The first edition of the “State of Cybersecurity report” was well received by customers, industry analysts and cybersecurity professionals. The 2018 edition of the Report maintains the same unique structure to build on the first edition’s ethos and bring in new viewpoints and findings. The rest of this section is reproduced from last year’s report for the benefit of first-time readers.

This report analyzes the data submitted by 1,718 security awareness professionals from around the world to identify and benchmark how organizations are managing their human cyber security risk. The analysis includes how factors such as security awareness program maturity, funding, and staffing combine to make successful programs.

“For a long time now, SOSS has provided a reliable yardstick for the most common vulnerabilities found in software, as well as how organizations are measuring up to security industry benchmarks throughout the software development lifecycle (SDLC). One thing we’ve always wanted to understand better, though, is how quickly these organizations are actually fixing flaws once they’ve been identified in application security scans. This year, we turned our data analysis up a notch by working with the data scientists at Cyentia Institute, so that we could gain better visibility into the factors that go into fixing flaws. Readers will find valuable insight on how factors like flaw severity, business criticality of applications, and exploitability of the flaws change the rate at which certain vulnerabilities are fixed.”

“In last year’s report, we sought to break down walls of misunderstanding between cybersecurity leaders and corporate directors. We continue chipping away at those walls this year, but expand the scope of our research to include a broader set of stakeholders and topics relevant to our increasingly important goal.”

This report is based on a survey, that is intended to provide a community perspective on what security operations centers (SOCs) look like within organizations across the globe, as well as data and guidance to enable organizations to build, manage, maintain and mature effective and efficient SOCs.

With unique and specialized analysis, this paper discusses Nigerian cyber crime actors, their growth, collaboration, and the direction they are headed.

This report is based on a survey that revealed new data that companies are struggling to keep up with the demands of their security needs due lack of resources, both on the security tools sid and personnel side.

This eBook gives a detailed breakdown of the current state of the Kubernetes Ecosystem.

This report concludes that, security operations is fraught with people, process, and technology challenges, that improvement is a high priority, organizations are embracing security orchestration, and orchestration is becoming a centralized platform.

In early 2016, Hexadite commissioned the Enterprise Strategy Group (ESG) to complete a study of 100 IT and cybersecurity professionals with knowledge of or responsibility for incident response (IR) processes and technologies at their organizations. This research project was intended to assess the current practices and challenges associated with incident response processes and technologies. Furthermore, respondents were asked about their future strategic plans intended to improve the efficacy and efficiency of IR activities. This paper presents the details of those findings.

This report seeks to discuss the issues related to archaic communication devices in the hospital setting. It hopes to provide assistance for the security issues related to updating communication systems.

There is already a wealth of research that highlights the unending growth in security alerts, a widening security skills gap, and the ensuing fatigue that is heaped upon understaffed security teams. Demisto conducted a large study to delve deeper into these issues, their manifestations, and possible solutions. Their results yielded fascinating insights into the state of cybersecurity in businesses of all sizes.

This report, based on responses from nearly 200 IT and security practitioners surveyed, explores the current state of vulnerability risk management, the challenges that directly impact the remediation process, and the outlook for improvement in the coming year. In addition, compliance drivers and executive awareness of information security threats are considered to demonstrate their influence on effective vulnerability risk management.

This report discusses the Security Operations Center and how it is being architected in organizations with some consensus on what should be done. The paper details the issues and problems that need to be resolved as this area of expertise continues to grow.

This is an infographic that details things every CISO should know about Open Source Security.

In this report, 15 CISOs identified some practical steps that may help remedy some of the challenges many of organizations experience when developing and implementing an insider threat program.

This paper begins with a review of data sources available for building or improving decision models for vulnerability remediation. It then discusses the vulnerability lifecycle and examine timelines and triggers surrounding key milestones. Identifying attributes of vulnerabilities that correlate with exploitation comes next on the docket. The last section measures the outcomes of several remediation strategies and develops a model that optimizes overall effectiveness.

This report will outline benchmarks for the state of the Digital Malware problem, including the current infection rate of consumer machines, the rate of infected online sessions, causes for fluctuation, and guidance on how online businesses can protect their customer journey and win back lost revenue.

This report uniquely addresses SecOps initiatives in terms of role, team leadership, success rates, company size, vertical adoptions, and geography. It provides telling insights into technology priorities, process, and best practices and metrics for critical use cases—including integrated security/ compliance for performance and availability management, change and configuration management, and IT asset management and audits. The report also addresses how cloud, agile, digital transformation, and mobile all impact SecOps directions.

This is a good report to read if you are interested in learning how to properly, and succesfully, report risks and vulnerabilities to boardmembers and executives.

Digital transformation is a journey, not a destination. And every journey has a starting point. What you do next depends on where you begin. Use this self-assessment to find out where your company is today, then use the associated road map report in this playbook to help chart your course forward.