In this, our launch issue of CyberTheory, we will explore the current and future state of cybersecurity, the key issues driving the shift in the corporate board room perception of cyber-risk and add substantive analysis to what we believe are the most engaging topics in the space.

The 2019 Dark Reading State of IT Operations and Security Operations survey uncovered some important developments in the way enterprises are managing security in the data center – and in the boardroom. Here are some key takeaways: • 57% of respondents said IT and security staff communicate well, up from 47% last year. • 20% of organizations involve the security team at the start of every major IT project. • 69% of respondents say that the security team holds primary responsibility for compliance and privacy; this figure rose significantly – more than 12% – from our 2018 survey. • 90% of organizations expect the security team to take charge of developing and setting security policy. • 80% said the IT operations team is primarily responsible for patch management. • 20% of organizations have a distinct security department that operates separately from the IT team. • 18% of organizations have a fully-staffed security function. • 37% said the security operations team is most likely to be the first to detect and alert others about security incidents in the organization.

Gemalto outlines changes to threats in 2017, including data from incidents in the year.

This report covers connectivity trends for 2020. It goes over four main key findings, including that data silos are slowing digital transformation, that organizations are reaping the benefits of APIs, that IT teams with an API strategy drive greater business outcomes, and that top-down API strategies are the most effective.

A focused subset of Cisco’s 2018 full Cyber Security Report, focusing on cloud security practices.

2020 edition of the Unit 42 Cloud Threat Report, ourteam of elite cloud threat researchers focused theirattention on the practices of DevOps. The research aimedto uncover where cloud vulnerabilities are surfacing.DevOps teams are shortening the time to productionusing infrastructure as code (IaC) templates. But the IaCtemplates themselves are not the issue. It’s the flawedprocess by which they are being created.

In our 25-criterion evaluation of data security portfolio providers, we identified the 13 most significant ones — Dell, Digital Guardian, Forcepoint, Google, GTB Technologies, IBM, Imperva, McAfee, Micro Focus, Microsoft, Oracle, Symantec, and Varonis — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk (S&R) professionals understand the respective strengths of each vendor’s portfolio.

A survey-based review of how and why organizations are adopting cloud technologies, specifically from a business growth perspective. Makes some specific recommendations and has discussion on CASB solutions.

This report covers penetration prevention in the last year. It covers changes in penetration prevention such as the levels of risk incurred by applications, the way the shift to the cloud affects risk, and how the size of the business affects risk.

Agari recently surveyed 305 senior European IT security professionals to better understand the region’s email threat landscape from the perspective of those fighting on the front lines against business email compromise (BEC), spear phishing, and other targeted email attacks. What emerges is a snapshot of a continent plagued by frictionless email scams that evade technical security controls and successfully hack the human psyche.

The 2020 Insider Threat Report reveals the latest trends and challenges facing organizations, how IT and security professionals are dealing with risky insiders, and how organizations are preparing to better protect their critical data and IT infrastructure.

The 2019 Data Exposure Report is based on our survey of 1,028 information security leaders, as well as 615 business decision-makers, all with budgetary decision-making power. The report examines the role of employee actions in causing insider threat, organizational attitudes toward intellectual property and the ability of legacy data loss prevention technologies to stem insider threats.

This report investigates the ways in which organizations can support engineering productivity through initiatives such as supporting information search, more usable deployment toolchains, and reducing technical debt through flexible architecture, code maintainability, and viewable systems.

This report goes in depth on the state of software security, going into overall security, application security testing, how flaws are and are not equal, and security debt.

A survey of over 300 security professionals on security operations center (SOC) practices and how those practices relate to outcomes.

A review of current maturity levels and practices as seen from Micro Focus’s five year history of reviewing security programs.

The goal of this initiative was to identify trends impacting cyber security decisions, the top cyber security priorities for 2020 and beyond, the focus of risk mitigation strategies, and to highlight the overall beliefs and perceptions held by senior executives regarding the state of the cyber threat landscape and how the cyber security industry, governments and regulatory agencies are responding to their needs.

The insurance industry has been asked by Lloyd’s, regulators, and its own senior management to understand its exposure to this type of cyber risk. To address this, AIR has developed a comprehensive database of industry exposures that provides the information insurers need for accurate modelling and has used it to form the basis of the alternative modelling approach described in this report. The results of this cloud downtime scenarios analysis could help insurance managers gain insights into how to grow their cyber business in a controlled and prudent manner.

This 2019 edition of the SANS Security Operations Center (SOC) Survey was designed to provide objective data to security leaders and practitioners who are looking to establish a SOC or optimize their existing SOCs. The goal is to capture common and best practices, provide defendable metrics that can be used to justify SOC resources to management, and to highlight key areas on which SOC managers can focus to increase the effectiveness and efficiency of security operations.

This report goes in depth into the state of Internet security, including how companies are storing data, orgation’s internet surface areas, and where exposures exist the most.

This publication looks into the safety of cloud and on-prem environments.