From the report, “The challenges facing security teams are, perhaps unfortunately, common knowledge by now. A constant rise in alert volume, a stark security skills gap, piecemeal processes, and siloed tools have made security operations a tough place to be. In 2018, Demisto commissioned a large study to delve deeper into these issues, their manifestations, and possible solutions. The 2019 report broadens the perspective from Security Orchestration, Automation, and Response (SOAR) to the security incident response lifecycle. Demisto commissioned a study with 552 respondents to find out specific challenges at each stage of the incident response lifecycle, how current product capabilities help overcome these challenges, and what capabilities are missing within security products today.”

From the report, “We wanted to do something different for this report. Instead of looking at a single type of attack, we stepped back to look at attacks against banks, credit unions, trading companies, and other organizations that make up financial services as a whole. Most defenders only see a very small segment of the overall traffic, whether they’re the target or the vendor supplying defensive tools. The breadth of Akamai’s products and our visibility into a significant portion of Internet traffic allows us to research multiple stages of the attack economy.”

This report seeks to explore user knowledge of a broad range of best practices for cyber hygiene, security and compliance.

The Bromium Threat Insights Report is updated on a regular basis to track notable threats and the information gleaned from them.

From the report, “BEC is a specific type of phishing email that operates without links and without attachments (two of the standard markers that perimeter defenses look for). However, instead of taking over a computer or stealing data, BEC hackers impersonate an executive (a known CEO, CFO or other CxO), and persuade the recipient (an employee) to perform some action – like wiring money or attaching information to an email. " Read on to learn more.

This paper discusses the top five Cybersecurity Technology Buying Trends.

This report offers insights into the 40 year history of spam. It discusses what this means for business, and how the new spam has surpassed the spam of 40 years ago.

This poll was conducted from April 23-24, 2019, among a national sample of 2201 U.S. Adults. The interviews were conducted online and the data were weighted to approximate a target sample of Adults based on age, race/ethnicity, gender, educational attainment, and region. Results from the full survey have a margin of error of plus or minus 2 percentage points.

This report discusses the problems with passwords, “The problem is that passwords, 2FA and legacy multi-factor authentication solutions have one thing in common – they rely on shared secrets. That means that a user has a secret, and a centralized authority holds the same secret. When authenticating, those two secrets are compared to approve user access. If a malicious 3rd party intercepts the secret, they can impersonate the user. The bad news is that this reliance on shared secrets has kept large populations of users vulnerable to phishing, credential stuffing attacks, and password reuse while contributing to the steep rise in Account Take Over (ATO). The good news? The Digital Identity landscape is about to change very quickly.”

This e-Book offers insights into Commercial Firewalls. It explains what Firewalls are for, and they do, while also providing advice for how to use firewalls in a commercial setting.

State of Cybersecurity 2019 reports the results of the annual ISACA® global State of Cybersecurity Survey, conducted in November 2018. This second of two reports focuses on current trends in cybersecurity attack vectors and response methodologies, organizational governance and program management.

This installment of State of the Internet / Security examines credential stuffing and web application attack trends over the last 17 months, with a focus on the gaming industry. One reason gaming is so lucrative is the trend of adding easily commoditized items for gamers to consume, such as cosmetic enhancements, special weapons, or other related items. Gamers are also a niche demographic known for spending money, so their financial status makes them tempting targets. We began collecting credential abuse data at the beginning of November 2017 and chose to use the same period with our application attack data to make direct comparisons between plots easier for readers.

This report is about evolution, how phishing emails and malware are in a state of constant flux. But one thing hasn’t changed: phishing is still the #1 cyber-attack vector. The vast majority of breaches begin with malicious emails or other social engineering and most malware is delivered by email.

This report provides insights culled from a year of security data analysis and hands-on lessons learned. Data analyzed includes the 6.5 trillion threat signals that go through the Microsoft cloud every day and the research and realworld experiences from our thousands of security researchers and responders around the world. In 2018, attackers used a variety of dirty tricks, both new (coin mining) and old (phishing), in their ongoing quest to steal data and resources from customers and organizations. Hybrid attacks, like the Ursnif campaign, blended social and technical approaches. As defenders got smarter against ransomware, a loud and disruptive form of attack, criminals pivoted to the more “stealth”, but still profitable, coin-miners.

Risk IQ offers a glimpse into the multiple attacks on IT infrastructure organizations like Wipro and several others. This report is an analysis of those campaigns, their operators, and their targets.

Bromium Insights Report is designed to help our customers become more aware of emerging threats and trends and to equip security teams with knowledge and tools to combat today’s attacks and anticipate evolving threats to manage their security posture.

This report promises to allow you to use the vast insights and hard data contained in the report to help bolster your security posture and better understand the nature of the threats we face today.

This report from Bromium offers insights into notable threats and events from 2019.

This report offers quantitative findings from a study of UK individuals to measure and understand awareness and attitudes towards cyber security, and related behaviors. The findings are part of a wider research project to provide insight to inform HM Government’s approach to encourage positive behavior amongst the public in protecting themselves against cyber threats.

This report presents data gathered between October–December 2018, along with previously collected data for historical comparisons. We examine which employees and organizational departments receive the most highly targeted email threats. Then we explore how they’re being attacked, analyzing attackers’ techniques and tools. Based on these findings, we recommend concrete steps organizations can take to build a defense that focuses on their people.

As with driving, not only do you get a good look at what’s behind you, but you can often spot what’s coming up quick, set to overtake you. That’s the spirit of this threat report. We’ve picked out five key stories from the last year or so, not just because they were big events, but because we think these threats, or similar ones, could very well appear in the near future.