Ponemon Institute is pleased to present the findings on the economics of today’s Security Operations Centers (SOC). Sponsored by Respond Software, Ponemon Institute surveyed 637 IT and IT security practitioners in organizations that have a SOC and are knowledgeable about cybersecurity practices in their organizations. Respondents supervise or are responsible for such activities as information security, threat detection and remediation and security operations management and more.

This is the 6th annual SOTI from Akamai. The Key findings are: • Between November 2017 and October 2019, more than 40% of the unique DDoS targets were in the financial services industry • Traditional logins (username and password) still account for the majority (74%) of access methods to applications and services • From May to October 2019, credential stuffing attacks targeting the financial services industry have targeted APIs, often accounting for 75% or more of the total login attacks against financial services

This year’s Internet Crime Report highlights the IC3’s efforts to monitor trending scams such as Business Email Compromise (BEC), Ransomware, Elder Fraud, and Tech Support Fraud. As the report indicates, in 2019, IC3 received a total of 467,361 complaints with reported losses exceeding $3.5 billion. The most prevalent crime types reported were Phishing/Vishing/Smishing/Pharming, Non-Payment/Non-Delivery, Extortion, and Personal Data Breach. The top three crime types with the highest reported losses were BEC, Confidence/Romance Fraud, and Spoofing. More details on each of these scams can be found in this report.

The Worldwide Security Spending Guide examines the security opportunity from a technology, industry, company size, and geography perspective. This comprehensive database delivered via IDC’s Customer Insights query tool allows the user to easily extract meaningful information about the security technology market by viewing data trends and relationships and making data comparisons.

In our 25-criterion evaluation of data security portfolio providers, we identified the 13 most significant ones — Dell, Digital Guardian, Forcepoint, Google, GTB Technologies, IBM, Imperva, McAfee, Micro Focus, Microsoft, Oracle, Symantec, and Varonis — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk (S&R) professionals understand the respective strengths of each vendor’s portfolio.

This report covers: the security practices for each of the two different core projects, both Angular and React, the state of security of each of the two different module ecosystems, based on an in-depth look at the vulnerabilities contained in each of the ecosystems, the security practices for other common JavaScript frontend framework alternatives such as Vue.js, Bootstrap and jQuery, and the significant security differences between the different alternatives, and particularly between Angular and React

This report outlines the state of open source security, including open source adoption, known vulnerabilities, and vulnerability identification.

This report investigates the ways in which organizations can support engineering productivity through initiatives such as supporting information search, more usable deployment toolchains, and reducing technical debt through flexible architecture, code maintainability, and viewable systems.

Risk Based Security has been sharing our Vulnerability QuickView reports with the world, providing detailed analysis on the vulnerability landscape based on data from our vulnerability intelligence product, VulnDB . Continuing from our previous 2019 Mid-Year report, this edition of the QuickView delves into the months of August through October. The information collected is displayed in a series of charts depicting various groupings, classifications, insights, and comparisons of the data

The insurance industry has been asked by Lloyd’s, regulators, and its own senior management to understand its exposure to this type of cyber risk. To address this, AIR has developed a comprehensive database of industry exposures that provides the information insurers need for accurate modelling and has used it to form the basis of the alternative modelling approach described in this report. The results of this cloud downtime scenarios analysis could help insurance managers gain insights into how to grow their cyber business in a controlled and prudent manner.

Bryan Cave Leighton Paisner began its survey of data breach class action litigation six years ago to rectify the information gap and to provide our clients, as well as the broaderlegal, forensic, insurance, and security communities,with reliable and accurate information concerning the risk associated with data breach litigation. Our annual survey continues to be the leading authority on data breach class action litigation and is widely cited throughout the data security community.

This paper provides a review and analysis of 2018 cyber incidents and key trends to address.

From the report, “After working with hundreds of security professionals and covering over 1 million assets at some of the world’s most innovative brands, the team at Axonius has identified 5 things that security teams discover when they automate cybersecurity asset management. In this short paper, we’ll review each of these findings, discuss their security implications, and show how automating asset management can both find and resolve these challenges.”

This report provides exactly what its title offers, 10 predictions for developers in 2019.

Risk IQ offers a glimpse into the multiple attacks on IT infrastructure organizations like Wipro and several others. This report is an analysis of those campaigns, their operators, and their targets.

This report promises to allow you to use the vast insights and hard data contained in the report to help bolster your security posture and better understand the nature of the threats we face today.

This paper will also explore the root causes of poor data quality and a solution for organizations seeking data quality improvement.

In multiple areas of cyber security, time is currently working in favor of the attackers — and time is the strategic advantage that the defenders need to regain. In a recent report, Aberdeen Group leveraged Verizon Data Breach Investigations Report data to uncover the distribution of attacker “dwell times,” i.e., the total time in days from attacker compromise to defender detection.

Privileged access remains the preferred vector for attackers, and most organizations aren’t taking the very basic steps to secure it

The Worldwide Semiannual Security Spending Guide examines the security spending opportunity from a country, industry, and technology perspective. This comprehensive database delivered via pivot table format or IDC’s Customer Insights query tool allows users to easily extract meaningful information about the core and next-generation security markets by viewing data trends and relationships and making data comparisons.

The problem that occurs when applications deserialize data from untrusted sources is one of the most widespread security vulnerabilities to occur over the last couple years. This article will provide background on the deserialization vulnerability, describe the limitations of the existing mitigation techniques and explain why Waratek’s Compiler Based solution is ideal in solving this problem.