improvement.

The scourge of ransomware has resulted in an entire ecosystem necessary to combat its spread and prevent organizations from becoming victims of an increasingly motivated set of criminals. Our research, which gleaned insights from close to 400 survey responses in July of 2022, provides key data points that infer strong correlation between organizations with board involvement in ransomware preparedness and positive outcomes related to it.

The Secureworks Counter Threat Unit (CTU) research team analyzes security threats to help organizations protect their systems. During May and June, CTU researchers identified the following noteworthy issues and changes in the global threat landscape: government-sponsored threat groups use ransomeware to, don’t leave the door to your data unlocked, and business email compromise (BEC) is as big a problem as ransomeware.

The State of XIoT Security report is Claroty’s contextual analysis of cyber-physical security. The data presented in this edition of the report covers the first six months of 2022, and sheds light on the key trends and recommended actions you can apply within your enterprise.

The EY Global Information Security Survey 2021 (GISS)finds Chief information Security Officers (CISOs) and security leaders battling against a new wave of threats unleashed by COVID-19. Our report illustrates the devastating and disproportionate impact that the crisis has had on a function that is striving too position itself as an enabler of growth and a strategic partner to the business. It also outlines what cybersecurity leaders need to know now about their current operating environment and what they need to do to transform it.

The year’s Global Economic Crime and Fraud Survey enquired about organizations’ attitudes towards fraud and financial and economic crime in the current environment and drew responses from 1,296 respondents in 53 countries and regions. This survey, our first snapshot of 2022, homed in on fraud trends and conduct risk.

This report summarizes our findings and provides a resource for benchmarking an organization’s approach to risk oversight against current practices. In addition to highlighting key findings for the full sample of 560 respondents, we also separately report many of the key findings for the following subgroups of respondents: 152 large organizations (those with revenues greater than $1 billion), 129 publicly traded companies, 151 financial services entities and 156 not-for-profit organizations.

BlueVoyant performed a cyber posture analysis of the vendors in the media industry sector. The approach was to identify and analyze the most prevalent vendors in the industry, as well as look at the extended vendor ecosystem for comparison, to gain a deep understanding of the issues the industry is facing. A total of 485 vendors were assessed.

In our H1 2022 FortiGuard Labs Threat Landscape Report, we examine the cyber threat landscape during the year’s first half to identify trends and offer recommendations about what CISOs and security teams should pay close attention to in the months ahead. The report’s findings are based on data collected through our global array of sensors monitored by the FortiGuard Labs team.

First, the bad - adversaries continued to innovate and alter strategies aimed at taking down DDoS protections with direct-path DDoS attacks and high-powered server-class botnets. Meanwhile, a little good news came in the way of a decrease in some reflection/amplification vectors, floating overall DDoS attack number down. Despite this decrease, the bad news tells us we must remain vigilant to combat ever-changing attacker methodologies and tactics.

This report aims to bring new insights into the reality of ransomware incidents through mapping and studying ransomware incidents from May 2021 to June 2022. The findings are grim. Ransomware has adapted and evolved, becoming more efficient and causing more devastating attacks. Businesses should be ready not only for the possibility of their assets being targeted by ransomware but also to have their most private information stolen and possibly leaked or sold on the Internet to the highest bidder.

The IBM Security X-Force Threat Intelligence Index maps new trends and attack patterns we observed and analyzed from our data - drawing from billions of datapoints ranging from network and endpoint detection devices, incident response (IR) engagements, domain name tracking and more. This report represents the culmination of that research based on data collected from January to December 2021.

This report is to share notable trends and investigations to help inform our community’s understanding of the evolving security threats we see. During some quarters, our reporting may focus more on a particular adversarial trend or tactics we see emerge across different threat actors. During other quarters, we may dive into an especially complex investigation or walk through a novel policy application and relate threat disruptions.

Get the latest Cortex Xpanse “Attack Surface Threat Report” to understand the risks, and learn how automation can help security teams stop chasing a moving post and reduce risks. The Cortex Xpanse research team studied the global attack surface by monitoring scans of 50 million IP addresses associated with 100+ global enterprises and discovered that the attack surfaces of all industries continue to grow. As security teams struggle to keep up, the constant stream of new issues becomes an ever-expanding backlog of exposure - misconfigured RDP, exposed admin portals, insecure Apache Web servers or Microsoft Exchange servers, and more.

The eleventh annual Flexera 2022 State of the Cloud Report (previously known as the RightScale State of the Cloud Report) explores the thinking of 753 respondents from a survey conducted in late 2021. It highlighted year-over-year (YoY) changes to help identify trends. The respondents global cloud decision-makers and users-revealed their experiences and insights about the public, private and multi-cloud market.