This report provides insights culled from a year of security data analysis and hands-on lessons learned. Data analyzed includes the 6.5 trillion threat signals that go through the Microsoft cloud every day and the research and realworld experiences from our thousands of security researchers and responders around the world. In 2018, attackers used a variety of dirty tricks, both new (coin mining) and old (phishing), in their ongoing quest to steal data and resources from customers and organizations. Hybrid attacks, like the Ursnif campaign, blended social and technical approaches. As defenders got smarter against ransomware, a loud and disruptive form of attack, criminals pivoted to the more “stealth”, but still profitable, coin-miners.

From the report, “How do we actually “play the hacker”? We do this by deploying simulators that play the role of a “virtual hacker” across endpoints, network and cloud, and execute breach methods from our hacker’s playbook. Our findings are incorporated in this report, and analyzed by SafeBreach Labs, with the hope that security teams can glean some interesting insights into the things not to do in their environment.”

20 Leading CISO’s from the healthcare industry offer their perspective on evolving cyberattacks, ransomware & the biggest concerns to their organizations.

This specialized report offers insights into the Healthcare industry and the gaps in policies and procedures that could lead to damaging cyber events within the industry.

This report promises to allow you to use the vast insights and hard data contained in the report to help bolster your security posture and better understand the nature of the threats we face today.

This report from Bromium offers insights into notable threats and events from 2019.

This report offers insights from the Global Deployment of SentinelOne Agents.

This report is a discussion of the findings and trends of 169 ransomware incidents affecting state and local governments since 2013.

A Report to Congress Pursuant to the National Defense Authorization Act for Fiscal Year 2000, as Amended

This report offers quantitative findings from a study of UK individuals to measure and understand awareness and attitudes towards cyber security, and related behaviors. The findings are part of a wider research project to provide insight to inform HM Government’s approach to encourage positive behavior amongst the public in protecting themselves against cyber threats.

This third Hiscox Cyber Readiness Report provides you with an up-to-the-minute picture of the cyber readiness of organisations, as well as a blueprint for best practice in the fight to counter the ever-evolving cyber threat.

The Hiscox Cyber Readiness Report is compiled from a survey of more than 4,100 executives, departmental heads, IT managers and other key professionals in the UK, US, Germany, Spain and The Netherlands. Drawn from a representative sample of organisations by size and sector, these are the people on the front line of the business battle against cyber crime. While all are involved to a greater or lesser extent in their organisation’s cyber security effort, 45% make the final decision on how their business should respond. The report not only provides an up-to-the-minute picture of the cyber readiness of organisations large and small, it also offers a blueprint for best practice in the fight to counter an ever-evolving threat.

A study on the causes and evolution of Americans’ and Canadians’ stressors relating to cybersecurity and personal data protection

From the report, “For our 4th Year running, welcome to the edgescan Vulnerability Stats Report. This report aims to demonstrate the state of full stack security based on edgescan data for 2018. The edgescan report has become a reliable source for truly representing the global state of cyber security. This year we took a deeper look at vulnerability metrics from a known vulnerability (CVE) and visibility standpoint. We still see high rates of known/patchable vulnerabilities which have working exploits in the wild, which possibly demonstrates it is hard to patch production systems effectively on a consistent basis.”

To shine a light on the availability of SSL/TLS certificates on the dark web, the Evidence-based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey spearheaded a research program, sponsored by Venafi. This report details the preliminary findings of the research and outlines the volume of SSL/TLS certificates for sale on the dark web, including information on how they are packaged and sold to attackers. These certificates can be used to eavesdrop on sensitive communications, spoof websites, trick consumers and steal data. The long-term goal of this research is to gain a more thorough understanding of the role SSL/TLS certificates play in the economy of the dark web as well as how they are being used by attackers.

As with driving, not only do you get a good look at what’s behind you, but you can often spot what’s coming up quick, set to overtake you. That’s the spirit of this threat report. We’ve picked out five key stories from the last year or so, not just because they were big events, but because we think these threats, or similar ones, could very well appear in the near future.

This report offers new insights into ransomware and the issues related to this problem.

The 2018 Endpoint Security Report reveals the latest endpoint security trends and challenges, why and how organizations invest in endpoint security, and the security capabilities companies are prioritizing.

To promote global awareness and facilitate important dialogues, SonicWall remains steadfast in its commitment to research, analyze and share threat intelligence via the 2019 SonicWall Cyber Threat Report.

Akamai provides a thorough report to educated the industry on the attacks that are growing, evolving, and becoming more sophisticated.

From the report, “But what exactly do we talk about when we talk “security?” That’s the question we seek to answer in this report, which has its roots in a similar question asked by an eight-year-old daughter two and a half years ago: “What’s the RSA Conference about, Daddy?” That root sprouted into a four-part blog series and a panel discussion a year later where we analyzed 25 years of session titles in honor of the 25th anniversary of RSA Conference.”