“The future of GRC will not just be about managing known risks or monitoring compliance. It will be about sustaining an organization’s social license to operate.”

This issue of the Rapid7 Quarterly Threat Report takes a deep dive into the threat landscape for 2018 Q4 and looks more broadly at 2018 as a whole. We provide an assessment of threat events by organization size and industry, and examine threat incident patterns identified through guidance from security specialists. We also further explore inbound activity to our honeypot network to identify trends and patterns that reveal rising new threats, such as Android Debug Bridge (ADB) activity, the persistence of old threats such as EternalBlue, and the vulnerability posed by non-novel credentials as revealed to publicly exposed systems. The report concludes with five steps you can take to bolster your organization’s security posture in 2019 and beyond, based on our findings.

This year’s Global Threat Report: “Adversary Tradecraft and the Importance of Speed,” addresses the quickening pace and increasing sophistication in adversary tactics, techniques and procedures (TTPs) over the past year — and in particular, highlights the critical importance of speed in staying ahead of rapidly evolving threats.

This report reveals findings around the cybersecurity landscape. To inform this report they surveyed ,3,200 security leaders asking questions in three categories, Set Up - how do you set yourself up for success, Architecture - what is your approach to vender/solution selection, and finally Breach Readiness and Response.

“Our 6th annual DevSecOps community survey, represents the voice of 5,558 IT professionals and demonstrates that DevOps practices are maturing rapidly, security is being automated earlier in the development lifecycle, and management of software supply chains is a critical differentiator. "

Phishing domains pose a significant cyber risk for major airlines. Learn how many phishing domains for major airlines there are and how to find them.

This report takes a look at the risk involved with third party cybersecurity issues.

From The Report, “What you’re reading are insights culled from a year of security data analysis and hands-on lessons learned. Data analyzed includes the 6.5 trillion threat signals that go through the Microsoft cloud every day and the research and realworld experiences from our thousands of security researchers and responders around the world. In 2018, attackers used a variety of dirty tricks, both new (coin mining) and old (phishing), in their ongoing quest to steal data and resources from customers and organizations. Hybrid attacks, like the Ursnif campaign, blended social and technical approaches. As defenders got smarter against ransomware, a loud and disruptive form of attack, criminals pivoted to the more “stealth”, but still profitable, coin-miners.”

According to IDC’s 2018 Data Services for Hybrid Cloud Survey: » 65% of enterprise IT security, line-of-business IT, and data management specialists cited a medium to robust digital rights management deployment in their organization. » Organizations are struggling to secure data across multi-cloud and hybrid environments. More than 37% of survey respondents indicated that the growing complexity of security solutions is a significant challenge that often impedes data governance policy enforcement.

This report examines emerging cyber security challenges and risks that businesses are facing as they embrace cloud services at an accelerating pace. The report provides leaders around the globe and across industries with important insights and recommendations for how they can ensure that cyber security is a critical business enabler. Cyber security leaders and practitioners can use this report to educate lines of business about the real security risks the cloud can present.

The HIMSS Media survey, Cloud Security Insights, sponsored by the Center for Connected Medicine, sought to better understand attitudes and perceptions about cloud security among hospitals and health systems. It’s findings: among the IT, cybersecurity and informatics professionals surveyed, more than half cited cybersecurity concerns as “significantly limiting” their use of cloud services.

This is the infographic that reveals the key information revealed in the report of the same name.

Ponemon Institute is pleased to present The Value of Threat Intelligence: Annual Study of North American and United Kingdom Companies, sponsored by Anomali. The purpose of this research is to examine trends in the benefits of threat intelligence and the challenges companies face when integrating threat intelligence with existing security platforms and technologies.

In this paper, a depp look into existing cybersecurity practices, their shortcomings, and the urgent need to avoid breaches altogether and not just mitigate them after the fact.

From the report, “It should be another momentous year for mobile security, with cyber attacks growing rapidly in sophistication and distribution. This report will cover the key mobile security trends that emerged last year as well as summarize thoughts for the mobile threat landscape for the year ahead.”

Aon’s Cyber Solutions explores eight specific risks that organizations may face in 2019 no matter where they are on their digital journey.

This report analyzes many of the cyber security situations from 2018 and offers some predictions for 2019.

FireMon is proud to present its 3rd Annual State of the Firewall Report based on 437 survey responses collected between November 16, 2016 and December 6, 2016. Respondents included IT security practitioners representing a range of professional roles, organization sizes and industry verticals. Survey participants were asked 26 questions about their current firewall infrastructure and management challenges as well as questions about adoption and impact of emerging technologies such as SDN, cloud, microsegmentation and Internet of Things (IoT).

To better understand what government employees know (and don’t know) about data privacy and cybersecurity awareness, we surveyed 1,016 U.S.- based employees who work for local, state, and federal government entities. We then compared the results against a broader sample of employed U.S. adults that took the same survey, the results of which we featured in our 2017 State of Privacy and Security Awareness report.

This report takes a look at many of the cyber security events that took place in 2017 and discusses what they could mean for 2018.

Law firm Clyde & Co and risk analytics platform Corax have collaborated to bring you a joint white paper identifying the key drivers of frequency and cost for cyber insurance claims. This paper moves beyond major breaches to examine the day to day breaches that most businesses are experiencing. Unlike other breach reports, this paper tracks each invoiced cost or loss amount associated with a covered breach event. Anonymized data was sourced from 321 data breach events where Clyde & Co acted as monitoring counsel for cyber insurer clients. The breach events were reported to insurers between 2014 and 2015. Files were selected randomly.