This latest installment of the Prioritization to Prediction research series, created by the Cyentia Institute and sponsored by Cisco (formerly commissioned by Kenna Security), does just that: It explores the KEV and gives some context to what it means (and doesn’t mean) for other organizations. Moreover, we demonstrate how the KEV can fit into any risk-based vulnerability management program. In fact, here are some key findings, but you’ll really want to read the whole report to get the good stuff.

This report has been put together using CISA’s KEV Catalog and the month-on-month analysis that CSW’s researchers have delivered to our customers for the past year. Our researchers used the NVD, MITRE, and other repositories to map each vulnerability to Tactics, Techniques, and Procedures (TTPs) to understand the actual risk posed by these vulnerabilities. We cross-referenced the KEVs with our ransomware and threat groups’ database maintained in Securin Vulnerability Intelligence (VI) to provide additional threat context to the KEV Catalog. We have also used our proprietary threat intelligence platform (Securin VI) to predict and recommend vulnerabilities that need to be a part of the KEV Catalog.

The global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud, now in its third year, is sponsored by Hewlett Packard Enterprises (HPE) to look deeply into the critical actions needed to close security gaps and protect valuable data. In this year’s research, Ponemon Institute surveyed 2,084 IT and IT security practitioners in North America, the United Kingdom, Germany, Australia, Japan, and for the first time, France. All participants in this research are knowledgeable about their organizations’ IT security and strategy and are involved in decisions related to the investment in technologies.

In our Security Report, we discuss a few more trends observed by cp throughout the year. The Russia-Ukraine war demonstrated how the traditional, kinetic, war can be augmented by a cybernetic war. It has also influenced the broader threat landscape in the rapid changes of hacktivism and how independent threat actors choose to work for state-affiliated missions.

This AT&T Cybersecurity Insights report focuses on connecting and securing the entire edge computing ecosystem. This report presents a perspective that recognizes the essential characteristics of and key differences among edge architectures and provides a realistic picture of the state of edge.

The FutureSec State of Security Report 2023 is a comprehensive analysis of the current state of cybersecurity, highlighting the challenges and trends in the industry. The report reveals the increasing sophistication of cybercriminals and the emerging threat of cyber-warfare and cyberterrorism. With a significant shortage of skilled cybersecurity professionals, organizations are struggling to keep up with the rising threats and costs of data breaches. The report further discusses the concept of zero trust and how Softchoice can work with organizations from consultation to implementation to optimization. Download the report now to learn about the latest developments in cybersecurity and how to protect your organization.

This report, our third in an annual series, draws upon a comprehensive survey of corporate digital forensics & incident response (DFIR) professionals in North America (NA) and Europe, the Middle East, and Africa (EMEA), and aims to provide intelligence—with analysis, interpretation, and insights, rather than just data— tailored to the needs of enterprise decision-makers, particularly those involved with IT, cybersecurity, and governance.

As health care delivery organizations have increased their reliance on health information technology, they have also increased their exposure to new cybersecurity risks, such as ransomware attacks.

This is the tenth edition of the ENISA Threat Landscape (ETL) report, an annual report on the status of the cybersecurity threat landscape. It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis. It also describes relevant mitigation measures.

This report features some of the most compelling data from our survey and gives actionable insights to leaders hoping to accelerate progress and enhance the employee experience in the Everywhere Workplace.

In our annual Threat Report, the Deepwatch Adversary Tactics and Intelligence (ATI) team provides data on the leading cybersecurity threats that SOC security analysts faced in 2022, and offers predictions of what teams will likely face in 2023. With analysis from ATI research and Deepwatch customer engagements, we review the types of volumes of threats, look at the challenges in visualization and identification, and consider what lingering or growing threats SOC teams should prioritize.

Our latest cybersecurity research reveals some organizations are using cybersecurity as a differentiator to deliver better business outcomes. Those organizations that closely align their cybersecurity programs to business objectives are 18% more likely to increase their ability to drive revenue growth, increase market share and improve customer satisfaction, trust and employee productivity.

In this, our seventh annual survey, we added many questions but didn’t really take any away. Our new areas of focus include operational threat hunting, threat intelligence, data ingestion into the SIEM, and SOAR, as well as more detailed questions relevant to staff hiring and retention.

In this eBook, we will discuss the challenges of securing today’s rail networks in the face of increasingly frequent and severe cyber threats, the impact of intensifying regulatory requirements and the potential damage that malicious actors could leave behind. Finally, we will explore the most critical things to look for in a security solution for rail transportation networks.

In this report you’ll gain valuable insights into the current state of cyber resilience, understand the latest threats, trends, and best practices to protect your organization effectively. Discover proactive strategies and technological solutions to bolster your organization’s cyber defenses, mitigating risks and minimizing the financial impact of potential cyber attacks.

This paper seeks to introduce some of the new knowledge sources and actionable data, along with a data-driven approach that puts custom cyber intelligence at the center of the process seeking to deliver the tools to help the organization stay as close to the front of the race as possible.

In the two years since our inaugural State of Observability report, we’ve seen the number of organizations getting started with observability rise substantially, and a whopping 87% of respondents now employ specialists who work exclusively on observability projects. There are plenty of good reasons so many businesses are jumping on the observability bandwagon. We surveyed 1,750 observability practitioners, managers and experts to examine that state of observability - from the success of today to the ambitions of tomorrow.

Within this context, we surveyed over 2,000 cybersecurity decision-makers in 22 countries, working in enterprises with over 500 employees, to understand the current state of business enablement. More precisely, we wanted to identify, with data, the kinds of attributes that have a meaningful impact on business enablement, including alignment, skills, and organizational structures. In this report, you’ll get a picture of the current situation and understand some of the drivers that determine not just cybersecurity posture but also business success.

This report aims to take a look at the times when things did not work as intended—not to point fingers but to help us all learn and improve. In a time where almost everyone, corporations and individuals alike, is looking at ways to do more with less, we believe a close analysis of when our defenses failed can be very beneficial. While times of great change are always challenging, they often also prompt us to take stock of our situation and, if necessary, refocus both our viewpoint and our energies. Such is the case with the DBIR this year. As a team, we decided to take a step back toward the fundamental things that got us where we are, an intense focus on actual data breaches analyzed using our own VERIS Framework. And speaking of VERIS, one of the new goodies this refocusing brings is an even better mapping between VERIS and MITRE ATT&CK through a collaboration with MITRE Ingenuity and the Center for Threat Informed Defense (CTID).

For the last eight years, we’ve produced the State of DevOps report, hearing from over 33,000 professionals worldwide. We’ve outlined the DevOps practices that drive successful software delivery and operational performance, with a deep focus on security for the 2022 report.

The research revealed that the rate of ransomware attacks has remained level, with 66% of respondents reporting that their organization was hit by ransomware in the previous year, the same as in our 2022 survey. With adversaries now able to consistently execute attacks at scale, ransomware is arguably the biggest cyber risk facing organizations today.