F5’s third annual report, partnering with Webroot and the F5 SOC, on phishing and fraud trends.

Discusses systemic cyber risk, catastrophic losses, and the implications upon cyber insurance policies.

In this report, we explore the state of OT security from the perspective of IT security practitioners, and provide practical recommendations on how to bridge the IT and OT cybersecurity gap. This report also examines the to OT security.

FireEye Threat Intelligence assesses with high confidence that APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control. Activity traces back to 2012 when individual members of APT41 conducted primarily financially motivated operations focused on the video game industry before expanding into likely statesponsored activity. This is remarkable because explicit financially motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests these two motivations were balanced concurrently from 2014 onward.

With this common understanding in mind, we have taken a comprehensive look at previously disclosed activity that can now be attributed to the GRU. Numerous governments, security firms, researchers, reporters, academics, and victims have released reports detailing different facets of the GRU’s activities. Our review identified more than 200 cyber incidents, spanning 15 years (2004–2019), targeting governments, the private sector, and members of civil society. These operations have discovered and disclosed secrets, defamed people, disinformed populations, and destroyed or disrupted computerized systems.

The number of companies purchasing cyber insurance continued to increase in 2019, driven by growing recognition of cyber threats as a critical business risk and appreciation for cyber insurance’s role in mitigating its economic impact.

This report encourages market participants to review their practices, policies and procedures with respect to cybersecurity and operational resiliency. It states that assessing your level of preparedness and implementing some or all of the above measures will make your organization more secure. OCIE will continue to focus on working with organizations to identify and address cybersecurity risks and encourages market participants to actively engage regulators and law enforcement in this effort.

In our 3rd annual Global Password Security Report, we strive to share interestingand helpful insights into employee password behavior at businesses around theworld. We want to help IT and security professionals understand the greatestobstacles employees face when it comes to passwords, learn how to addresschallenges of managing and securing data in today’s digital workplace and enablethem to see how their businesses’ password security practices measure up. Thisyear, we’re bringing even more data points to the table.

Ponemon Institute is pleased to present the findings of the 2020 Cost of Insider Threats: Global study. Sponsored by ObserveIT and IBM, this is the third benchmark study conducted to understand the direct and indirect costs that result from insider threats.

Ponemon Institute is pleased to present the findings on the economics of today’s Security Operations Centers (SOC). Sponsored by Respond Software, Ponemon Institute surveyed 637 IT and IT security practitioners in organizations that have a SOC and are knowledgeable about cybersecurity practices in their organizations. Respondents supervise or are responsible for such activities as information security, threat detection and remediation and security operations management and more.

The insights presented in this report will help guide your supply chainmonitoring and risk mitigation strategy, enable better informed decision-making processes, and aid the formulationof responses that create more resilient and sustainablebusiness operations.

If there’s one thing this year’s Global Threat Report really brings home, it’s that there’s never been a better time to get involved in cybersecurity. The stakes are high, and rising every day. Those that read and share this report are helping to educate themselves and others to better protect themselves and their communities, both at work and at home.

A survey-based report with findings in four major areas: current security posture, perceptions and concerns, current and future investments, and practices and strategies.

This report by Cisco contains 20 predictions for the future of cybersecurity.

FireEye has been detecting and responding to cyber attacks every day for over 15 years. The release of M-Trends® 2020 marks 11 years of providing the cyber security community with insights gained from the frontlines of those attacks.

This is the 6th annual SOTI from Akamai. The Key findings are: • Between November 2017 and October 2019, more than 40% of the unique DDoS targets were in the financial services industry • Traditional logins (username and password) still account for the majority (74%) of access methods to applications and services • From May to October 2019, credential stuffing attacks targeting the financial services industry have targeted APIs, often accounting for 75% or more of the total login attacks against financial services

This report - compiled from the engagements performed throughout 2019 in customer environments by our threat hunting, penetration testing, incident response, tabletop exercise, and assessments teams

This report anticipates activity targeting and affecting ICS to increase into 2020 and further. It expects to see more adversaries expand their focus to additional criticalinfrastructure and industrial environments, which willlikely align with activity associated with military orgeopolitical conflict. Although defenders continue to gaininsight through OT-specific detection and monitoringplatforms, it is imperative people continue to improvevisibility into activities and threats impacting criticalinfrastructure.

In this, our launch issue of CyberTheory, we will explore the current and future state of cybersecurity, the key issues driving the shift in the corporate board room perception of cyber-risk and add substantive analysis to what we believe are the most engaging topics in the space.

The 2019 Dark Reading State of IT Operations and Security Operations survey uncovered some important developments in the way enterprises are managing security in the data center – and in the boardroom. Here are some key takeaways: • 57% of respondents said IT and security staff communicate well, up from 47% last year. • 20% of organizations involve the security team at the start of every major IT project. • 69% of respondents say that the security team holds primary responsibility for compliance and privacy; this figure rose significantly – more than 12% – from our 2018 survey. • 90% of organizations expect the security team to take charge of developing and setting security policy. • 80% said the IT operations team is primarily responsible for patch management. • 20% of organizations have a distinct security department that operates separately from the IT team. • 18% of organizations have a fully-staffed security function. • 37% said the security operations team is most likely to be the first to detect and alert others about security incidents in the organization.

Gemalto outlines changes to threats in 2017, including data from incidents in the year.