Our goal is that this report serves as a crucial resource in enhancing your strategies and defenses in the battle to protect your organization’s assets and integrity against insider risks. This survey, capturing responses from 467 cybersecurity professionals across diverse sectors, seeks to uncover the nature of insider threat challenges faced by organizations, focusing on understanding the factors driving these threats, their detection and mitigation complexities, and the effectiveness of insider threat programs.

Marking its fourth year of publication, the Red Report 2024 provides a critical dive into the evolving threat landscape, presenting a detailed analysis of adversaries’ most prevalent tactics, techniques, and procedures (TTPs) used throughout the past year. Conducted by Picus Labs, this annual study examines over 600,000 malware samples and assesses more than 7 million instances of MITRE ATT&CK techniques. It gives security teams invaluable insights into the techniques that pose the most critical cyber risk to organizations.

In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations remain consistent with prior years, there were some surprising takeaways, including a shift in the most impactful threats. The most widespread threat to WordPress security in 2023 was Cross-Site Scripting, as techniques for taking over websites by adding malicious administrators and backdoors have become mainstream.

In our 11th annual Data Breach Industry Forecast, we looked more broadly than ever before at trends and data on a global scale as data breaches have no borders. This, along with the fact that nationstate-sponsored gangs and attacks are becoming increasingly more strategic and purposeful due to political conflicts or interests, made it fitting to expand our lens. Our predictions come from Experian’s long history of helping companies navigate breaches over the past 21 years. Here’s where we expect to see some hard to believe, but possible developments in the world of data security incidents in 2024.

While third-party risk management is a well-established practice, it’s also continuously evolving. Organizations of all sizes and industries must continually adapt and change to effectively identify, assess, manage, and monitor third-party risks. By analyzing the third-party risk management landscape and practices captured in our survey, organizations can see where they stand compared to their peers and consider that information as they prepare and implement changes this year and beyond.

The healthcare sector is particularly vulnerable to cybersecurity risks and the stakes for patient care and safety are particularly high. Healthcare facilities are attractive targets for cyber criminals in light of their size, technological dependence, sensitive data, and unique vulnerability to disruptions. And cyber incidents in healthcare are on the rise.

To help businesses measure cyber attack readiness, we analyzed performance data from the 982 corporate security teams and 5,117 professionals who participated in our global CTF competition. HTB Business CTF: The Great Escape featured over 30 hacking challenges based on the live threat landscape covering areas such as forensics, blockchain, cloud, and more.

COVID-19 has dramatically changed the workplace and has created new cybersecurity risks and exacerbated existing risks. The purpose of this research, sponsored by Keeper Security, is to understand the new challenges organizations face in preventing, detecting and containing cybersecurity attacks in what is often referred to as “the new normal”. All respondents in this research are in organizations that have furloughed or directed their employees to telework because of COVID-19.

The 2023 State of Web Application Security Report investigates the evolving security practices, tools, and technologies employed by organizations worldwide to enhance file upload security. 97% of survey participants reported using containers in environments that host web applications. Additionally, web applications that accept file uploads are increasingly being hosted on cloud-based platforms, including both Infrastructure as a Service (IaaS) and Software as a Service (SaaS) solutions

This report is sponsored by RiskRecon, a Mastercard Company and conducted by Ponemon Institute, 1,162 IT and IT security professionals in North America and Western Europe were surveyed. All participants in the research are familiar with their organizations’ approach to managing data risks created through outsourcing. Sixty percent of respondents said the number of cybersecurity incidents involving third parties have increased.

When you overlap Resilience’s claims data with data from ransomware incident response partner Coveware, blockchain analytics firm Chainanalysis, security partner Zscaler, and security firm Sophos, it reveals five key findings that impact both network defenders and the cyber insurance industry at large.

The Threat Horizons Report will continue to highlight advanced threats to the cloud, sophisticated attack campaigns, and novel techniques used to target victims in the cloud. By focusing on good cloud hygiene, defenders will raise the bar necessary for attackers to be successful while reducing the risk of becoming a victim to a common attack.

The 2023 Elastic Global Threat Report is a summary of more than a billion data points distilled down to a small number of distinct categories. We describe the tools, tactics, and procedures of threats from the perspective of endpoints and cloud infrastructure — the most common enterprise attack surfaces — so readers with varying priorities can determine the best course of action to take next.

The United Kingdom’s National Cyber Security Centre (NCSC) found that cyberattacks against sports organizations are increasingly common, with 70% of those surveyed experiencing at least one attack per year, significantly higher than the average across businesses in the United Kingdom. In this edition we offer first hand learnings about how threat actors assess and infiltrate these environments across venues, teams, and critical infrastructure around the event itself.

The ninth annual ISACA global State of Cybersecurity Survey continues to identify current challenges and trends in the cybersecurity field. For the second consecutive year, ISACA fielded questions to gain deeper insight into persistent issues in cybersecurity workforce skill sets and staffing for entry-level positions. The State of Cybersecurity 2023 report analyzes the survey results on cybersecurity skills and staffing, resources, cyberthreats and cybersecurity maturity.

Application Programming Interfaces (APIs) have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has proliferated, however, the importance of properly securing APIs is also becoming increasingly evident. API-related hacks and data breaches have impacted companies across nearly all sectors and geographies, resulting in skyrocketing remediation and legal costs for companies.

Today’s apps are multifunctional, combining communication, collaboration, and commerce. The fragmentation of mobile devices, cloud computing, and third-party components and services have changed how apps store, transmit, and process data. As a result, sensitive information is at risk thanks to the expansion of the attack surface and the rapid evolution of threats.

Quadrant Knowledge Solutions’ ‘SPARK MatrixTM: DDoS Mitigation, 2023’ research includes a detailed analysis of the global market regarding short-term and long-term growth opportunities, emerging technology trends, market trends, and future market outlook. This research provides strategic information - for technology vendors to better understand the existing market, support their growth strategies, and for users to evaluate different vendors’ capabilities, competitive differentiation, and market position.

The 2023 Board Perspective report shines a light on how boards are managing this evolving landscape. Our annual survey reveals the beliefs, experiences and insights of 650 board members across the globe. We analyzed their responses to get a boardroom perspective of the threat landscape, the role of the CISO and the broader world of cybersecurity. We also compared the results with CISOs surveyed in our 2023 Voice of the CISO report. Pairing the surveys helps provide a more complete picture of where CISOs and their boards are on the same page—and opportunities for better alignment.

With security threats putting everything from personal information to critical infrastructure at risk, and with the incidence of ransomware attacks and other data breaches increasing, the 2023 RSA ID IQ Report provides cybersecurity professionals with insights into users’ understanding and behavior. By reviewing users’ answers on the identity components needed to develop a zero trust framework, multi-factor authentication, the vulnerability of mobile devices, and other cybersecurity threats, leaders can prioritize actions and implement best practices to keep their organizations secure.

This 2023 Ransomware Report presents insights gathered from a survey of 435 cybersecurity professionals, shedding light on organizations’ preparedness and approaches to combating ransomware. The report identifies gaps and obstacles that hinder robust security posture, and outlines strategies for prevention and remediation of ransomware attacks.