The 2023 Board Perspective report shines a light on how boards are managing this evolving landscape. Our annual survey reveals the beliefs, experiences and insights of 650 board members across the globe. We analyzed their responses to get a boardroom perspective of the threat landscape, the role of the CISO and the broader world of cybersecurity. We also compared the results with CISOs surveyed in our 2023 Voice of the CISO report. Pairing the surveys helps provide a more complete picture of where CISOs and their boards are on the same page—and opportunities for better alignment.

In 1H 2023, we observed significant activity among advanced persistent threat (APT) groups, a rise in ransomware frequency and complexity, increased botnet activity, a shift in MITRE ATT&CK techniques used by attackers, and more. As we examine activity in the first half of 2023, we see cybercrime organizations and nation-state cyber-offensive groups swiftly adopting new technologies. Notably, some of these actors operate much like traditional enterprises, complete with well-defined responsibilities, deliverables, and objectives.

In the first half of 2023, Forescout Vedere Labs has published numerous blog posts and reports sharing analyses of prominent vulnerabilities, threat actors and malware. In this report, we look back at the research we published in the period of January 1 to July 31, 2023 (2023 H1) as well as other important events and data that we have not covered in the same period to emphasize the evolution of the threat landscape.

This 2023 Ransomware Report presents insights gathered from a survey of 435 cybersecurity professionals, shedding light on organizations’ preparedness and approaches to combating ransomware. The report identifies gaps and obstacles that hinder robust security posture, and outlines strategies for prevention and remediation of ransomware attacks.

As the third annual study of Data Protection Trends, this year’s survey was designed to quantify the shifts in overall concerns/goals and strategies for data protection, as well as gain an understanding of the current market landscape on data protection, disaster recovery, cybersecurity/ransomware and containers.

The survey asked about the impact that ransomware had on their environments, as well as what their IT strategies and data protection initiatives are moving forward. While analysts forecasted growth in overall IT spending for 2023 between 4.5%** by IDC and 5.4%*** by Gartner, respondents in this survey expect their cyber security (preventative) budgets to grow by 5.6% and their data protection (remediation) budgets to grow by 5.5% in 2023.

This is the second annual survey of organizations who suffered cyberattacks with a key focus to compare the viewpoints of four different roles that are involved in cyber-preparedness and/ or mitigation: Security professionals, CISO or other IT executives, IT Operations generalists and backup administrators.

Axio researchers analyzed updated data from the Axio360 Ransomware Preparedness Assessment tool to prepare the 2022 State of Ransomware Preparedness report (2022 Study). The Ransomware Preparedness Assessment is informed by input from hundreds of ransomware events, guidance from the U.S. Department of Homeland Security, and Axio’s own research. Organizations across multiple critical infrastructure sectors have used the tool to determine the strength of their ransomware practices and controls, to identify gaps, and to prioritize improvements.

In the first half of 2023, Arete observed several distinct trends and shifts in the cyber threat landscape. Leveraging the data collected during each incident response engagement, we can see the rise and fall of ransomware variants, notable trends in ransom demands and payments, industries targeted by ransomware attacks, and what may be coming next. The threat landscape continues to evolve with the widespread introduction of AI tools, lower barriers of entry into cybercrime, new vulnerabilities, and the socioeconomic effects of the Russia-Ukraine war.

In this report, Halcyon demonstrates a unique method for identifying C2P entities that can potentially be used to forecast the precursors of ransomware campaigns and other attacks significantly “left of boom.” The ransomware economy is supported by a number of illicit groups that each provide one small piece of the puzzle that is cybercrime. From initial access brokers (IABs) to crypto money launderers, the criminal ecosystem that has sprung up around ransomware is vast.

In this latest State of the Internet/Security (SOTI) report, we examine various attack types that commerce organizations and their customers face. We explore our multitude of datasets in areas such as web applications, bots, phishing, and usage of third-party scripts, to get a “pulse” of what’s happening in this sector and help cybersecurity leaders and practitioners understand some of the threat trends impacting the commerce industry. Akamai sees an enormous number of attacks across all our security tools, so we can share the shifts we see in malware attacks, customer impacts, regulatory requirements, and emerging threats.

We lay out the ransomware landscape in this State of the Internet (SOTI) report by exploring some of the most effective attack techniques and tools that ransomware groups are utilizing to achieve initial access through exfiltration. We also provide an extensive list of safeguarding techniques and recommendations. It is crucial that both industries and individuals protect themselves from the new wave of ransomware attacks, and this report will help provide insights for better defense and risk management of this growing concern.

This latest installment of the Prioritization to Prediction research series, created by the Cyentia Institute and sponsored by Cisco (formerly commissioned by Kenna Security), does just that: It explores the KEV and gives some context to what it means (and doesn’t mean) for other organizations. Moreover, we demonstrate how the KEV can fit into any risk-based vulnerability management program. In fact, here are some key findings, but you’ll really want to read the whole report to get the good stuff.

In this report, we dive into measuring engagement, along with the most popular content types, and a roundup of the events that resonated most with audiences, offering key marketing takeaways on everything from intent topics to what has generated the most engagement through Q3 2022. We have also highlighted the brands generating the most engagement from their content marketing efforts. And we factor in how newsworthy cybersecurity events impact audience engagement, and content preferences.

Adaptive Shield commissioned CSA to develop a survey and report to better understand the industry’s knowledge, attitudes, and opinions regarding SaaS application use, SaaS security policies and processes, SaaS threats, and SaaS security strategy/solutions. Adaptive Shield financed the project and co-developed the questionnaire with CSA research analysts. The survey was conducted online by CSA in March of 2023 and received 1130 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.

This paper aims to provide a high-level overview of the implications of ChatGPT in the cybersecurity industry, without delving into the granular details of artificial intelligence. We will explore the key concepts and domains that are crucial for understanding ChatGPT’s capabilities, as well as the potential impact on businesses.

This report has been put together using CISA’s KEV Catalog and the month-on-month analysis that CSW’s researchers have delivered to our customers for the past year. Our researchers used the NVD, MITRE, and other repositories to map each vulnerability to Tactics, Techniques, and Procedures (TTPs) to understand the actual risk posed by these vulnerabilities. We cross-referenced the KEVs with our ransomware and threat groups’ database maintained in Securin Vulnerability Intelligence (VI) to provide additional threat context to the KEV Catalog. We have also used our proprietary threat intelligence platform (Securin VI) to predict and recommend vulnerabilities that need to be a part of the KEV Catalog.

At HPE, we believe that our individual and collective success lies in our ability to share learnings, ideas and opportunities. When it comes to securing our respective organizations, we’ve all plagued by the same challenges: a global cybersecurity skills shortage, an expanding attack surface, distributed data, and increasing demands from transparency from stakeholders. This report showcases some of the work we’ve done on that front during 2022 and some predictions for 2023.

In our Security Report, we discuss a few more trends observed by cp throughout the year. The Russia-Ukraine war demonstrated how the traditional, kinetic, war can be augmented by a cybernetic war. It has also influenced the broader threat landscape in the rapid changes of hacktivism and how independent threat actors choose to work for state-affiliated missions.

ESG conducted an in-depth survey of 255 cybersecurity and IT/information security professionals familiar with their organization’s network security tools and processes and responsible for evaluating, purchasing, and/or operating corporate network security controls across public cloud infrastructure and on-premises data centers/private cloud. Survey participants represented mid-market (500 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America (United States and Canada).

The Zimperium 2023 Global Mobile Threat Report examines the trends that shaped the mobile security landscape over the last year and analyzes research from Zimperium’s zLabs team, as well as third-party industry data, partner insights, and observations from leading industry experts. The findings in this report will help security teams evaluate their mobile security environment and improve defenses to ensure a mobile-first security strategy.