Our international survey explored the experience of ransomware attacks on organizations over the last 12 months. The findings show that almost three-quarters (73%) of respondents report being hit with at least one successful ransomware attack in 2022 — and 38% say they were hit twice or more.

The basis of this report is the Zscaler ThreatLabz research team’s analysis of nearly 6 billion data loss policy violations from November 2021 through July 2022. We’ll look at what and how enterprise data is being shared, where it’s going, which malicious actors are targeting it, and how you can improve your datasharing hygiene so as to mitigate risk without stifling productivity.

This report will help you recognize the social engineering tactics and sophisticated coding used in phishing attacks, so you can prevent costly data breaches. Read on for an in-depth look at the latest phishing trends and observations the ThreatLabz team collected throughout the past year, and get best practices for safeguarding your organization against ever-evolving phishing techniques.

The industrial cyber threat landscape is constantly changing with new adversaries, vulnerabilities, and attacks that put operations and safety at risk. The 6th annual Dragos Year in Review summarizes what you need to know about your threats and benchmark your OT cybersecurity posture.

Dragos is excited to present the fifth year of the annual Dragos Year In Review report on Industrial Control System (ICS)/Operational Technology (OT) cyber threats, vulnerabilities, assessments, and incident response observations. This report captures how a portion of the industrial community is performing and progressing, and highlights the areas that need improvement to provide safe, reliable operations into 2022 and beyond.

This report, based on VMware’s experience with a diverse customer base, offers a comprehensive look at Linux-based malware threats to multi-cloud environments. It highlights the unique characteristics of this class of threats and provides guidance on how combining endpoint detection and response (EDR) and network detection and response (NDR) solutions can help organizations stay ahead of the threats Linux-based malware poses.

This research was conducted to understand the challenges and issues facing businesses in the United States (U.S.) when it comes to escalating cyberattacks. It identifies trends in hacking and malicious attacks, and the financial and repetitional impact breaches had in what has been an unprecedented year. It examines U.S. organizations’ plans for securing new technology, adopting a cloud-first security strategy, and dealing with the complexity of the current cybersecurity management environment.

The global cyber threat landscape has escalated. In this, our third Global Threat Report, we find that attack frequency has reached unprecedented levels; 90% of security professionals said the volume of attacks they faced has increased. Attackers are employing a more diverse range of tactics and techniques than ever before as they bid to extort, disrupt and infiltrate organizations.

FortiGuard Labs experts leverage Fortinet’s large global footprint to continually monitor the threat landscape and the major geopolitical events that influence it. This report presents findings and insights from six months of intense research, with recommendations for leaders and practitioners to better prepare and protect your organization.

In this threat intelligence spotlight report, eSentire’s Threat Response Unit (TRU) provides a threat analysis of the most common cyber threat detected across our global legal customer base.

In this year’s survey, more than 80% of respondents say they are “very” or “extremely” concerned about the threat of ransomware, yet a similar number (78%) of organizations surveyed also believe they are “very” or “extremely” prepared to thwart a breach. Despite those concerns and feelings of preparedness, half of the organizations surveyed still fell victim to ransomware last year.

This report is based on our research and experience from the past year in securing enterprise cloud environments. We chose to focus on novel, notable, and high-impact risks that we believe you should be familiar with and include in your cloud security strategy for 2022.

The report is based on threat intelligence observations from the Threat Analysis Group (TAG), Google Cloud Threat Intelligence for Chronicle, Trust and Safety, and other internal teams. It provides actionable intelligence that enables organizations to ensure their cloud environments are best protected against ever evolving threats. In this and future threat intelligence reports, Google will provide threat horizon scanning, trend tracking, and Early Warning announcements about emerging threats requiring immediate action.

This report describes threat phenomena, trends, and recommendations we believe will help organizations prepare for the future. Elastic discloses malware research, attack patterns, and clusters of malicious activity to the community -summarized in this inaugural report. Throughout this report, we observe that financially motivated threats are the most active, and the groups responsible for them are acting with increasing speed.

This report aims to demonstrate the state of full stack security based on thousands of full stack assessments globally, delivered by the Edgescan SaaS during 2019. This report is still a joy to do as it gives decent insight into what’s going on from a trends and statistics perspective and overall state of cyber security. This report provides a glimpse of a global snapshot across dozens of industry verticals how to prioritize on what is important, as not all vulnerabilities are equal.

The Edgescan report has become a reliable source for truly representing the global state of cyber security vulnerability management. This is becoming more evident as our unique dataset is now also part of other annual security analysis reports, such as the Verizon DBIR (we are happy contributors for many years now). This year we examined vulnerability metrics from a known vulnerability (CVE), Malware, Ransomware and visibility standpoint (exposed services), coupling both internal and public Internet-facing systems. We also take a look at how quick we are fixing various vulnerabilities based on risk.

The findings in this 2023 cybersecurity skills gap report clearly show that organizations are fighting an uphill battle against cyberthreat— incurring more breaches, in need of skilled professionals, and continuing to struggle to fill key positions.

Constella’s threat intelligence team continuously collects identity records from data breaches and leakages found in open sources, on the surface, social, deep, and dark web, to track data related company breaches and the specific personally identifiable information (PII) exposed that represents a risk to organizations and their employees and customers. In this report, we detail the implications of the proliferation of info stealers and botnet malware and what these threats mean for the security of consumers and companies.

The Fast and the Frivolous uses a massive dataset from SecurityScorecard that spans 1.6 million organizations. We analyze billions of internet-exposed assets to measure the speed of vulnerability remediation over a three-year period. In this report, you’ll find some of the lessons we learned.

For this report, Securonix partnered with the Cyentia Institute to analyze a dataset of more than 54 billion events fed into more than 154k policies generating an average of more than 750k violations per hour. The goal? To quantify our assumptions and findings in a way that can help organizations calibrate what’s going on in their own environments.

It’s a horror story that many organizations are familiar with - an employee clicks a link or visits a website, and chaos ensues. At best, it’s just a minor disruption. At worst, business continuity is broken, and an organization’s critical infrastructure is at risk. Regardless of the outcome, managing human risk is a major part of business today. In this report, we dive into what makes workers high risk, where those high risk users spend their time, what are their riskiest behaviors, and what that might mean for your organization’s security.