This report focuses on confirmed breaches in which confidential data has been exposed and/or stolen, ranging from very small breaches to large caches of data that provide financial incentives to hackers to hold for ransom, sell on the dark web, or both. . Many breaches that occurred as a result of third parties (vendors, suppliers, contractors, or other organizations) were researched to determine the root causes.

This Insider Risk Investigations Report highlights the expertise of our team, who has been providing insights from real hands-on investigations since 2017. As always, we are pleased to present our findings in the spirit of sharing these insights as we work towards building greater resilience from insider risk for our customers.

In this data-driven report, based on our scanning of over 200,000 cloud accounts, including more than 30% of the Fortune 100 environments, we analyze the latest industry trends and developments, presenting a factual and data-based assessment of the current state and progression of cloud technology. We examine how the cloud has evolved over the past year and attempt to shed light on some of the complexity of cloud environments, including aspects such as organizational usage of multi-cloud and both managed and non-managed services.

In this first-ever SCAR report, we analyzed over 370 million cyber assets, findings, and policies across almost 1,300 organizations to better understand today’s cyber asset landscape. The data in this report helps security operations, engineers, practitioners and leaders understand cyber assets, liabilities, attack surfaces, and there relationships to each other in the modern enterprise.

In the 2023 State of Cyber Assets Report (SCAR), we analyzed over 291 million cyber assets and attributes across organizations of all sizes. These findings will help you to understand how security teams discover cyber assets, understand asset relationships, and secure their attack surfaces.

This report aims to take a look at the times when things did not work as intended—not to point fingers but to help us all learn and improve. In a time where almost everyone, corporations and individuals alike, is looking at ways to do more with less, we believe a close analysis of when our defenses failed can be very beneficial. While times of great change are always challenging, they often also prompt us to take stock of our situation and, if necessary, refocus both our viewpoint and our energies. Such is the case with the DBIR this year. As a team, we decided to take a step back toward the fundamental things that got us where we are, an intense focus on actual data breaches analyzed using our own VERIS Framework. And speaking of VERIS, one of the new goodies this refocusing brings is an even better mapping between VERIS and MITRE ATT&CK through a collaboration with MITRE Ingenuity and the Center for Threat Informed Defense (CTID).

This report is different in that we’re focusing on explicit relationships that are manually configured by organizations using RiskRecon’s platform. In other words, we’re examining curated portfolios of vendors and suppliers tracked as part of organizations’ third-party risk management program. We started with a dataset extracted from RiskRecon’s platform consisting of over 100,000 primary organizations and more than 300,000 monitored third-party relationships. We’re focusing on direct relationships in this report, but the data supports the analysis of indirect (fourth- to nth-party) relationships.

In this latest edition of the Invicti AppSec Indicator, we asked development and security practitioners how they deal with all the excess AppSec noise in the face of relentless pressure to deliver business-critical software on time without compromising security.

In our bi-annual AppSec Indicator report, we uncover insights and trends to guide best practices in vulnerability identification and remediation. For this year’s Spring edition of the Invicti AppSec Indicator, we analyzed data from 1.7 million scans conducted by the 1,700 customers that use our cloud dynamic application security testing (DAST) offering, representing approximately half of our entire customer base.

The basis of this report is the Zscaler ThreatLabz research team’s analysis of nearly 6 billion data loss policy violations from November 2021 through July 2022. We’ll look at what and how enterprise data is being shared, where it’s going, which malicious actors are targeting it, and how you can improve your datasharing hygiene so as to mitigate risk without stifling productivity.

This report will help you recognize the social engineering tactics and sophisticated coding used in phishing attacks, so you can prevent costly data breaches. Read on for an in-depth look at the latest phishing trends and observations the ThreatLabz team collected throughout the past year, and get best practices for safeguarding your organization against ever-evolving phishing techniques.

Dragos is excited to present the fifth year of the annual Dragos Year In Review report on Industrial Control System (ICS)/Operational Technology (OT) cyber threats, vulnerabilities, assessments, and incident response observations. This report captures how a portion of the industrial community is performing and progressing, and highlights the areas that need improvement to provide safe, reliable operations into 2022 and beyond.

This research was conducted to understand the challenges and issues facing businesses worldwide when it comes to escalating cyberattacks. It identifies trends in hacking and malicious attacks, and the financial and repetitional impact breaches had in what has been an unprecedented year. It examines organizations’ plans for securing new technology, adopting a cloud-first security strategy, and dealing with the complexity of the current cybersecurity management environment.

FortiGuard Labs experts leverage Fortinet’s large global footprint to continually monitor the threat landscape and the major geopolitical events that influence it. This report presents findings and insights from six months of intense research, with recommendations for leaders and practitioners to better prepare and protect your organization.

In this threat intelligence spotlight report, eSentire’s Threat Response Unit (TRU) provides a threat analysis of the most common cyber threat detected across our global legal customer base.

This 2023 Cloud Security Report surveyed 752 cybersecurity professionals to reveal key challenges and priorities. In 2023, the cloud is fundamentally delivering on its promised business outcomes, including flexible capacity and scalability, increased agility, improved availability, and accelerated deployment and provisioning.

This report describes threat phenomena, trends, and recommendations we believe will help organizations prepare for the future. Elastic discloses malware research, attack patterns, and clusters of malicious activity to the community -summarized in this inaugural report. Throughout this report, we observe that financially motivated threats are the most active, and the groups responsible for them are acting with increasing speed.

This report aims to demonstrate the state of full stack security based on thousands of full stack assessments globally, delivered by the Edgescan SaaS during 2019. This report is still a joy to do as it gives decent insight into what’s going on from a trends and statistics perspective and overall state of cyber security. This report provides a glimpse of a global snapshot across dozens of industry verticals how to prioritize on what is important, as not all vulnerabilities are equal.

The Edgescan report has become a reliable source for truly representing the global state of cyber security vulnerability management. This is becoming more evident as our unique dataset is now also part of other annual security analysis reports, such as the Verizon DBIR (we are happy contributors for many years now). This year we examined vulnerability metrics from a known vulnerability (CVE), Malware, Ransomware and visibility standpoint (exposed services), coupling both internal and public Internet-facing systems. We also take a look at how quick we are fixing various vulnerabilities based on risk.

The report outlines the most significant identity attacks of 2022, the weaknesses of MFA, and the IAM hygiene issues that are increasing identity attack surfaces. This report analyzed user data, login information, and information from identity providers including Okta, Azure Active Directory, Duo, and Auth0. In total, the analysis covers more than 500,000 identities from organizations with 1,000+ employees.

This report, the result of a collective effort of Black Kite Researchers, focuses on what has changed in 2022, for better or for worse, compared to 2021. It highlights some of the lessons of past years and those still being learned within the changing cyber landscape. For this study, Black Kite Research analyzed 63 individual third party incidents, which ultimately resulted in more than 298 publicly-disclosed headline breaches and data leaks during the past year. These events inevitably caused thousands of other ripple-effect breaches throughout 2022. The report finalizes the lessons learned and relevant recommendations for the future.