In this report, we explore the big names in ransomware, the most frequently targeted sectors, trends in data exfiltration, and which malware and tools are leveraged by ransomware operators. This data creates insights into how organizations can better protect their environments from cyberattacks. The 2023 threat landscape was characterized by a combination of mainstay threat actors and new or reemerging groups. While top variants continue evolving to maintain dominance, the widespread impact of newer groups demonstrates the constant evolution of today’s threats and the need for adaptable defenses and increased cyber resilience.

In this year’s report, 500 U.S.-based ITOps professionals express how automation increases their IT agility –reducing costs and enhancing endpoint management capabilities. The report also reveals that less than half (44%) of organizations have high ITOps agility, with the most agile showing mature uses of AI and workflow automation tools.

The 10th annual Imperva Bad Bot Report is a threat research report that analyzes and investigates the automated attacks occurring daily, sneaking past traditional detection methods and wreaking havoc on the internet. It is based on data collected from the company’s global network throughout 2022, which includes 6 trillion blocked bad bot requests, anonymized across thousands of domains. . In addition, this report offers meaningful information and guidance about the nature and impact of bots to help organizations better understand the potential risks of bot traffic when not properly managed.

In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations remain consistent with prior years, there were some surprising takeaways, including a shift in the most impactful threats. The most widespread threat to WordPress security in 2023 was Cross-Site Scripting, as techniques for taking over websites by adding malicious administrators and backdoors have become mainstream.

In our 11th annual Data Breach Industry Forecast, we looked more broadly than ever before at trends and data on a global scale as data breaches have no borders. This, along with the fact that nationstate-sponsored gangs and attacks are becoming increasingly more strategic and purposeful due to political conflicts or interests, made it fitting to expand our lens. Our predictions come from Experian’s long history of helping companies navigate breaches over the past 21 years. Here’s where we expect to see some hard to believe, but possible developments in the world of data security incidents in 2024.

While third-party risk management is a well-established practice, it’s also continuously evolving. Organizations of all sizes and industries must continually adapt and change to effectively identify, assess, manage, and monitor third-party risks. By analyzing the third-party risk management landscape and practices captured in our survey, organizations can see where they stand compared to their peers and consider that information as they prepare and implement changes this year and beyond.

The healthcare sector is particularly vulnerable to cybersecurity risks and the stakes for patient care and safety are particularly high. Healthcare facilities are attractive targets for cyber criminals in light of their size, technological dependence, sensitive data, and unique vulnerability to disruptions. And cyber incidents in healthcare are on the rise.

CompTIA’s 2024 State of Cybersecurity report explores the many variables that must be considered in balancing the cybersecurity equation. As cybersecurity becomes a critical business imperative, every process must be scrutinized for potential vulnerabilities. This practice of risk analysis then drives decisions around workflow, skill-building and technology implementation. With technology trends evolving and attack patterns changing, true equilibrium is impossible to achieve. The balancing act is a full-time job.

COVID-19 has dramatically changed the workplace and has created new cybersecurity risks and exacerbated existing risks. The purpose of this research, sponsored by Keeper Security, is to understand the new challenges organizations face in preventing, detecting and containing cybersecurity attacks in what is often referred to as “the new normal”. All respondents in this research are in organizations that have furloughed or directed their employees to telework because of COVID-19.

In this report, we’ll discuss three automotive-related cybersecurity emerging risks we’ve identified in 2023, arising from the rapid proliferation of SDVs. Growth in backend attacks allowing access to sensitive vehicle data and controls, the ever-evolving SBOM and the critical role it plays in enhancing automotive threat intelligence and cyber are on the rise in the agriculture, construction, and heavy machinery industries that fare fast to adopt software-defined and autonomous capabilities.

The 2023 State of Web Application Security Report investigates the evolving security practices, tools, and technologies employed by organizations worldwide to enhance file upload security. 97% of survey participants reported using containers in environments that host web applications. Additionally, web applications that accept file uploads are increasingly being hosted on cloud-based platforms, including both Infrastructure as a Service (IaaS) and Software as a Service (SaaS) solutions

This report is sponsored by RiskRecon, a Mastercard Company and conducted by Ponemon Institute, 1,162 IT and IT security professionals in North America and Western Europe were surveyed. All participants in the research are familiar with their organizations’ approach to managing data risks created through outsourcing. Sixty percent of respondents said the number of cybersecurity incidents involving third parties have increased.

This report covers the threat landscape, as encountered by our sensors and analysts in the first half of 2023. General malware data presented in the report is gathered from January–May of this year, and reflects threats targeting endpoints that we observed in these months. The report represents a global outlook and is based on over 1,000,000 unique endpoints distributed around the world. Most of the statistics discussed focus on threats for Windows operating systems, as these are much more prevalent then those targeting macOS and Linux.

The 2023 Comcast Business Cybersecurity Threat Report was developed to help technology and security leaders get a deeper understanding of trends in cybersecurity threats—and the steps they can take to help protect their organizations from an evolving set of threats. Our goal is to provide insights from billions of threat data points and context around common ways that cybersecurity attacks arise and unfold.

The United Kingdom’s National Cyber Security Centre (NCSC) found that cyberattacks against sports organizations are increasingly common, with 70% of those surveyed experiencing at least one attack per year, significantly higher than the average across businesses in the United Kingdom. In this edition we offer first hand learnings about how threat actors assess and infiltrate these environments across venues, teams, and critical infrastructure around the event itself.

The ninth annual ISACA global State of Cybersecurity Survey continues to identify current challenges and trends in the cybersecurity field. For the second consecutive year, ISACA fielded questions to gain deeper insight into persistent issues in cybersecurity workforce skill sets and staffing for entry-level positions. The State of Cybersecurity 2023 report analyzes the survey results on cybersecurity skills and staffing, resources, cyberthreats and cybersecurity maturity.

Application Programming Interfaces (APIs) have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has proliferated, however, the importance of properly securing APIs is also becoming increasingly evident. API-related hacks and data breaches have impacted companies across nearly all sectors and geographies, resulting in skyrocketing remediation and legal costs for companies.

The 2023 Board Perspective report shines a light on how boards are managing this evolving landscape. Our annual survey reveals the beliefs, experiences and insights of 650 board members across the globe. We analyzed their responses to get a boardroom perspective of the threat landscape, the role of the CISO and the broader world of cybersecurity. We also compared the results with CISOs surveyed in our 2023 Voice of the CISO report. Pairing the surveys helps provide a more complete picture of where CISOs and their boards are on the same page—and opportunities for better alignment.

With security threats putting everything from personal information to critical infrastructure at risk, and with the incidence of ransomware attacks and other data breaches increasing, the 2023 RSA ID IQ Report provides cybersecurity professionals with insights into users’ understanding and behavior. By reviewing users’ answers on the identity components needed to develop a zero trust framework, multi-factor authentication, the vulnerability of mobile devices, and other cybersecurity threats, leaders can prioritize actions and implement best practices to keep their organizations secure.

As the third annual study of Data Protection Trends, this year’s survey was designed to quantify the shifts in overall concerns/goals and strategies for data protection, as well as gain an understanding of the current market landscape on data protection, disaster recovery, cybersecurity/ransomware and containers.

In this edition of the State of the Internet/Security (SOTI) report, we continue to research the array of attacks observed in web applications and API, their impacts on the organization, and how vulnerabilities figure in the API landscape. Our goal is to illustrate the dangers posed by the web application and API attacks, with recommendations on how to successfully defend your network against such attacks.