From the Report, “Cybersecurity carries a certain mystique. This comes from a combination of people not being “tech savvy,” sensationalized or incorrect headlines (“Guests Locked in Their Hotel Rooms by Ransomware”), superficial advice from so-called experts and technology-driven cure-alls. The reality is that if you focus on the basics, you will be better positioned to be “Compromise Ready.” Like other material risks companies face, cybersecurity readiness requires an enterprise wide approach tailored to the culture and industry of the company. There is no one-size-fits-all solution.”

This paper discusses the issues that are caused by, “technology innovation and spearheaded by a generation that expects a seamless customer experience, the financial services landscape is undergoing fundamental change, which will no doubt influence the industry’s future cyber security considerations.”

How do you ensure secure and compliant access to cloud services without losing the agility and cost benefits that these services provide? This report gives you an overview of the market for Cloud Access Security Brokers and a compass to help you to find the product that you need.

Security in an era of next-generation technologies, expanding digital footprints, and widely dispersed user bases requires a comprehensive hybrid approach, delivered through privileged access management (PAM).

This blog post takes a look at a specific Chinese threat that is impacting Engineering and Maritime corporations.

This Threat Report takes a look at some of the events of late 2017. Specifically, it looks at self-propagating malware, a specific Microsoft Office vuln, and multiple espionage campaigns that target energy utility companies.

The 2015 Internet Crime Report highlights the IC3’s efforts over the past year, specifically focusing on their efforts regarding Business Email Compromise (BEC) and Email Account Compromise (EAC) scams and the Operation Wellspring Initiative (OWS).

This report provides an analysis of threats in 2016, and the necessary steps to protect your business from those threats.

This report is based on a study done in 2017 to analyze security issues in CakePHP.

A breakdown of the data, and types of, cyber attacks that occurred in the first quarter of 2015.

In this report, they review the state of cyber attribution and they consider alternative mechanisms for producing standardized and transparent attribution that may overcome concerns about credibility. In particular, this exploratory work considers the value of an indepen- dent, global organization whose mission consists of investigating and publicly attributing major cyber attacks.

This paper outlines five major components of a life-cycle approach to defense and how companies can adopt this model to maximize security in the current threat landscape.

In this issue, Mandiant presents their popular annual breach statistics, discuss three new trends that they have noticed, explore more in depth “Trends Turned Constants”, and include two additional articles to help support their interpretation of the numbers they present. The articles address the [re]Rise of Red Teaming operations, and how their FireEye as a Service (FaaS) service line is keeping companies safer and reducing the standard number of days compromised.

This Threat Report takes a look at some of the events of mid 2017. Specifically, it looks at the global WannaCry and Petya Threats, attacks that bypass filtering, a Chinese threat group, and threat actors stealing intellectual property from Japan.

This report is an overwhelmingly large list and description of security breaches. It details type of industry impacted, type of attack, and types of information compromised.

This paper discusses the issues and challenges involved in maintaining good cybersecurity in the field of aviation.

This paper posits that, “A re-classification of vulnerability rules and their respective attack chains derived through log analysis alerts may now be modified and adjusted through big data processing. Analysis and presentation of attack chain data should be supplied to customers and should cover each stage of a compromised asset or attack.”

This paper is designed to help you put together your organization’s network security policy.

In this technical whitepaper they explain why there’s no single silver bullet answer to SQL injection.

This Threat Report takes a look at some of the events of spring 2017. Specifically, it looks at criminal campaigns that leveraged exploits exposed by the Shadow Brokers, threat groups that used social media profiles, a threat group that attacked supply chains of large corporations, quickly evicting threat actors from a compromised environment.