The PSR has the unique role of measuring the strengths and weaknesses of the PCI DSS and tracking the sustainability of compliance. It also measures and tracks challenges associated with implementing and maintaining security controls required for PCI DSS compliance.

A survey based report on the attitudes and beliefs of security professionals to the challenges and opportunities in cloud security.

This is a summary of vulnerability trends observed and investigated by the eSentire Security Operations Center (SOC) in 1H 2019.

This poll was conducted from April 23-24, 2019, among a national sample of 2201 U.S. Adults. The interviews were conducted online and the data were weighted to approximate a target sample of Adults based on age, race/ethnicity, gender, educational attainment, and region. Results from the full survey have a margin of error of plus or minus 2 percentage points.

This report discusses the problems with passwords, “The problem is that passwords, 2FA and legacy multi-factor authentication solutions have one thing in common – they rely on shared secrets. That means that a user has a secret, and a centralized authority holds the same secret. When authenticating, those two secrets are compared to approve user access. If a malicious 3rd party intercepts the secret, they can impersonate the user. The bad news is that this reliance on shared secrets has kept large populations of users vulnerable to phishing, credential stuffing attacks, and password reuse while contributing to the steep rise in Account Take Over (ATO). The good news? The Digital Identity landscape is about to change very quickly.”

Positive Technologies experts regularly perform security analysis of mobile applications. This report summarizes the findings of their work performing security assessment of mobile apps for iOS and Android in 2018.

This report details the Industry Average detection efficacy of the leading MTD solutions used against malicious applications, network attacks and device vulnerabilities. During testing, the Quality of Experience (QoE) and Total Cost of Ownership (TCO) of each MTD solution was also assessed to determine the overall value of each product.

Understanding the gap in perceptions of cybersecurity between consumers and the organizations that serve them is a key theme of this report.

This report offers quantitative findings from a study of UK individuals to measure and understand awareness and attitudes towards cyber security, and related behaviors. The findings are part of a wider research project to provide insight to inform HM Government’s approach to encourage positive behavior amongst the public in protecting themselves against cyber threats.

A study on the causes and evolution of Americans’ and Canadians’ stressors relating to cybersecurity and personal data protection

As with driving, not only do you get a good look at what’s behind you, but you can often spot what’s coming up quick, set to overtake you. That’s the spirit of this threat report. We’ve picked out five key stories from the last year or so, not just because they were big events, but because we think these threats, or similar ones, could very well appear in the near future.

This paper, published in partnership with the UC Berkeley Center for Long-Term Cybersecurity, highlights research indicating that “underserved” residents in San Francisco, California— including low-income residents, seniors, and foreign language speakers—face higher-than average risks of being victims of cyber attacks. They are less likely to know whether they have even been victimized by a cyber attack, and they have lower awareness of cybersecurity risks. Partly as a result, they are less likely to access online services. This cybersecurity gap is a new “digital divide” that needs to be addressed—with urgency—by the public and private sectors alike.

Insider threats constitute a legitimate danger to enterprise security. While protecting data from malicious external actors is typically top of mind for most organizations, the fact remains that they must also defend against negligent and disgruntled insiders. To learn more about how well organizations are accomplishing this, Bitglass partnered with a leading cybersecurity community to survey IT professionals and gain unique insights about insider attacks.

This very thorough report offers insight into the future of the Mobile trends of 2019.

Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use in the enterprise. As mobility grows in the workplace, so do challenges from managing device access to handling the most pressing concerns of mobile security. The 2018 Mobile Security Report focuses on these security challenges and offers fresh insights on the state of securing mobility, the technology choices organizations are making, and their response to the growing security risks associated with enterprise mobility.

This report offers information on Mobile Phishing from data researched in 2018.

This report begins with an interesting paragraph, “Bad actors need to launder the $US 1.7 billion of cryptocurrency stolen and scammed in 2018. Furthermore, they need to get it all done before tough new global anti-money laundering (AML) and counter terror financing (CTF) regulations go into effect over the next year.” Read on to learn how this paragraph is important.

From the report, “But what exactly do we talk about when we talk “security?” That’s the question we seek to answer in this report, which has its roots in a similar question asked by an eight-year-old daughter two and a half years ago: “What’s the RSA Conference about, Daddy?” That root sprouted into a four-part blog series and a panel discussion a year later where we analyzed 25 years of session titles in honor of the 25th anniversary of RSA Conference.”

From the report, “Two years ago, the authors assessed 20 mobile applications that worked with ICS software and hardware. At that time, mobile technologies were widespread, but IoT mania was only beginning. In that paper, the authors stated, “convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS from a brand-new Android [device].” Today, the idea of putting logging, monitoring, and even supervisory/control functions in the cloud is not so farfetched. The purpose of this paper is to discuss how the landscape has evolved over the past two years and assess the security posture of SCADA systems and mobile applications in this new IoT era.”

From the Report, “In this new world, GRC has tremendous opportunity to add value. For instance, by pushing for higher standards of corporate governance and integrity, GRC can help a business strengthen its reputation, and inspire trust. By providing a clear picture of the regulatory landscape, GRC can help the business expand into new markets faster. And by providing timely risk intelligence on new digital technologies, GRC can help the business capitalize on upside opportunities. In short, the future of GRC lies in being an enabler of business growth and performance.”

From the Report, “This issue of the Rapid7 Quarterly Threat Report takes a deep dive into the threat landscape for 2018 Q4 and looks more broadly at 2018 as a whole. We provide an assessment of threat events by organization size and industry, and examine threat incident patterns identified through guidance from security specialists. We also further explore inbound activity to our honeypot network to identify trends and patterns that reveal rising new threats, such as Android Debug Bridge (ADB) activity, the persistence of old threats such as EternalBlue, and the vulnerability posed by non-novel credentials as revealed to publicly exposed systems. The report concludes with five steps you can take to bolster your organization’s security posture in 2019 and beyond, based on our findings.”