Ponemon Institute is pleased to present the results of The 2018 State of Cybersecurity in Small and Medium Size Businesses sponsored by Keeper Security. The goal of this study is to track how small and medium size companies address the same threats faced by larger companies. This report features the findings from 2018 and 2017.

We live in a new era of network attacks. Increasing frequency and varieties, together with the latest regulations which have global impact, makes 2018 the most important year in recent times for public and private sector organizations.

The eighth edition of the NetDiligence® Cyber Claims Study offers insights for business innovation. In the same way that a business gains operational perspective by going through an audit, both the insurer and the insured can use the findings of this research to inform decision making and risk management.

Since 2015, LexisNexis Risk Solutions has administered an annual study to determine the extent to which fraud cases span multiple industries. The national online survey included 800 fraud mitigation professionals from five industry segments and government with oversight or direct involvement in fraud programs at their organizations. It has a margin of error of +/- three points (at the 95% confidence level), and LexisNexis was not identified as the research sponsor.

Data breaches have become a risk to every law firm throughout the world regardless of the number of attorneys, revenues or practice areas. The Law Firm Cybersecurity Scorecard is developed by LOGICFORCE and published regularly to educate the legal industry on the current state of cybersecurity preparedness.

Between April and July 2018, Fidelis conducted a study of 582 security professionals to evaluate the adoption of threat hunting practices and overall security posture strengths and weaknesses.

This report takes a deep look at the economics of Cybercrime.

From the Report, “Through analysis of billions of anonymized cloud events across a broad set of enterprise organizations*, we can determine the current state of how the cloud is truly being used, and where our risk lies. Consider that nearly a quarter of data in the cloud is sensitive, and that sharing of sensitive data in the cloud has increased 53% year-over-year. If we don’t appropriately control access and protect our data from threats, we put our enterprises at risk.”

Historically, the annual Most Wired research has focused on measuring adoption of healthcare information technology to highlight those organizations with the broadest, deepest IT infrastructure. With the ever-growing need to improve healthcare, the research now adds a new emphasis on measuring key areas that can help advance the industry as well as on gathering information about organizations’ technology strategies (which include not just technology adoption but also the refinement of processes and the development of people). With this new focus, this year’s research and future Most Wired research can help identify gaps in healthcare organizations’ technology adoption and strategies and highlight areas in which the industry has opportunities to make progress.

This year’s Risk:Value Report from NTT Security shows that there is still a lot of work to do. It crystallizes in one shocking statistic: one-third of companies would rather pay a hacker’s ransom than invest in information security. Many organizations are still stuck in a reactive mindset when it comes to security.

In August 2018 CipherCloud completed a survey of key customers and cloud users that included responses from hundreds of enterprise corporations. This survey was designed to identify the key business drivers that were compelling to these users as justification for the protection of cloud data.

In recent months, Beazley Breach Response (BBR) Services has seen the number of reported ransomware incidents climb again. The varieties of ransomware and the differing technical abilities of the criminals make effective response especially challenging. Breach response services, such as forensics and legal counsel, are often necessary in ransomware attacks to determine the attack vector and level of access obtained by the attacker. If the attacker accessed or exfiltrated personally identifiable information or protected health information, notification to affected individuals may be required by law.

The first edition of the “State of Cybersecurity report” was well received by customers, industry analysts and cybersecurity professionals. The 2018 edition of the Report maintains the same unique structure to build on the first edition’s ethos and bring in new viewpoints and findings. The rest of this section is reproduced from last year’s report for the benefit of first-time readers.

In the 2019 Forcepoint Cybersecurity Predictions Report, we explore the impact of businesses putting their trust in cloud providers to protect their data, the impact of end-user trust in those securing personal biometric data, the cascading of trust into the supply chain to protect any critical data in their custodianship, and trust in algorithms and analytics successfully piloting automobiles and alerting security professionals to potential data loss incidents.

This report outlines key findings from the 2017 KPMG/Forbes Insights CyberSecurity Survey of 100 senior executives from the healthcare field. [One-hundred senior life sciences executives were surveyed as well.] The findings indicate that companies are elevating cyber security to a strategic imperative but at a pace that lags behind their desire to adopt digital technologies to drive innovation. To illustrate, we take a look at the current and desired states of cyber security in healthcare through the lenses of data sharing, vendor management, and medical device implementation. We conclude with our guidance on where organizations should be focusing their efforts.

This special report provides information related to the Harbinger of a U.S. National Data Protection Law.

In this report, they provide an overview of current vulnerability disclosure trends and insights into real-world vulnerability demographics in enterprise environments. they analyze vulnerability prevalence in the wild, based on the number of affected enterprises, to highlight vulnerabilities that security practitioners are dealing with in practice - not just in theory.

This report examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy. Cyber threats are ever-evolving and may come from sophisticated adversaries. Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate. Importantly, cyberattacks and cyber theft impose externalities that may lead to rational underinvestment in cybersecurity by the private sectorrelative to the socially optimal level of investment. Firms in critical infrastructure sectors may generate especially large negative spillover effects to the wider economy. Insufficient data may impair cybersecurity efforts. Successful protection against cyber threats requires cooperation across firms and between private and public sectors.

The Third-Party Security Risk Management Playbook (Playbook) is the definitive study of third-party security risk management practices. Based on in-depth interviews of risk executives from 30 domestic and global firms, it reveals the real-world capabilities and practices employed to manage third-party cyber risk, distilled into 14 capabilities with 72 common, emerging, and pioneering practices.

This post discusses the reports of open-source developers receiving malicious emails.

The investigation of a massive cyber espionage APT (Advanced Persistent Threat) became a game of one-upmanship between attackers and defenders. Dubbed Operation Cobalt Kitty, the APT targeted a global corporation based in Asia with the goal of stealing proprietary business information. The threat actor targeted the company’s top-level management by using sophisticated spear-phishing attacks as the initial penetration vector, ultimately compromising the computers of vice presidents, senior directors and other key personnel in the operational departments. During Operation Cobalt Kitty, the attackers compromised more than 40 PCs and servers, including the domain controller, file servers, Web application server and database server.