This research aims to equip cloud security professionals, DevOps, DevSecOps, CISOs, and development leaders with valuable insights and practical recommendations for safeguarding their cloud environments, and in doing so, help to secure the cloud for everyone. In some ways, our study confirmed what is already widely known: attackers are constantly scanning the Internet for lucrative opportunities.

This report was compiled by analyzing data captured from billions of cloud assets on AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud scanned by the Orca Cloud Security Platform. Leveraging unique insights into current and emerging cloud risks captured from the Orca Cloud Security Platform, this report reveals the most commonly found, yet dangerous, cloud security risks.

This iteration of the Google Cloud Threat Horizons Report provides a forward-thinking view of cloud security with intelligence on emerging threats and actionable recommendations from Google’s security experts. This report explores top cloud threats and security concerns for 2024, including credential abuse, crypto-mining, ransomware, and data theft.

The Workplace Identity Security Trends and Challenges report investigates the identity security landscape and challenges facing organizations today. The research finds that many struggle to build an integrated and comprehensive identity security strategy, relying on disconnected tools and practices that create inefficiencies and leave organizations seriously vulnerable to attacks and breaches.

Marking its fourth year of publication, the Red Report 2024 provides a critical dive into the evolving threat landscape, presenting a detailed analysis of adversaries’ most prevalent tactics, techniques, and procedures (TTPs) used throughout the past year. Conducted by Picus Labs, this annual study examines over 600,000 malware samples and assesses more than 7 million instances of MITRE ATT&CK techniques. It gives security teams invaluable insights into the techniques that pose the most critical cyber risk to organizations.

In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations remain consistent with prior years, there were some surprising takeaways, including a shift in the most impactful threats. The most widespread threat to WordPress security in 2023 was Cross-Site Scripting, as techniques for taking over websites by adding malicious administrators and backdoors have become mainstream.

This report is broken into four different threat types: identity, cloud, computer-based, and phishing. Keep in mind, though, that these threats are tightly related. Compromise of user identities can occur through phishing and can impact an organization’s cloud assets and endpoints, or malicious activity on an endpoint may be indicative of an exploited vulnerability. We’ll highlight that interconnectivity throughout.

The Cyber Security Report (formerly Cyber Threat Report) is an annual analysis of the current cyber threat landscape based on real-world data collected and studied by Hornet security’s dedicated Security Lab team. Hornet security processes more than two billion emails every month. By analyzing the threats identified in these communications, combined with a detailed knowledge of the wider threat landscape, the Security Lab reveals major trends and can make informed projections for the future of Microsoft 365 security threats, enabling businesses to act accordingly. Those findings and data are contained within this report.

The Hiscox Cyber Readiness Report 2023 reveals that small business owners are getting smarter, but so are cyber criminals. Although 63% of small businesses in the US are cyber intermediates and 4% are cyber experts, almost half (41%) experienced at least one cyber-attack during the past year. The report surveyed over 5,000 professionals responsible for their company’s cyber security strategy from the US, UK, France, Germany, Spain, Belgium, Republic of Ireland, and The Netherlands, including more than 500 US small business professionals.

COVID-19 has dramatically changed the workplace and has created new cybersecurity risks and exacerbated existing risks. The purpose of this research, sponsored by Keeper Security, is to understand the new challenges organizations face in preventing, detecting and containing cybersecurity attacks in what is often referred to as “the new normal”. All respondents in this research are in organizations that have furloughed or directed their employees to telework because of COVID-19.

In this report, CybSafe and The National Security Alliance surveyed over 6,000 people across the United States, Canada, the United Kingdom, Germany, France, and New Zealand to get a better understanding of the security behaviors and attitudes. They asked the people about their knowledge of cybersecurity risks, their security best practices, and challenges they face in staying safe online. Cybercriminals know if they want to target an organization, they need to target its people. They believe this report will help organizations to better protect themselves and their people.

The purpose of this report is to assess and summarize the current threat landscape facing organizations as a result of the digital identities that they issue to legitimate users. We called this report “The Unpatchables” because digital identities represent a source of technical risk that is impossible to completely mitigate even in theory.

The 2023 SANS Security Awareness Report analyzes data provided by nearly two-thousand security awareness professionals from around the world to identify and benchmark how organizations are managing their human risk. This data-driven report provides actionable steps and resources to enable organizations at any stage of their Awareness program to mature said programs and benchmark them against others.

With security threats putting everything from personal information to critical infrastructure at risk, and with the incidence of ransomware attacks and other data breaches increasing, the 2023 RSA ID IQ Report provides cybersecurity professionals with insights into users’ understanding and behavior. By reviewing users’ answers on the identity components needed to develop a zero trust framework, multi-factor authentication, the vulnerability of mobile devices, and other cybersecurity threats, leaders can prioritize actions and implement best practices to keep their organizations secure.

Our new report examines how the interplay of all these factors will result in increased attacker opportunity. Indeed, as adversaries embrace artificial intelligence (AI) to enhance and scale their identity based attacks, security teams are being asked to do more with less as budget cuts widen existing skills and resource gaps.

For this year’s report, we have incorporated additional data from previous years to provide an enhanced view of the present threat climate. Additionally, given the prevalence of internal compromises over external, we chose to focus the bulk of our analysis on internal attack vectors, and then compared this data to maturity scores.

This paper aims to provide a high-level overview of the implications of ChatGPT in the cybersecurity industry, without delving into the granular details of artificial intelligence. We will explore the key concepts and domains that are crucial for understanding ChatGPT’s capabilities, as well as the potential impact on businesses.

In this 2023 Mid-Year Horizon Report, we delve into the significant cybersecurity issues that are affecting the healthcare industry. We cover topics such as emerging data theft tactics, the use of risk-based identity alerting to strengthen security, and the potential impact of using ChatGPT on healthcare data security.

This report shares detailed insights and data on the breaches impacting consumers in 2020 and provides year-over-year comparisons to breaches affecting consumers in the U.S. in 2019. It clearly demonstrates the need for organizations to adopt a comprehensive identity and access management (IAM) solution to help prevent identity-related data breaches, protect their brands, and preserve customer relationships.

Our report focuses on confirmed breaches in which confidential data is exposed and/or stolen. A confirmed breach can refer to a single record being stolen — and such a breach must be analyzed and remediated to determine the source — but because most breaches are financially driven, attackers target large caches of data that they can hold for ransom or sell on the dark web.

This report focuses on confirmed breaches in which confidential data has been exposed and/or stolen, ranging from very small breaches to large caches of data that provide financial incentives to hackers to hold for ransom, sell on the dark web, or both. . Many breaches that occurred as a result of third parties (vendors, suppliers, contractors, or other organizations) were researched to determine the root causes.