The fifth edition of Edgescan’s vulnerability statistics report. Uses both scan data and survey data to report on vulnerability management, with a special focus on web application vulnerabilities.

Using breach information from Advisen, this report seeks to fill in missing gaps in the loss frequency and impact side of quantitative risk analysis. Using real world reported data on publicly-discoverable breaches, commonly held myths of cost per record estimates are debunked and replacement hard statistics are given to replace incorrect estimates.

Using breach data from Advisen, this report defines ripple effects of breaches as the impacts on companies more than one degree of separation from the company directly affected by the breach. As vendor relationships are both broad and deep, a breach in any one company in a network can have distant effects on companies not directly related. The implications upon third party risk management are explored.

The second annual application protection report (APR) from F5 Labs combines data from F5’s global customer base with network telemetry from Baffin Bay to catalog and analyze the major threats facing application security practitioners. Includes recommendations for appsec professionals.

This threat report covers traffic and attack trends, with industry and geographical breakdowns, for the first several months of 2020. A special focus on the use of cloud and SAAS providers supporting telework is included.

Insider threat continues to be a problem for organizations, regardless of size or industry. Companies are trying to mitigate this risk by continuously investing in tools, people, and processes. The Securonix Threat Research Team has analyzed hundreds of incidents across several industry verticals in order to understand the various behavior patterns that impose risk to organizations. In this report we take a closer look at such behaviors by examining reallife incidents across number of dimensions such as motive and type of risks against industry verticals.

A special edition of the Veracode SOSS series, focusing on the vulnerabilities present in open source software libraries and the surrounding ecosystem.

Verizon’s 2020 edition of the keystone DBIR. Covering breaches and attack trends across the previous year.

Advice for CIOs building strategic initiatives around digital transformation.

The 2020 data breach report from the events managed by the BakerHosteltler incident response team. Trends, timelines, and losses are covered.

Mandiant’s 2019 edition of their threat intel report. Focusing on significant trends in attack TTPs over the past calendar year.

A lot of progress has been made in the past few years around requirements. Next steps in this area include identifying when and why to update intelligence requirements—even ad hoc adjustments can be planned for by identifying the circumstances under which they would need to be changed. It is also clear that there are numerous positive trends in the community, such as more organizations producing intelligence instead of just consuming it. But there are also many challenges, such as getting the appropriate staffing and training to conduct cyber threat intelligence. Tools and data sources are always going to be vital to the process, but the world of intelligence analysis is inherently analyst driven and a focus is rightfully placed there.

This report from Cisco proves 10 cyber security myths false.

In this report, we’ll dig deeper into the survey results and present our own understanding of these statistics, as well as analysis from Dr. Gonzalez, insights from cybersecurity experts, real-world phishing stories from our customers and partners, and tips on how to stay safe from phishing threats.

The 2020 Internet of Evil Things survey results are in. This year we’ve polled over 200 cyber security professionals at the RSA conference in San Francisco, USA on their experience of managing wireless security, including their awareness and preparedness of wireless cyberattacks on their organization.

As people settle into the new way of working with many organizations working from home, it comes as no surprise that attention now turns to being productive as well as secure. In a recent survey, Barracuda found that almost half (46%) of global businesses have encountered at least one cybersecurity scare since shifting to a remote working model during the COVID-19 lockdown. What’s more, an astounding 49 percent say they expect to see a data breach or cybersecurity incident in the next month due to remote working.

To understand how consumers felt about card fraud against this changing landscape, we surveyed 4,000 consumers across the U.S. and the U.K. (on February 16 and 17, using Propeller Insights) to get a sense of how impacted they’d been, how concerned they were, and how they wanted their banks, financial services, providers and card issuers to respond to this growing threat.

This report goes in depth into the overall changes in data breaches in the first part of 2020. Some highlights are that the number of publicly reported breaches decreased by 42% from 2019. and the number of records exposed grew 273% since last year.

As more organizations move to the cloud and public cloud platforms gain more users and offer more services, cybercriminals will find ways to launch attacks and profit from compromise. As we’ve demonstrated in this research, misconfiguration in cloud services opens an organization to risks like cryptojacking, e-skimming, and data exfiltration. Container technologies in the cloud, when exposed, also pose similar risks. Finally, mismanagement of credentials and other secrets have costs that can grow as threats move across the cloud stack.

Akamai’s annual overview of security traffic trends for 2019.

An annual review of threat traffic and patterns across geographies as seen by NTT Security.