The Internet of Things: A New Era of Third Party Risk was sponsored by Shared Assessments and conducted by Ponemon Institute to understand organizations’ level of awareness and preparedness for the upcoming enterprise IoT wave. We hope the research findings will help organizations address the risks associated with the proliferation of IoT devices. We surveyed 553 individuals who have a role in the risk management process and are familiar with the use of IoT devices in their organizations.

Welcome to the Monthly Threat Roundup report for November 2017. At Paladion CTAC we continuously track the emerging threats and vulnerabilities and provide you timely actionable intelligence to stay safe. We provide machine-readable intelligence in the form of IOCs, which can be directly integrated with your security devices. We also provide advisories on how you can prevent, detect and respond to latest attacker techniques. This report summarises the key findings of the stated month. It also contains insights related to threats and incidents that we have analysed.

This third edition of the Hacker’s Playbook Findings Report continues in the tradition of reporting enterprise security trends from the point of view of an attacker. The findings represent anonymized data from many millions of SafeBreach breach methods executed within real production environments. This edition includes existing Hacker’s Playbook Findings Report data and new data from deployments between January 2017 and November 2017, with a combination of over 3,400 total breach methods and almost 11.5 million simulations completed. This report reflects which attacks are blocked, which are successful, and key trends and findings based on actual security controller effectiveness.

This report offers insights into why a CSIRT is crucial in today’s world. It provides some helpful tips and steps that can improve any organization’s response team.

NopSec has pioneered the research, measurement, and analytics of vulnerability threats since 2013. Its annual State of Vulnerability Risk Management reports are widely used and cited in the cybersecurity industry for its insights and actionable information. As presented in this report, vulnerability threats are ever more expanding and evolving, and NopSec is once again leading the research for new ways to expose these threats and protect valuable assets from getting compromised.

3rd-party (aka supply-chain) cyber attacks were one of the main reasons for major data breaches in 2018. Here is a recap of 3rd-party data breaches that hit the news in 2018

Phishing domains pose a significant cyber risk for major airlines. Learn how many phishing domains for major airlines there are and how to find them.

This report takes a look at the risk involved with third party cybersecurity issues.

MuleSoft commissioned independent market research company Vanson Bourne to survey 650 IT leaders from global enterprises to discover: › What is the state of today’s digital transformation initiatives? › How is the role of IT evolving in the customer-centric era? › What are the top challenges IT organizations face? › Which strategies are enterprises adopting to get ahead of the market?

According to IDC’s 2018 Data Services for Hybrid Cloud Survey: » 65% of enterprise IT security, line-of-business IT, and data management specialists cited a medium to robust digital rights management deployment in their organization. » Organizations are struggling to secure data across multi-cloud and hybrid environments. More than 37% of survey respondents indicated that the growing complexity of security solutions is a significant challenge that often impedes data governance policy enforcement.

The HIMSS Media survey, Cloud Security Insights, sponsored by the Center for Connected Medicine, sought to better understand attitudes and perceptions about cloud security among hospitals and health systems. It’s findings: among the IT, cybersecurity and informatics professionals surveyed, more than half cited cybersecurity concerns as “significantly limiting” their use of cloud services.

This report analyzes many of the cyber security situations from 2018 and offers some predictions for 2019.

To better understand what government employees know (and don’t know) about data privacy and cybersecurity awareness, we surveyed 1,016 U.S.- based employees who work for local, state, and federal government entities. We then compared the results against a broader sample of employed U.S. adults that took the same survey, the results of which we featured in our 2017 State of Privacy and Security Awareness report.

Law firm Clyde & Co and risk analytics platform Corax have collaborated to bring you a joint white paper identifying the key drivers of frequency and cost for cyber insurance claims. This paper moves beyond major breaches to examine the day to day breaches that most businesses are experiencing. Unlike other breach reports, this paper tracks each invoiced cost or loss amount associated with a covered breach event. Anonymized data was sourced from 321 data breach events where Clyde & Co acted as monitoring counsel for cyber insurer clients. The breach events were reported to insurers between 2014 and 2015. Files were selected randomly.

“It’s difficult to make forecasts, especially about the future,” mused movie mogul, Samuel Goldwyn. With the rapid changes in digital transformation, 2019 is likely to surprise us in significant ways. But one thing is certain: IT predictions for 2019 will include swift expansion into the cloud and solutions for the myriad challenges of providing security, compliance and business continuance across the growing on premise and cloud estates.

From the report, “For years, the Finance industry has been a trailblazer in managing the risk posed by vendors, suppliers, and business partners. As we have also detailed in previous BitSight Insights reports2 over the last four years, this industry has maintained a strong security posture in comparison to others. Given that the Finance industry is a leader in managing third-party cyber risk, how secure is their supply chain, and where do weak links lie? Are the companies in their supply chain meeting the same security standards they hold for their own organization? These questions are relevant not only for Finance organizations, but for all organizations that need to reduce third-party cyber risk. To answer these questions, BitSight researchers looked at the security performance of more than 5,200 Legal, Technology, and Business Services global organizations whose security ratings are tracked and monitored by hundreds of Finance firms using the BitSight Security Rating platform. The organizations across these industries represent a set of critical vendors and business partners in Finance’s supply chain, consisting of: legal organizations, accounting and human resources firms, management consulting and outsourcing firms, and information technology and software providers.”

In the last two years, businesses and governments have seen data breaches like Equifax and Marriott impact 100s of millions of accounts each, as well as critical intellectual property (IP) and core operations. A global survey of 600+ cybersecurity leaders and professionals by Ponemon Institute shows that 67% of organizations are not confident that they can avoid a data breach, and what the primary security and IT challenges that are causing this. The survey also provides fundamental recommendations that can reduce breach risk through innovating and improving a vulnerability management program.

Nominet commissioned Osterman Research to conduct a survey of 408 CISOs overseeing security for organisations with a mean average of 8,942 employees. This comprises 207 companies in the USA and 201 companies in the UK, spread across a range of sectors. The objective was to collect and analyse a large enough dataset to make valid conclusions into the opinions, behaviours and mindset of those making cyber security decisions at large organisations.

This survey, conducted by Forrester Consulting on behalf of BitSight, offers insight in to the critical role that Vendors play in key business functions and how they can create security risks and issues.

From the report, “A growing list of contractors and subcontractors have disclosed that they have been victims of data breaches resulting in the compromise of sensitive government information. In response, U.S. federal agencies have or are considering expanding cybersecurity requirements for their contractor base and adopting best practices for evaluating and monitoring those entities. In a recent study, BitSight found a large gap in the security posture between financial organizations and their third parties. This BitSight Insights report explores a similar question: what is the cybersecurity performance of U.S. federal contractors, and how does that compare to the performance of U.S. federal agencies?”

A review of the observed (externally facing) security practices of the Fortune 1000 firms.