This report is a transcript of written Testimony provided to the House Comittee on Oversight and Government Reform, Subcomittee on Information Technology, by Sarah Cook Senior Research analyst for East Asia and China Media Bulletin Director.

“The use of machines is driving unprecedented improvements in business efficiency, productivity, agility and speed. With businesses increasing their reliance on machines, the number of machines on enterprise networks is growing exponentially. To communicate securely, each machine needs a unique identity to authenticate and secure communications. However, organizations’ abilities to create, manage and protect these machine identities is simply not keeping up with the pace of their evolution. "

“Many businesses and government agencies have embraced supervisory control and data acquisition (SCADA) systems or industrial control systems (ICS) in recent years, but the technologies face major security challenges. Nearly 6 in 10 organizations using SCADA or ICS that were surveyed by Forrester Consulting in a study commissioned by Fortinet indicate they experienced a breach in those systems in the past year—and many of those organizations are adding to their risk by allowing technology and other partners a high level of access into their systems. Most organizations also report connections between their traditional IT systems and their SCADA/ICS, introducing the potential for outside hackers to penetrate these control systems.”

“In this year’s report, SecurityScorecard looked at more than 1200 healthcare companies from July 2017 through the end of the year and analyzed terabytes of information to assess risk across ten risk factors.”

The Canadian Survey of Cyber Security and Cybercrime was conducted for the first time to measure the impact of cybercrime on Canadian businesses. This release coincides with Cyber Security Awareness Month, which is an internationally recognized campaign held each October to inform the public of the importance of cyber security.The Canadian Survey of Cyber Security and Cybercrime was conducted for the first time to measure the impact of cybercrime on Canadian businesses. This release coincides with Cyber Security Awareness Month, which is an internationally recognized campaign held each October to inform the public of the importance of cyber security.

“For the (ISC)² Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study), we talked to cybersecurity pros as well as IT pros who spend at least 25% of their time working on cybersecurity activities. This report explores the findings of that research, illuminating the cybersecurity skills gap by revealing the trends, elements, and impact, all of which can be used to inform the steps organizations and individual cybersecurity pros can take to address this troubling progression.”

This paper analyzes a cleanup app that is actually malicious.

This white paper explains common use cases for privilege management on Unix/Linux servers.

This document deals with malware on mobile devices.

This report is an annual Cyber Claims Study. It includes informative numerical and graphical descrip-tions of the types of data exposed, causes of loss, business sectors involved, sizes of affected organizations, insider involvement, and third party involvement. It also includes several new analyses: Cloud Involvement, Cyber Extortion/Ransomware, Phishing, Phishing and Wire Transfer Fraud, POS-Related/Common Point of Purchase/CPP Investigations.

This document details how and why a company should be proactively scanning internal networks, segmenting network elements, and requiring multi-factor authentication also helps ensure security.

This Annual report discusses the events and changes in the cybersecurity landscape of 2017.

In the executive summary, this report asks, “What if defenders could see the future?” it then goes on to say that defenders can see what’s on the horizon and many clues are out there and obvious. The entire report seeks to outline ways in which defenders can see the future.

This paper tries to answer the question, “What does the general public know about data privacy?”

In this whitepaper you will learn what endpoint privilege management is and how an effective approach significantly enhances an organization’s security against rising cyber crime. They cover the origins of the least privilege concept, the benefits of application control, the current cyber threat landscape and how endpoint privilege management works to combat this with minimal disruption to user productivity.

This paper is a simple yet practical guide to understanding and becoming GDPR Compliant.

This report covers performance, security, and encryption essentials for online applications.

The research department at TopSpin Security conducted an experiment to investigate the performance of deception technologies in a simulated corporate environment in which more than 50 professional hackers and security experts used their knowledge and skills to try to extract a pre-defined piece of data and stay undetected. The experiment sought to answer a number of questions, including: 1) What kind of attacker will be attracted to what different type of resources (traps)? 2) What deception mechanisms should the defending organization employ? 3) Where should they be placed? 4) What kind of traps should be used Every attack pattern was carefully monitored and upon completion the data logged was analyzed and aggregated. Trends, attack patterns and statistics were derived from the data logged.

In this paper, they explore the modern enterprise — a hybrid organization with infrastructure spread across on-premises data centers as well as hosted in the cloud and one where IT functions are split between internal and 3rd-party administrators. They look at these and related trends impacting our data security and specifically, best practices on how to manage and govern privileged user access to mitigate these risks.

SophosLabs takes a specific look at threats being downloaded on GooglePlay that mine a mobile phone’s resources while searching for cryptocurrency.

Based on quantitative consumer research, the report looks at the likelihood that false declines at the point of sale (POS) will prompt consumers to leave their financial institution (FI). The report also looks at technologies that can reduce false declines as well as consumers’ propensity to proactively engage with these technologies.