This paper cites a Dimensional Research survey of 250 IT security professionals in financial services organizations located in the U.S., U.K., Germany, France and Australia. The survey examines the challenges faced by the financial services industry in managing certificates, and the results illustrate the importance of incorporating CA-agility into a certificate management strategy. The survey also explores the federal government and other industries, including healthcare, retail and technology.

“The use of machines is driving unprecedented improvements in business efficiency, productivity, agility and speed. With businesses increasing their reliance on machines, the number of machines on enterprise networks is growing exponentially. To communicate securely, each machine needs a unique identity to authenticate and secure communications. However, organizations’ abilities to create, manage and protect these machine identities is simply not keeping up with the pace of their evolution. "

“In this year’s report, SecurityScorecard looked at more than 1200 healthcare companies from July 2017 through the end of the year and analyzed terabytes of information to assess risk across ten risk factors.”

“To take a look at the cybersecurity health of financial institutions, this September, SecurityScorecard analyzed 2,924 financial institutions in the SecurityScorecard platform to find existing vulnerabilities within banks, investment firms, and other financial firms to determine the cybersecurity performance of the financial sector, especially as compared to other industries. Our team also analyzed the cybersecurity posture of the Top 20 highest performing FDIC-insured banks to understand what security factors pose risks to these financial institutions.”

Since June 2016, the Global Cyber Alliance (GCA) has been working to accelerate adoption of DMARC, an email security standard, by providing a set of easy-to-use tools and campaigns to drive deployment. This paper investigates and measures the economic benefit from that work. Having reviewed the available data, we have chosen to focus on Business Email Compromise (BEC) because it is a rapidly growing issue, with high direct losses, and relevant data is available for analysis from multiple sources. We derive a conservative minimum bar estimate for the loss avoidance tied to GCA’s initiatives and discuss the potential scale of other benefits gained from DMARC.

This is an annual report that discusses the latest malware and hacking trends in compromised websites.

This document details how and why a company should be proactively scanning internal networks, segmenting network elements, and requiring multi-factor authentication also helps ensure security.

This document discusses the vulnerabilities discovered by edgescanTM over the past year – 2016. The vulnerabilities discovered are a result of providing “Fullstack” continuous vulnerability management to a wide range of client verticals; from Small Businesses to Global Enterprises, From Telecoms & Media companies to Software Development, Gaming, Energy and Medical organisations. The statistics are based on the continuous security assessment & management of over 57,000 systems distributed globally.

In the executive summary, this report asks, “What if defenders could see the future?” it then goes on to say that defenders can see what’s on the horizon and many clues are out there and obvious. The entire report seeks to outline ways in which defenders can see the future.

Verizon’s annual report on data breaches in 2018

This report seeks to answer the question, “What will shape the next 12 months in cybersecurity?”

The research department at TopSpin Security conducted an experiment to investigate the performance of deception technologies in a simulated corporate environment in which more than 50 professional hackers and security experts used their knowledge and skills to try to extract a pre-defined piece of data and stay undetected. The experiment sought to answer a number of questions, including: 1) What kind of attacker will be attracted to what different type of resources (traps)? 2) What deception mechanisms should the defending organization employ? 3) Where should they be placed? 4) What kind of traps should be used Every attack pattern was carefully monitored and upon completion the data logged was analyzed and aggregated. Trends, attack patterns and statistics were derived from the data logged.

SophosLabs takes a specific look at threats being downloaded on GooglePlay that mine a mobile phone’s resources while searching for cryptocurrency.

Based on quantitative consumer research, the report looks at the likelihood that false declines at the point of sale (POS) will prompt consumers to leave their financial institution (FI). The report also looks at technologies that can reduce false declines as well as consumers’ propensity to proactively engage with these technologies.

This report sets out the results of a study of consumer attitudes toward data breaches, notifications that a breach has occurred, and company responses to such events. The report should provide valuable information that can be used by businesses and policymakers as they develop policies and best prac-tices related to information security and data breach response. More- over, it should be of interest to individuals who conduct business with any organization that holds their personal and confidential data.

Read about the threat outlook for aerospace and defense sectors as threat groups seek to gain military and economic advantages.

A total of 117 US insurers were found to have underwritten cyber insurance in 2015. This paper has analyzed these filings and has outlined them to provide insights for insurers that either currently offer or seek to offer cyber insurance to help them benchmark and drive decisions on underwriting and reinsurance purchase.

This report provides a comprehensive list of all the data breaches that have occurred in the spring of 2018.

This report takes a close look at vulnerability management and seeks to make it a far simpler task.

The upgraded version of the Dridex Trojan was at one time one of the most successful bank Trojans originally discovered in 2014 and has since re-emerged. This paper provides an overview.

Bitglass’ fourth-annual Healthcare Breach Report analyzes data from the US Department of Health and Human Services’ “Wall of Shame,” where organizations that store or handle PHI are required to disclose breaches that affect at least 500 individuals. Read on to learn more about the breaches that caused the most damage in 2017 and to look at the year ahead in data security.