Using breach information from Advisen, this report seeks to fill in missing gaps in the loss frequency and impact side of quantitative risk analysis. Using real world reported data on publicly-discoverable breaches, commonly held myths of cost per record estimates are debunked and replacement hard statistics are given to replace incorrect estimates.

Using case data from IBM’s external incident response service involvement in cloud-related security incidents over 2019, this report covers threat actors, threat actions, common control weaknesses, and makes recommendations for increase cloud security postures. Additional data contributed by Intezer and DarkOwl.

A survey, conducted by Vanson Bourne, of 5,000 IT managers on their experiences with ransomware. Discusses prevalence, spread, techniques, and impact.

Each year, Check Point Research (CPR) reviews previous year cyber incidents to gather key insights about the global cyber threat landscape. In this 2020 Cyber Security Annual Report, the authors offer a review of 2019’s major cyber incidents, suggest predictions for 2020, and recommend best practices to help keep organizations safe from cyber attacks.

This report goes in depth on Radware’s performance in mitigating DDoS attacks.

Verizon’s 2020 edition of the keystone DBIR. Covering breaches and attack trends across the previous year.

A look at the unique threat and risk landscape of the manufacturing industry. Discussing the challenges brought about by Industry 4.0, and recommends measures and best practices for securely reaping the benefits of connected production. We also reiterate that securing the manufacturing industry requires regular risk assessments and a resilient cybersecurity framework that is able to detect, respond to, and protect against a variety of security holes.

This report goes in depth on Cybercrime in 2017.

The 2020 data breach report from the events managed by the BakerHosteltler incident response team. Trends, timelines, and losses are covered.

This is a report put out by Impervia based on their 2019 DDoS attack study. Their analysis of attacks is based on data from 3,643 network layer DDoS attacks on websites using Imperva services from January 1, 2019 through December 31, 2019, and on 42,390 application layer attacks on websites using Imperva services from May 1, 2019 through December 31, 2019,

The BlackBerry® Cylance® 2020 Threat Report contains a broad range of topics vital to the interests of businesses, governments, and end-users. It delivers the combined security insights of BlackBerry, a trailblazer in the Internet of things (IoT) and mobile security, and Cylance, an early pioneer of AI-driven cybersecurity and endpoint security market disruptor, which was purchased by BlackBerry in February 2019.

This report goes in depth into the overall changes in data breaches in the first part of 2020. Some highlights are that the number of publicly reported breaches decreased by 42% from 2019. and the number of records exposed grew 273% since last year.

This report focuses on the changes in security threats and the effect that COVID-19 has on the overall landscape.

The 2020 Trustwave Global Security Report is an annual review of the phenomena, trends and statistics affecting computer security and worldwide safety, as observed by Trustwave systems and security analysts throughout 2019. As we enter a new deacade, we take a fresh look at the changing face of the compromise, from the ways in which increasingly sophisticated threat actors adapted in recent years to improvements in threat detection and response and how people in white hats responded.

CyberEdge’s annual Cyberthreat Defense Report (CDR) plays a unique role in the IT security industry. Other surveys do a great job of collecting statistics on cyberattacks and data breaches and exploring the techniques of cybercriminals and other bad actors. Our mission is the provide deep insight into the minds of IT security professionals.

This survey of 3500 people (conducted by a 3rd party survey research company) examines attitudes and knowledge of various security concepts. The survey is mainly focused on the Western World, the US, Western Europe, and Australia, with Japan being the only Asian country included.

Discusses systemic cyber risk, catastrophic losses, and the implications upon cyber insurance policies.

This is the 7th annual edition of the Microsoft Vulnerabilities Report, and includes a five-year trend comparison, giving you a better understanding of how vulnerabilities are growing and in which specific products.

This report, the first in a series from Blueliv offering an overview of cybercrimeindustry, detailed some features of a rapidly growing cybercriminal serviceseconomy. We first covered the first elements in a process, from acquiringand preparing malicious code for use in a campaign, prior to setting upthe infrastructure to deliver the ‘product’ to its victims.

FireEye Threat Intelligence assesses with high confidence that APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control. Activity traces back to 2012 when individual members of APT41 conducted primarily financially motivated operations focused on the video game industry before expanding into likely statesponsored activity. This is remarkable because explicit financially motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests these two motivations were balanced concurrently from 2014 onward.

With this common understanding in mind, we have taken a comprehensive look at previously disclosed activity that can now be attributed to the GRU. Numerous governments, security firms, researchers, reporters, academics, and victims have released reports detailing different facets of the GRU’s activities. Our review identified more than 200 cyber incidents, spanning 15 years (2004–2019), targeting governments, the private sector, and members of civil society. These operations have discovered and disclosed secrets, defamed people, disinformed populations, and destroyed or disrupted computerized systems.