Mandiant’s 2019 edition of their threat intel report. Focusing on significant trends in attack TTPs over the past calendar year.

A lot of progress has been made in the past few years around requirements. Next steps in this area include identifying when and why to update intelligence requirements—even ad hoc adjustments can be planned for by identifying the circumstances under which they would need to be changed. It is also clear that there are numerous positive trends in the community, such as more organizations producing intelligence instead of just consuming it. But there are also many challenges, such as getting the appropriate staffing and training to conduct cyber threat intelligence. Tools and data sources are always going to be vital to the process, but the world of intelligence analysis is inherently analyst driven and a focus is rightfully placed there.

We built our 2020 Threat Insights Report on this foundation, to help guide you in protecting against what’s to come. Because moving forward, the right combination of protections is not a difference between one cybersecurity solution or another; it’s the difference between being protected against tomorrow’s threats or becoming their prey.

The BlackBerry® Cylance® 2020 Threat Report contains a broad range of topics vital to the interests of businesses, governments, and end-users. It delivers the combined security insights of BlackBerry, a trailblazer in the Internet of things (IoT) and mobile security, and Cylance, an early pioneer of AI-driven cybersecurity and endpoint security market disruptor, which was purchased by BlackBerry in February 2019.

Wakefield Research partnered with Webroot to conduct an online quantitative research study among U.S. consumers to:

• Better understand attitudes, perspectives, and behaviors related to cyber hygiene
• Based on this data, create a risk index (“Cyber Hygiene Risk Index”) to assess the risks associated with susceptibility to cybercrime in each state, ranking the states to determine the riskiest and least risky states in the U.S.
• Further analyze respondents’ susceptibility to risk by using a series of custom demographic and psychographic metrics to get a more nuanced understanding of what is behind cyber-hygiene levels

This survey looked at the state of IT departments in 2020 and where their priorities fell. After surveying more than 1,300 IT professionals, it’s clear vendor management and contract negotiation is becoming a time-consuming endeavor. In fact, 50% of IT professionals work with 11 or more vendors and nearly half (48%) spend weeks or months renegotiating their vendor contracts each year.

The recent Chinese New Year ushered in the Year of the Rat, but from the perspective of the many corporations, government agencies and other organizations around the world who continue to be the targets of Advanced Persistent Threat (APT) groups acting in the interest of the Chinese government, recent years could aptly be described as the Decade of the RATs - Remote Access Trojans, that is.

In this report, BlackBerry researchers reveal what the focus on those groups has overshadowed: several governments with well-established cyber capabilities have long ago adapted to and exploited the mobile threat landscape for a decade or more. In this context, mobile malware is not a new or niche effort, but a longstanding part of a cross-platform strategy integrated with traditional desktop malware in diverse ways across the geopolitical sphere.

CyberEdge’s annual Cyberthreat Defense Report (CDR) plays a unique role in the IT security industry. Other surveys do a great job of collecting statistics on cyberattacks and data breaches and exploring the techniques of cybercriminals and other bad actors. Our mission is the provide deep insight into the minds of IT security professionals.

Applying the principle of least privilege should be a foundational element of any organization’s cyber security strategy. However, a sustainable least privilege strategy isn’t something that can be set up overnight. It takes planning, collaboration, and the right tools to meet the needs of security, IT, desktop support, and users.

The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs.

Lares encounters a seemingly endless number of vulnerabilities and attack vectors when we conducta penetration test or red team engagement, regardless of organization size or maturity. Though notevery engagement is identical, we have analyzed the similarities between hundreds of engagementsthroughout 2019 and the following list represents the most frequently observed penetration test findings we encountered.

In this report, we will address the aforementioned questions using data that Forescout Technologies has carefully gathered, tested and validated from all forms of device networks and the applications they support. This report presents data from a cross-sectional analysis of the Forescout Device Cloud, which is a repository of host and network information for more than 11 million devices (provided anonymously by Forescout customers). With Forescout Device Cloud, we analyze device fingerprints to identify device function, vendor/model, operating system and version to provide granular auto-classification for a wide range of devices. For this study, researchers limited Device Cloud analysis to 100 large financial services deployments with over 8,500 virtual local area networks (VLANs) and nearly 900,000 devices.

This report is based off the findings of a deep analysis of vulnerabilities in BAS. The results are grouped into four areas then published. The four areas are: Analysis of the security Landscape, Discovery and responsible disclosure of previously unknown vulnerabilities, Deployment of a proof of concept malware, and Discussion on how network monitoring tools can help protect.

Discusses systemic cyber risk, catastrophic losses, and the implications upon cyber insurance policies.

P2P Volume 5 focuses on the differences between asset types (OS) and how vulnerabilities are treated on different platforms.

This is the 7th annual edition of the Microsoft Vulnerabilities Report, and includes a five-year trend comparison, giving you a better understanding of how vulnerabilities are growing and in which specific products.

This document is the product of a flash survey, an unscheduled, event-driven survey with a fast turnaround to cover a rapidly evolving situation relevant to tech markets. This survey was designed to measure the impact of the COVID-19 coronavirus outbreak on businesses. It was conducted between March 10 and March 19, 2020, and represents approximately 820 completes from pre-qualified IT decision-makers.

This report encourages market participants to review their practices, policies and procedures with respect to cybersecurity and operational resiliency. It states that assessing your level of preparedness and implementing some or all of the above measures will make your organization more secure. OCIE will continue to focus on working with organizations to identify and address cybersecurity risks and encourages market participants to actively engage regulators and law enforcement in this effort.

In our 3rd annual Global Password Security Report, we strive to share interestingand helpful insights into employee password behavior at businesses around theworld. We want to help IT and security professionals understand the greatestobstacles employees face when it comes to passwords, learn how to addresschallenges of managing and securing data in today’s digital workplace and enablethem to see how their businesses’ password security practices measure up. Thisyear, we’re bringing even more data points to the table.

Our sixth annual State of the Phish report again brings you critical, actionable insights into the current state of the phishing threat. You’ll learn about: • The end-user awareness and knowledge gaps that could be hurting your cybersecurity defenses The impacts information security professionals are experiencing because of phishing attacks and the ways they’re trying to combat these threats • How Proofpoint customers are approaching phishing awareness training, and the ways we’re helping them measure program success