This is Redspin’s 6th annual Breach Report: Protected Health Information (PHI). At the conclusion of each year, they analyze the complete statistical data set of large breaches that have been reported to HHS. In the report, they assess the overall effectiveness of the current policies and controls designed to safeguard PHI. In 2105, they identify significant trends and draw attention to the specific areas most in need of improvement. They then offer Redspin’s recommendations for preventive measures and corrective actions to address any critical gaps or weaknesses. Their goal is to help the healthcare industry continually improve its ability to protect patient information.

This report is based on a study done in 2017 to analyze security issues in CakePHP.

This report includes research on the evolving state of cloud security.

This whitepaper discusses the disconnects that have emerged between cybersecurity threats and organizations’ contermeasures.

This paper presents the Testimony of Lillian Ablon before the Committee on Financial Services Subcommittee on Terrorism and Illicit Finance United States House of Representatives on March 15, 2018

This report was based on 10 in-depth interviews and an additional online survey with 545 senior executives worldwide across multiple industries and geographies. The survey was fielded through July and August 2016. The scope of the research covers perceptions of and experiences with cyber and security risk.

This monthly threat report takes a look at the month of April 2018. Specifically it looks at Ransomware and Cryptojacking battling for top threat spot, Russia Nation-State targeting network infrastructure, and supply chain attacks.

This Health Care Cyber Research Report for 2017 shares very recent research on cyberattacker activity in 2017 and the virtual explosion in the reported use of ransomware in attacking health care institutions. 2017 has been a very challenging year for health care institutions. They remain under sustained attack by cyberattackers that continue to target their networks through the use of well understood vulnerabilities.

To better understand how security issues, such as privileged access management (PAM), affect the adoption of next-generation technologies, BeyondTrust – the leader in PAM – commissioned the 2018 Implications of Using Privileged Access Management to Enable Next-Generation Technology survey. The results are a wake-up call for anyone looking to leverage these next-generation technologies.

This report is based on the findings of a collaborative survey that was designed to gain insight into the current state and ongoing trends in information security and cyber liability risk management. The survey was completed at least in part by 448 respondants which included risk managers, insurance buyers, and other risk professionals.

This blog post discusse the issues surrounding business data security, and provides some steps that can be taken to improve the situation.

From the report, “For our M-Trends® 2017 report, we took a look at the incidents we investigated last year and provided a global and regional (the Americas, Asia Pacific (APAC) and Europe, Middle East, Africa (EMEA)) analysis focused on attack trends and defensive and emerging trends. For the second consecutive year, we have included insights from our FireEye as a Service (FaaS) teams. FaaS monitors organizations 24/7, which gives them a unique perspective into the current threat landscape. Additionally, this year we partnered with law firm DLA Piper for a discussion of the upcoming changes in EMEA data protection laws.”

A breakdown of the data, and types of, cyber attacks that occurred in the first quarter of 2015.

This report from June 2016 takes a look at a variety of threat events, and provides insight and solutions for those issues.

In this report, they review the state of cyber attribution and they consider alternative mechanisms for producing standardized and transparent attribution that may overcome concerns about credibility. In particular, this exploratory work considers the value of an indepen- dent, global organization whose mission consists of investigating and publicly attributing major cyber attacks.

This paper discusses the important new rules in the DFARS cyber clause. It seeks to help organizations by revealing key steps to becoming compliant.

This report will provide insights about the depth and breadth of fraud activity across a variety of industries from a data set of more than half a billion calls.

This paper takes a look at how automating email security can create better security for an organization.

From the report, “This research will present some general trends in cybercrime, as well as indicating the potential global cost of malicious software use. It will discuss specific threats to financial and device-based businesses, as well as providing analyses of the current and future trends in cybercriminal activity, alongside general advice on how to prevent and/or minimise the impact of cybercrime.”

This report offers helpful insight into preparing for compliance with NIST-800-171.

This Threat Report takes a look at some of the events of mid 2017. Specifically, it looks at the use of social platforms to target victims, espionage that targets law firms, weakness in business processes, and phishing.