The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program. Crowdsourced cybersecurity includes services such as bug bounty programs, vulnerability disclosure, and next-generation penetration testing (NGPT). This report explores several key findings based on research conducted by ESG.

This paper, published in partnership with the UC Berkeley Center for Long-Term Cybersecurity, highlights research indicating that “underserved” residents in San Francisco, California— including low-income residents, seniors, and foreign language speakers—face higher-than average risks of being victims of cyber attacks. They are less likely to know whether they have even been victimized by a cyber attack, and they have lower awareness of cybersecurity risks. Partly as a result, they are less likely to access online services. This cybersecurity gap is a new “digital divide” that needs to be addressed—with urgency—by the public and private sectors alike.

Automation balances machine-based analysis with human-based domain knowledge to help organizations achieve optimal workflows in the face of staff shortages and alert fatigue, all caused by an increasing number of destructive threats. Yet, 59% of survey respondents indicate that their organizations use low levels or no automation of key security and incident response (IR) tasks. In this new SANS survey, we wanted to understand and explore some of the misconceptions versus facts around automation and what to do about it.

In multiple areas of cyber security, time is currently working in favor of the attackers — and time is the strategic advantage that the defenders need to regain. In a recent report, Aberdeen Group leveraged Verizon Data Breach Investigations Report data to uncover the distribution of attacker “dwell times,” i.e., the total time in days from attacker compromise to defender detection.

Insider threats constitute a legitimate danger to enterprise security. While protecting data from malicious external actors is typically top of mind for most organizations, the fact remains that they must also defend against negligent and disgruntled insiders. To learn more about how well organizations are accomplishing this, Bitglass partnered with a leading cybersecurity community to survey IT professionals and gain unique insights about insider attacks.

This very thorough report offers insight into the future of the Mobile trends of 2019.

This report offers new insights into ransomware and the issues related to this problem.

Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use in the enterprise. As mobility grows in the workplace, so do challenges from managing device access to handling the most pressing concerns of mobile security. The 2018 Mobile Security Report focuses on these security challenges and offers fresh insights on the state of securing mobility, the technology choices organizations are making, and their response to the growing security risks associated with enterprise mobility.

The 2018 Endpoint Security Report reveals the latest endpoint security trends and challenges, why and how organizations invest in endpoint security, and the security capabilities companies are prioritizing.

The 2018 Managed Security Report is based on the results of a comprehensive online survey of IT and cybersecurity professionals conducted in July and August of 2018.

This report offers information on Mobile Phishing from data researched in 2018.

To promote global awareness and facilitate important dialogues, SonicWall remains steadfast in its commitment to research, analyze and share threat intelligence via the 2019 SonicWall Cyber Threat Report.

An In Depth Look at the most prevalent ATT&CK techniques according to Red Canary’s historical detection dataset.

Zero Trust threat detection and response technologies are increasingly critical to securing customers and protecting the firm’s brand. To accelerate their performance in threat detection and response, companies are evaluating and adopting a range of contributing technologies. This Forrester Tech Tide™ report presents an analysis of the maturity and business value of the 18 technology categories that support Zero Trust threat detection and response. Security professionals should read this report to shape their firm’s investment approach to these technologies.

Bitglass’ fifth annual Healthcare Breach Report analyzes the data from the US Department of Health and Human Services’ “Wall of Shame.” The database contains information about breaches of PHI that affected more than 500 individuals.

From the report, “But what exactly do we talk about when we talk “security?” That’s the question we seek to answer in this report, which has its roots in a similar question asked by an eight-year-old daughter two and a half years ago: “What’s the RSA Conference about, Daddy?” That root sprouted into a four-part blog series and a panel discussion a year later where we analyzed 25 years of session titles in honor of the 25th anniversary of RSA Conference.”

This report reveals that globally, in any given month, home users are twice as much at risk of encountering any type of malware, with a 20.09% chance of infection; business users, on the other hand, have a 10.87% chance of getting attacked, generally because they often have more layers of protection in place. The more people and businesses depend on computers, along with the type of activities carried out on them and the data these PCs hold, the greater consequences and damage malware attacks can cause.

From the report, “To generate this report, Coronet analyzed an enormous set of data comprised of both access and service threats. The data originated from Wi-Fi and cellular networks, devices spanning all operating systems and public network connectivity infrastructure. The data was aggregated and evaluated based on potential damage that could be caused by attackers and existing vulnerabilities in the 55 most populated DMAs, which together account for almost 70 percent of the entire U.S. population. The ranked results have been aggregated into regions which closely resemble Nielsen DMAs. Coronet ranked each city that was analyzed from most insecure to least vulnerable, with the most insecure cities scoring a 6.5 and above.” Read on to find out more.

From the report, “As 2019 approached, ControlScan and MAC once again partnered to organize and conduct an industry study; however, this time we decided to reach out to the SMB merchants themselves. Measuring successes and concerns from the MSP’s perspective had given us part of the equation, so we wanted to learn how well aligned SMBs are with the efforts being aimed at them.” Read on to find out more.

This report takes a specific look back at connected medical device events that occurred in 2017.

In June of 2018 Claroty asked the experts about the state of industrial cybersecurity. This paper discusses what they said.