Risk IQ offers a glimpse into the multiple attacks on IT infrastructure organizations like Wipro and several others. This report is an analysis of those campaigns, their operators, and their targets.

This monthly report offers insights into the PDS2 regulations and news.

This monthly report offers insight into PDS2 regulations and devleopments.

This report offers monthly insights into the PSD2 regulations.

“In late 2018 and early 2019, the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) conducted its third annual research product focused on the lives and experiences of cybersecurity professionals. This year’s report is based on data from a survey of 267 cybersecurity professionals and ISSA members. Ninety percent of survey respondents resided in North America, 5% came from Europe, 3% from Central/South America, 2% from Asia, and 1% from Africa (note: Total exceeds 100% due to rounding).”

Understanding the gap in perceptions of cybersecurity between consumers and the organizations that serve them is a key theme of this report.

This report offers quantitative findings from a study of UK individuals to measure and understand awareness and attitudes towards cyber security, and related behaviors. The findings are part of a wider research project to provide insight to inform HM Government’s approach to encourage positive behavior amongst the public in protecting themselves against cyber threats.

A study on the causes and evolution of Americans’ and Canadians’ stressors relating to cybersecurity and personal data protection

This paper will also explore the root causes of poor data quality and a solution for organizations seeking data quality improvement.

This report has been produced by the 400,000 member Information Security Community on LinkedIn in partnership with Cybersecurity Insiders to explore how organizations are responding to the security threats in the cloud, and what tools and best practices IT cybersecurity leaders are considering in their move to the cloud.

Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use in the enterprise. As mobility grows in the workplace, so do challenges from managing device access to handling the most pressing concerns of mobile security. The 2018 Mobile Security Report focuses on these security challenges and offers fresh insights on the state of securing mobility, the technology choices organizations are making, and their response to the growing security risks associated with enterprise mobility.

This alert contains two recommendations directing actions Federal Emergency Management Agency (FEMA) should take to safeguard both Personally Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII) of disaster survivors and prevent additional privacy incidents similar to one we identified during our ongoing audit of FEMA’s Transitional Sheltering Assistance (TSA) program. FEMA concurred with both recommendations.

This report begins with an interesting paragraph, “Bad actors need to launder the $US 1.7 billion of cryptocurrency stolen and scammed in 2018. Furthermore, they need to get it all done before tough new global anti-money laundering (AML) and counter terror financing (CTF) regulations go into effect over the next year.” Read on to learn how this paragraph is important.

This paper demonstrates vulnerabilities that affect numerous traders. Among them are unencrypted authentication, communications, passwords, and trading data; remote DoS that leaves applications useless; trading programming languages that allow DLL imports; insecurely implemented chatbots; weak password policies; hardcoded secrets; and poor session management. In addition, many applications lack countermeasures, such as SSL certificate validation and root detection in mobile apps, privacy mode to mask sensitive values, and anti-exploitation and antireversing mitigations.

This document recommends best practices for endpoint security in industrial applications under the broader scope of industrial internet security.

The Internet of Things: A New Era of Third Party Risk was sponsored by Shared Assessments and conducted by Ponemon Institute to understand organizations’ level of awareness and preparedness for the upcoming enterprise IoT wave. We hope the research findings will help organizations address the risks associated with the proliferation of IoT devices. We surveyed 553 individuals who have a role in the risk management process and are familiar with the use of IoT devices in their organizations.

According to IDC’s 2018 Data Services for Hybrid Cloud Survey: » 65% of enterprise IT security, line-of-business IT, and data management specialists cited a medium to robust digital rights management deployment in their organization. » Organizations are struggling to secure data across multi-cloud and hybrid environments. More than 37% of survey respondents indicated that the growing complexity of security solutions is a significant challenge that often impedes data governance policy enforcement.

Ponemon Institute is pleased to present The Value of Threat Intelligence: Annual Study of North American and United Kingdom Companies, sponsored by Anomali. The purpose of this research is to examine trends in the benefits of threat intelligence and the challenges companies face when integrating threat intelligence with existing security platforms and technologies.

From the report, “Let’s face it: senior leaders at organizations across the globe are already pressed for their time and attention. Today’s changing threat landscape requires executives and managers to fundamentally rethink their approach when it comes to addressing and mitigating cyber-risk. With the growth in cloud, mobile, and IoT, combined with employee and supply chain access to critical data and intellectual property, security and privacy awareness is now front and center for executives in the fight against cyberthreats. Yet finding the time for executives to effectively educate themselves in order to prevent cyberthreats continues to be a challenge. Take a look [in the report and discover] how executives and managers across various industries compared to the general population in terms of their knowledge of cybersecurity and data privacy best practices.”

Here at Cobalt, we’ve done over 350 penetration tests to date. The information included in this report (Time to Fix, Vulnerability Types, Findings Criticality, Issues Fixed) is summary data from all of the penetration tests performed in 2017. Additionally, we provide survey data (Portfolio Coverage, Pen Test Frequency) from 75 respondents in security, management, operations, DevOps, product, and developer roles. All data has been anonymized to protect the privacy of our contributors.

To better understand what government employees know (and don’t know) about data privacy and cybersecurity awareness, we surveyed 1,016 U.S.- based employees who work for local, state, and federal government entities. We then compared the results against a broader sample of employed U.S. adults that took the same survey, the results of which we featured in our 2017 State of Privacy and Security Awareness report.