This paper explores the benefits of counterfactual analysis for cyber (re)insurers and provides a framework that can help exposure risk managers, actuaries, and catastrophe modelers incorporate it into their standard suite of risk assessment tools. The paper also contains some worked examples of cyber counterfactual analysis that Gallagher Re has conducted in collaboration with CyberCube.

The Edgescan Vulnerability Stats Report aims to demonstrate the state of full stack security based on thousands of security assessments performed globally, as delivered by the Edgescan SaaS during 2020. This report has also become a reliable source for representing the global state of cyber security vulnerability management.

The 9th edition of the Edgescan Vulnerability Stats Report 2024. This report demonstrates the state of full stack security based on thousands of security assessments and penetration tests on millions of assets that were performed globally from the Edgescan Cybersecurity Platform in 2023. This is an analysis of vulnerabilities detected in the systems of hundreds of organizations across a wide range of industries – from the Fortune 500 to medium and small businesses. The report provides a statistical model of the most common weaknesses faced by organizations to enable data-driven decisions for managing risks and exposures more effectively.

The Professional Services sector includes a broad array of organizations. Although there are no strict criteria for considering a company to be in this sector, there is general agreement that inclusion requires specialized training and experience, and, in many cases, qualification by exam and licensing managed by either national or state authorities. Using our 5-year dataset, we have analyzed 1,500 Professional Services claims dated 2017 through 2021. Professional Services sector incidents account for 20% of all claims in the dataset.

In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from the first half of the year. Most of the statistical indicators dropped accordingly. Yet, there are subtleties we would like to draw attention to, as they highlight dangerous spots on the cyberthreat landscape.

The Flashpoint 2024 Global Threat Intelligence Report offers a critical examination of the current threat environment. This year’s analysis goes beyond traditional threat intelligence, incorporating Flashpoint’s unparalleled data and insights to shed light on cyber threats, geopolitical turmoil, and escalating physical conflicts around the world. The goal: help your organization to strengthen its defenses, ensure operational resilience, and proactively confront multifaceted threats—thereby safeguarding critical assets, preventing financial losses, and protecting lives.

The report presents the industry’s most comprehensive analysis of intelligence from 2023. It covers threat actors and their playbook of targets, methods, and attacks to help you eliminate blind spots in your current security posture. groups, and more for the year ahead. Wherever you are in your threat intelligence journey, you can use this report as a roadmap. It will help you strengthen your operations, create a forward looking strategy, and protect your organization’s data, intellectual property, and brand reputation.

Our research sheds light on a concerning trend: 90% of exposed valid secrets remain active for at least five days after the author is notified. This finding emphasizes a crucial lesson in code security: while detecting vulnerabilities is critical, the real challenge lies in remediation. Security, we believe, must be a shared responsibility across all stages of the Software Development Life Cycle (SDLC), not just the domain of specialized teams. Raising awareness about these seemingly minor lapses is essential for mitigating supply chain risks.

In this special year-end edition of the WatchTower Digest, we discuss the threats we observed and investigated in 2023, and look ahead to the 2024 threat landscape. Our findings are based on SentinelOne’s Singularity telemetry across tens of millions of endpoints, operating across a diverse number of industries and global geographies.

In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100% . In other words, your email security solutions aren’t stopping the threats you think they are. Security threats are real, they continue to grow, and they are likely to penetrate an organization through email . Organizations simply cannot settle for ‘Good Enough’ email security and sole reliance on a SEG is not enough . As we all know, it only takes one breach to damage a company’s financial status, brand reputation, and/or relationship with its employees and customers.

Our sixth annual retrospective, this report is based on in-depth analysis of nearly 60,000 threats detected across our more than 1,000 customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications over the past year. This report provides you with a comprehensive view of this threat landscape, including new twists on existing adversary techniques, and the trends that our team has observed as adversaries continue to organize, commoditize, and ratchet up their cybercrime operations.

The goal of this report is to help security professionals remain at the forefront of securing organizations, as its content is based on real-world techniques employed by attackers to target cloud-based environments. As commercial adoption of cloud technologies continues, cloud-focused malware campaigns have increased in sophistication and number – a collective effort to safeguard both large enterprises and small businesses alike is key.

In this report, we shed light on these vulnerabilities and how they impact commercial and federal organizations today. We provide insights from a survey of IT security and data science leaders navigating these challenges. We share predictions driven by data from HiddenLayer’s experiences securing AI in enterprise environments. Lastly, we reveal cutting-edge advancements in security controls for AI in all its forms.

This report sets itself apart with our proprietary data and insights derived from comprehensive detection coverage coupled with human-led expert investigation and confirmation of threats. The data that powers Deepwatch results from thousands of expert investigations across hundreds of thousands of protected systems. This report examines the broader landscape of threats that leverage techniques and other tradecraft. We also track specific threats associating malicious or suspicious activity with a new or existing threat activity cluster, specific malware variants, abuse of legitimate tools, and known threat actors. ATI continually tracks and analyzes threats throughout the year, publishing weekly threat intelligence reports.

In this year’s Annual Cyber Threat Monitor Report, we take a look back at the key events that shaped the cyber threat landscape in 2023, as well as looking ahead at the year to come, sharing insights from our Cyber Threat Intelligence team here at NCC Group. 2023 showed signs that the international community is beginning to take the threats from cyber adversaries more seriously. We saw several examples of coordinated law enforcement action against criminal groups, including key ransomware operators and individuals believed to be acting on behalf of foreign intelligence services.

Today’s cyber landscape is threatened by a multitude of malicious actors who have the tools to conduct large-scale fraud schemes, hold our money and data for ransom, and endanger our national security. Profit-driven cybercriminals and nation-state adversaries alike have the capability to paralyze entire school systems, police departments, healthcare facilities, and individual private sector entities. The FBI continues to combat this evolving cyber threat. Our strategy focuses on building strong partnerships with the private sector; removing threats from US networks; pulling back the cloak of anonymity many of these actors hide behind; and hitting cybercriminals where it hurts: their wallets, including their virtual wallets.

In year 2023, FortiGuard Labs blocked 2.4 trillion vulnerability attempts and 3 billion malware deliveries to protect its customers from cyber threats. FortiGuard Labs escalated the significant threats through the Outbreak Alert system to raise awareness. These outbreaks highlighted the various targeted and 0-day attacks, weaponized vulnerabilities, malware/ ransomware campaigns, and OT/IoT threats launched last year.

Cryptocurrency usage is growing faster than ever before. Across all cryptocurrencies tracked by Chainalysis, total transaction volume grew to $15.8 trillion in 2021, up 567% from 2020’s totals. Given that roaring adoption, it’s no surprise that more cybercriminals are using cryptocurrency. But the fact that the increase in illicit transaction volume was just 79% — nearly an order of magnitude lower than overall adoption — might be the biggest surprise of all.

2023 was a year of recovery for cryptocurrency, as the industry rebounded from the scandals, blowups, and price declines of 2022. With crypto assets rebounding and market activity growing over the course of 2023, many believe that crypto winter is ending, and a new growth phase may soon be upon us. As always, we have to caveat by saying that these figures are lower bound estimates based on inflows to the illicit addresses we’ve identified today.

This research aims to equip cloud security professionals, DevOps, DevSecOps, CISOs, and development leaders with valuable insights and practical recommendations for safeguarding their cloud environments, and in doing so, help to secure the cloud for everyone. In some ways, our study confirmed what is already widely known: attackers are constantly scanning the Internet for lucrative opportunities.

This report was compiled by analyzing data captured from billions of cloud assets on AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud scanned by the Orca Cloud Security Platform. Leveraging unique insights into current and emerging cloud risks captured from the Orca Cloud Security Platform, this report reveals the most commonly found, yet dangerous, cloud security risks.