From the report, “Our State of Privacy and Security Awareness Report is back for a third year in a row, having originally been launched in 2016 due to the need to gain a better understanding of the cybersecurity knowledge of today’s workforce. Fast forward to 2018, and the need for such a resource has never been more important. Human-caused data breaches are still making headlines, and phishy emails are still letting the bad guys in. Increasingly popular cloud-storage tools are making it easier than ever to put sensitive data at risk, IOT devices are providing new inroads for the bad guys, and new breeds of malware continue to evolve on a daily basis. One thing connects these threats: the role that employees play in keeping their organizations secure. So, without further ado, we’re pleased to announce the results of the 2018 State of Privacy and Security Awareness Report.”

“It’s difficult to make forecasts, especially about the future,” mused movie mogul, Samuel Goldwyn. With the rapid changes in digital transformation, 2019 is likely to surprise us in significant ways. But one thing is certain: IT predictions for 2019 will include swift expansion into the cloud and solutions for the myriad challenges of providing security, compliance and business continuance across the growing on premise and cloud estates.

From the report, “For years, the Finance industry has been a trailblazer in managing the risk posed by vendors, suppliers, and business partners. As we have also detailed in previous BitSight Insights reports2 over the last four years, this industry has maintained a strong security posture in comparison to others. Given that the Finance industry is a leader in managing third-party cyber risk, how secure is their supply chain, and where do weak links lie? Are the companies in their supply chain meeting the same security standards they hold for their own organization? These questions are relevant not only for Finance organizations, but for all organizations that need to reduce third-party cyber risk. To answer these questions, BitSight researchers looked at the security performance of more than 5,200 Legal, Technology, and Business Services global organizations whose security ratings are tracked and monitored by hundreds of Finance firms using the BitSight Security Rating platform. The organizations across these industries represent a set of critical vendors and business partners in Finance’s supply chain, consisting of: legal organizations, accounting and human resources firms, management consulting and outsourcing firms, and information technology and software providers.”

In the last two years, businesses and governments have seen data breaches like Equifax and Marriott impact 100s of millions of accounts each, as well as critical intellectual property (IP) and core operations. A global survey of 600+ cybersecurity leaders and professionals by Ponemon Institute shows that 67% of organizations are not confident that they can avoid a data breach, and what the primary security and IT challenges that are causing this. The survey also provides fundamental recommendations that can reduce breach risk through innovating and improving a vulnerability management program.

Nominet commissioned Osterman Research to conduct a survey of 408 CISOs overseeing security for organisations with a mean average of 8,942 employees. This comprises 207 companies in the USA and 201 companies in the UK, spread across a range of sectors. The objective was to collect and analyse a large enough dataset to make valid conclusions into the opinions, behaviours and mindset of those making cyber security decisions at large organisations.

This survey, conducted by Forrester Consulting on behalf of BitSight, offers insight in to the critical role that Vendors play in key business functions and how they can create security risks and issues.

From the report, “A growing list of contractors and subcontractors have disclosed that they have been victims of data breaches resulting in the compromise of sensitive government information. In response, U.S. federal agencies have or are considering expanding cybersecurity requirements for their contractor base and adopting best practices for evaluating and monitoring those entities. In a recent study, BitSight found a large gap in the security posture between financial organizations and their third parties. This BitSight Insights report explores a similar question: what is the cybersecurity performance of U.S. federal contractors, and how does that compare to the performance of U.S. federal agencies?”

A review of the observed (externally facing) security practices of the Fortune 1000 firms.

IT security organizations today are judged on how they enable business transformation and innovation. They are tasked with delivering new applications to users and introducing new technologies that will capture new customers, improve productivity and lower costs. They are expected to be agile so they can respond faster than competitors to changing customer and market needs.

This report offers an inside look into how accounts are hacked and taken over.

This report takes a closer look at the threat of friendly fraud, by first explaining the spectrum of friendly fraud and exploring whether merchants and issuers are in fact “training” cardholders to initiate disputes. It also examines the balancing act that merchants and issuers must navigate while trying to reduce friendly fraud, while also preserving important customer relationships. Lastly, it details how two companies are addressing the problem, and then outlines six best practices for controlling the damage.

Abstract: Enterprises increasingly operate in a digitally interconnected world where third parties like suppliers, customers, channel partners, and others are often directly connected to their internal IT systems, and where their underlying IT infrastructure may be owned and managed by an outside organization. These business relationships can knowingly or unknowingly introduce different types of risks that need to be identified and managed as if these third parties were part of the enterprise itself. Recorded Future’s latest risk intelligence offering enables threat intelligence teams to better understand, monitor, and measure their real-time exposure to these third-party risks. Armed with this information, organizations can better assess and prioritize risk mitigation actions.

This guide offers helpful insight into online fraud.

From the report, “The report also looks at the trends in the usage by fraudsters of specific methods or directions of attack (e.g. location manipulation, account takeover, etc.). This is to provide insight into the various techniques commonly employed by today’s savvy fraudster. The increased sophistication of the online criminal underworld, where a huge and connected marketplace exists to provide numerous services that make theft easier (and where stolen data can be found easily and cheaply following the massive data breaches of the last few years), means that fraudsters have direct access to the tools and information they need to commit online fraud. This has lowered the barrier to entry for new fraudsters to enter, and enabled experienced fraudsters to increase the scale, sophistication and speed of their attacks. This report is designed to reflect the current patterns in that scene and help merchants to understand further and prepare for the attacks they are seeing or are likely to face.” Read on to find out more.

This report provides the Asia Pacific focussed section of the Lloyd’s City Risk Index.

From the report, “Forter and PYMNTS.com have partnered to track, analyze and report on the important trends happening in the world of fraud as it relates to payments and commerce online. Every quarter, we are monitoring fraud attempts, reflected as a percent of U.S. sales transactions , on U.S. merchant websites. How big is the storm? Where is it? How is it changing? Read on to find out. For each of the Index editions in 2016, we are using the fraud rates observed in 2015 as a benchmark for comparing the state of fraud each quarter.” Read on to find out more.

From the report, “As such, Forter creates a biannual Fraud Attack Index to highlight these changes as they affect e-commerce and mobile merchants and to provide anti-fraud professionals with the context they need to succeed. This report leverages Forter’s data to examine the trends in online fraud attacks across industries, comparing the different fraud experienced by different verticals. The report also looks at the prevalence of specific fraud methods or directions of attack (e.g. location manipulation, botnets, etc.). This is to provide insights into the various techniques commonly employed by today’s cunning fraudsters.” Read on to find out more.

This report explores how a ransomware attack might take place and what the impacts would be on governments, businesses, and the insurance sector. In the scenario, the malware enters company networks through a malicious email, which, once opened, encrypts all the data on every device connected to the network. The email is forwarded to all contacts automatically to infect the greatest number of devices. Companies of all sizes and in all sectors are forced to pay a ransom to decrypt their data or to replace their infected devices.

This report offers insight into authentication. It discusses some key problems with various standard authentication processes and highlights ways that authentication can be improved.

As account opening continues to transition from physical to digital channels, financial institutions, issuers, lenders, and other organizations must optimize the digital experience of applicants in order to compete. At the same time, fraud is on the rise as criminals have become more successful than ever, thanks to some of the same digital channel benefits enjoyed by consumers: convenience, speed, and ease of use. To achieve the necessary balance between preventing fraud and providing a delightful experience for consumers, an approach to identity proofing that accounts for the channel, product, customer, and threat environment is absolutely critical. But regardless of the approach, inconspicuous solutions — like those based on applicant behavior — have a distinct role to play in how institutions manage the risk of application fraud.

In an interview with Tom Field, senior vice president of editorial at Information Security Media Group, Gidwani discusses: • How security analytics is commonly used today; • The potential of automation; • How orchestration impacts efficiency and scale.