In this edition of Risk and Regulatory Outlook a Deloitte subject matter expert outlines the situation, specifies existing or prescient change, and suggests practical steps in each of the nine key areas of regulatory change we focus on.

This report focuses on software vulnerabilities, software vulnerability exploits, malware, and unwanted software. It is the hope that readers find the data, insights, and guidance provided in this report useful in helping them protect their organizations, software, and users.

In this paper, they explore the differences between legitimate mining and cryptojacking; how cryptojacking works; the costs of cryptojacking to today’s organizations; and practical steps you can take to avoid being a victim of cryptojacking.

This paper is the presentation of data found through a survey administered in November and December of 2015.

This white paper will examine “Know Your Device” (KYD) as a method to not only protect against fraud, but also enhance your customer’s digital channel experiences and compete in a crowded marketplace.

This is a threat advisory for betFIRST mobile apps

“2017 was a huge year for mobile security. Malicious actors returned with a vengeance and cyber attacks grew rapidly in sophistication. Ransomware outbreaks like WannaCry and Petya hit enterprises globally causing unparalleled disruption, new vulnerabilities like BlueBorne were discovered and malware variants grew more aggressive and prevalent by the day. This report will summarise the key mobile security trends that emerged in 2017, and summarise thoughts for the mobile threat landscape for the year ahead.”

This book takes a look at “whaling” scams. Or largescale phishing attacks. It offers some analysis and insight into how these scams can be avoided.

This report is based on a security audit of the opening ceremony of ZCash.

This year’s CrowdStrike Intelligence Global Threat Report contains a wealth of intelligence regarding adversary behavior, capabilities, and intentions. More importantly, it ties it back to the events that influenced those activities. By understanding the events that shape the beliefs and motivations of threat actors—regardless if they are criminal, nation-state, or hacktivist—it is possible to comprehend what drove the adversaries to behave as they did, and perhaps to understand what this will mean for the future.

This paper is an Analysis of cyber attack and incident data from IBM’s worldwide security services operations.

This report deals with predicting the cyber threat landscape for 2016 through 2020. It does this by looking back 5 years, and analyzing the past, and also talking to folks who make predictions for the 5 years in the future.

This is an annual report that discusses the latest malware and hacking trends in compromised websites.

This report reviews the cyber security threats that occurred in the first half of 2017.

The goal of this project was to develop an initial framework for cybersecurity that considers the roles of government, industry, advo- cacy organizations, and academic institutions and how these stake- holders’ concerns relate to each other.

Aaron Higbee, Co-founder and CTO, PhishMe, (now CoFense) discusses the future of phishing defence and asks which side of the fence the future of defence against phishing attacks lies: human or machine?

This whitepaper takes a look at the cybersecurity considerations that a business traveler should keep in mind while on the move.

This White Paper is a report regarding The Callisto Group. The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions.

The report describes consumers’ account security practices, their exposure to security incidents and their expectations for companies to protect their mobile and online accounts. Data are drawn from an online survey of 1,300 adults conducted in September 2016.

This paper seeks to provide understanding and aid with meeting the unique information demands that the Internet of Things requires.

“Enterprises rely on custom applications to perform business-critical functions. Any downtime could halt operations. Our survey found that while enterprises have confidence in the security of IaaS providers’ underlying infrastructure compared with their own datacenters, data in custom applications is exposed to a wide range of threats independent of the platform. That includes accounts compromised by third parties—via phishing or another method. There are a growing number of examples such as Code Spaces where attackers have held data ransom and in some cases permanently deleted enterprise data in these applications. This report summarizes the scale of custom applications deployed today, where they are deployed, how they are secured, and who is responsible for securing them.”