In the 2023 edition, we wanted to understand the specific challenges related to building and maintaining Insider Risk programs, technologies and training. To explore this, we surveyed 700 respondents – cybersecurity leaders, cybersecurity managers and cybersecurity practitioners – from US companies with 500 or more employees from a range of public and private sectors.

This report explores four key trends in teh payments space, and their importance to issuers, merchants and fintechs in reducing losses from fraud and unnecessary chargebacks while also delivering a next-gen customer experience.

This report aims to capture hard data on the experiences of stakeholders who are impacted by IAM processes and technologies, and the impact of current IAM practices on security risks and business operations.

Ponemon Institute is pleased to present the findings on the economics of today’s Security Operations Centers (SOC). Sponsored by Respond Software, Ponemon Institute surveyed 637 IT and IT security practitioners in organizations that have a SOC and are knowledgeable about cybersecurity practices in their organizations. Respondents supervise or are responsible for such activities as information security, threat detection and remediation and security operations management and more.

This report offers insight for institutions of higher learning seeking to understand that regulations and issues surrounding cybersecurity on campus.

Nominet commissioned Osterman Research to conduct a survey of 408 CISOs overseeing security for organisations with a mean average of 8,942 employees. This comprises 207 companies in the USA and 201 companies in the UK, spread across a range of sectors. The objective was to collect and analyse a large enough dataset to make valid conclusions into the opinions, behaviours and mindset of those making cyber security decisions at large organisations.

This paper is a theoretical study looking at three famous cases of insider attacks that occurred over the past six years. The paper defines the facts of the attacks and information on the attackers. It then theorizes how a behavioral analytics engine could have been used to detect and prevent these attacks. Although theoretical, the analysis is focused on technical facts rather than on opinions, so that objectivity is maintained. All facts referenced in this document are publically available. No confidential or classified data is used in this document.

The recent escalation in tensions between the United States and Turkey over the detention of pastor Andrew Brunson, have prompted Turkish patriotic hacktivist groups to target American websites. Historically, the two most prominent hacktivist groups Aslan Neferler Tim (ANT) and Turk Hack Team (THT) have reacted to political issues impacting Turkey, by targeting the perceived adversary with low level nuisance attacks such as web defacements and Distributed Denial of Service attacks (DDoS). As the political situation deteriorates, Anomali expects to see an increase in hacktivist related activity targeting American websites.

Spyglass Consulting Group conducted a primary research study to identify the market opportunities and challenges for healthcare provider organizations to leverage an enterprise-class secure communications platform to address the communications requirements associated with complex clinical workflows.

“Enterprises rely on custom applications to perform business-critical functions. Any downtime could halt operations. Our survey found that while enterprises have confidence in the security of IaaS providers’ underlying infrastructure compared with their own datacenters, data in custom applications is exposed to a wide range of threats independent of the platform. That includes accounts compromised by third parties—via phishing or another method. There are a growing number of examples such as Code Spaces where attackers have held data ransom and in some cases permanently deleted enterprise data in these applications. This report summarizes the scale of custom applications deployed today, where they are deployed, how they are secured, and who is responsible for securing them.”

This paper provides insight into specific fines that will occurr due to the GDPR.

This paper sets out to reveal if IT data reported to boards of directors, enables them to make good decisions.

Vector Consulting was commissioned by Cisco Australia and New Zealand to better understand the role and impact of cloud in higher education and training. For the purposes of this report `cloud’ is predominantly focused on infrastructure as a service or cloud-based infrastructure. The study included desktop research, targeted interviews and a comprehensive survey, which forms the basis for this report. The survey was distributed electronically to Australian and New Zealand institutions to better understand their current views about where cloud was having the most impact and how they were planning for cloud. The survey was in field for two weeks and all individual responses were provided.

A paper discussing the impact of a cyber attack on the power grid.

The emerging field of cybersecurity economics could benefit from better data, better under- standing, and better methods for using resources wisely, not only to protect critical products and services but also to provide assurances that software will work as expected. This research brief presents findings that address these key cybersecurity concerns, perceptions of the importance of cybersecurity, and considerations for cybersecurity invest- ment decisions. In particular, it suggests that companies, the government, and other organizations can help improve our under- standing of cybersecurity economics by moni- toring cybersecurity incidents and responses, soliciting and using standard terminology and measures, and sharing data whenever possible.

From the report, “Internet of Things (IoT) technology holds incredible promise for transforming the enterprise, but one of the biggest hurdles for companies implementing IoT will be extracting insight from the incredible volumes of fast-moving data these systems produce and integrating that resulting intelligence into business processes in real time.”