This paper discusses the top five Cybersecurity Technology Buying Trends.

In April-May 2019, ESI ThoughtLab surveyed 467 firms to gain insights into their latest cybersecurity perspectives, plans, and practices. With limited budgets, and cyber risks mushrooming, it is paramount that organizations understand the ROI of cybersecurity so that they invest in those efforts that will result in the optimal outcome.

From the report, “ONE OF THE most important priorities of a state chief information officer (CIO) is to reduce risk to their state. Cybersecurity and reducing cyber risk, specifically, is top of mind for every state CIO and many factors contribute to this. For example, it is unknown how many cyberattacks have been attempted on state government collectively, but one state estimates that two years ago there were 150 million attacks a day, while today there is an average of 300 million attacks per day. The same state has seen as many as 800 to 900 million in one day. "

This paper discusses all of the consequences for GDPR non-compliance.

This report discusses the problems with passwords, “The problem is that passwords, 2FA and legacy multi-factor authentication solutions have one thing in common – they rely on shared secrets. That means that a user has a secret, and a centralized authority holds the same secret. When authenticating, those two secrets are compared to approve user access. If a malicious 3rd party intercepts the secret, they can impersonate the user. The bad news is that this reliance on shared secrets has kept large populations of users vulnerable to phishing, credential stuffing attacks, and password reuse while contributing to the steep rise in Account Take Over (ATO). The good news? The Digital Identity landscape is about to change very quickly.”

This e-Book offers insights into Commercial Firewalls. It explains what Firewalls are for, and they do, while also providing advice for how to use firewalls in a commercial setting.

State of Cybersecurity 2019 reports the results of the annual ISACA® global State of Cybersecurity Survey, conducted in November 2018. This second of two reports focuses on current trends in cybersecurity attack vectors and response methodologies, organizational governance and program management.

This installment of State of the Internet / Security examines credential stuffing and web application attack trends over the last 17 months, with a focus on the gaming industry. One reason gaming is so lucrative is the trend of adding easily commoditized items for gamers to consume, such as cosmetic enhancements, special weapons, or other related items. Gamers are also a niche demographic known for spending money, so their financial status makes them tempting targets. We began collecting credential abuse data at the beginning of November 2017 and chose to use the same period with our application attack data to make direct comparisons between plots easier for readers.

Now in its fifth year, Sonatype’s annual State of the Software Supply Chain Report examines the rapidly expanding supply and continued exponential growth in consumption of open source components. Their research also reveals best practices exhibited by exemplary open source software projects and exemplary commercial application development teams.

This report provides insights culled from a year of security data analysis and hands-on lessons learned. Data analyzed includes the 6.5 trillion threat signals that go through the Microsoft cloud every day and the research and realworld experiences from our thousands of security researchers and responders around the world. In 2018, attackers used a variety of dirty tricks, both new (coin mining) and old (phishing), in their ongoing quest to steal data and resources from customers and organizations. Hybrid attacks, like the Ursnif campaign, blended social and technical approaches. As defenders got smarter against ransomware, a loud and disruptive form of attack, criminals pivoted to the more “stealth”, but still profitable, coin-miners.

Since 2017, risk experts have consistently ranked large-scale cyber attacks and data fraud among the top five mostly likely risks around the world. Despite growing anxieties about cyber threats, cyber resilience strategies and investments continue to lag. Globally, the time taken to discover a data breach has considerably lowered since 2017, but organizations in the Asia-Pacific region took four months longer than the global median. Internet users are growing 10 times faster than global population, exponentially increasing the surface area of attack. For example, in 2018, the total cost of cyber crimes grew by a third compared to 2016, to $600 billion, but investments in cyber security only increased 10 percent over the same period.

The Irdeto Global Connected Industries Cybersecurity Survey polled 700 security decision makers across Connected Health, Connected Transport and Connected Manufacturing plus IT and technology* (who manufacture IoT devices) industries about cyberattacks targeting their organization, concerns about the types of attacks that could target their organization, security measures currently in place and much more. The research surveyed both manufacturers and users of IoT devices in five countries – China, Germany, Japan, the UK and the US. The research was fielded online by Vanson Bourne from March – April 2019.

Risk IQ offers a glimpse into the multiple attacks on IT infrastructure organizations like Wipro and several others. This report is an analysis of those campaigns, their operators, and their targets.

This study was designed to examine the growing concern of cyber risks and the importance of cyber assessment during mergers and acquisitions (M&A) and determine how well companies are prepared to deal with cyber risk during M&A from the perspective of IT Decision Makers (ITDMs) and Business Decision Makers (BDMs). Are key decision makers concerned about cyber during an acquisition? What factors are considered as part of the due diligence and evaluation process before, during and after acquisition? Do cyber incidents lead to delays in acquisition? What does cyber risk mean for companies looking to acquire? How can they best protect themselves during this important process to minimize risk and protect their companies? This report explores these questions and others, and provides recommendations for effectively managing cybersecurity risks during an acquisition.

From the report, “How do we actually “play the hacker”? We do this by deploying simulators that play the role of a “virtual hacker” across endpoints, network and cloud, and execute breach methods from our hacker’s playbook. Our findings are incorporated in this report, and analyzed by SafeBreach Labs, with the hope that security teams can glean some interesting insights into the things not to do in their environment.”

20 Leading CISO’s from the healthcare industry offer their perspective on evolving cyberattacks, ransomware & the biggest concerns to their organizations.

This report outlines the findings from extensive primary research analyzing more than six million enterprise devices over a one year period. Our analysis led to a stunning discovery: much of endpoint security spend is voided because tools and agents fail, reliably and predictably. The clear conclusion is that increasing security spending does not increase safety. In fact, every additional security tool only increases the probability of failure and decay. The data in this report provides evidence that merely investing in more endpoint security tools is ineffective, and a new approach is needed. To secure the endpoint, the security tools already in place must be made resilient.

Aon is supporting its global clients to respond to political risks and security challenges by using the analysis derived from the maps to inform the creation of a more robust risk management programme. We hope this year’s maps provide you with the insights that you need to better protect your business, and should you need to discuss any aspects of your insurance coverage – or how these risks affect your exposure – please contact the team.

Cloud is the center of IT and increasingly, the foundation for cyber security. Understanding how threat vectors are shifting in cloud is fundamental to making the necessary updates to your security program and strategy. Symantec’s CSTR shines a light on how to secure the digitally transformed, virtual organization of today and tomorrow.

This report examines a wide range of cyberattack detections and trends from a sample of 354 Vectra customers with more than 3 million devices and workloads per month from nine different industries. This report takes a multidisciplinary approach that spans all strategic phases of the attack lifecycle.

This report promises to allow you to use the vast insights and hard data contained in the report to help bolster your security posture and better understand the nature of the threats we face today.