From the report, “This report compares the budgets of global security decision makers at firms spending up to 10%, 11% to 20%, and 21% to 30% of their IT budget on information security. Security leaders can use these budget ranges as a starting point to evaluate their own programs, then compare their product, service, staffing, and other allocations with those of similar firms.” Read on to find out more.

From the report, “What does 2018 hold in store for the defenders? Unfortunately, more of the same security drama, according to Cybereason’s researchers and analysts. Specifically, they identified the following as some of the bigger security trends in the new year: 01. Supply Chain Attacks Increase & Remain Underreported 02. Destructive Attacks Do Not Let Up 03. The Line Blurs Between APT Actors & Cybercriminals 04. Fileless Malware Attacks Become Ubiquitous” Read on to find out more.

“The people, not just tools, are the key to enterprise cyber security. It’s time to devise an actionable plan to make sure every member of your organization is cyber-ready. In this guide, we will present a basic framework for optimizing the types, frequency and costs of security simulation training for the entire enterprise.”

From the report, “With its customer base of over 4,000 organizations, Alert Logic has first-hand insight into the state of threat detection and response. Drawing from more than a billion security anomalies, millions of security events, and over a quarter million verified security incidents from April 2017 to June 2018, our research has identified five key insights that every business leader, IT leader, and IT practitioner should be aware of: 1. The initial phases of the cyber killchain are merging to accelerate targeted attacks 2. Industry and size are no longer reliable predictors of threat risk 3. Attack automation and “spray and pray” techniques are aiming at everything with an IP address 4. Cryptojacking is now rampant 5. Web applications remain the primary point of initial attack” Read on to find out more.

This report offers the following highlights - Case study of a Fortune 50 organization breached via social media, Deep dive into each layer of the new attack chain, A detailed look at impersonation accounts and hijacked accounts, a new staple in the attack lifecycle, Tactics, techniques, and procedures (TTPs) used by the modern attacker on social media, Recommendations and best practices for updating your security posture.

Social media has become a major platform for financial institutions to engage customers, grow their business, and promote offers and services. However, scammers and cybercriminals have adopted the platform as well, exploiting the low technical barriers, ease of target acquisition, ease of payload delivery, and broad access to potential victims.

This report offers insight into cyberattack behavior in the manufacturing industry. It discusses the severity of attacks, botnets, and other important issues related to the manufacturing industry.

This report offers research on analysis and lifecycle of an attack on critical infrastructure. It discusses command and control, internal reconnaissance, lateral movement, and targeting the ICS and SCADA infrastructure.

The Black Hat Edition of the Vectra® Attacker Behavior Industry Report provides a first-hand analysis of active and persistent attacker behaviors inside cloud, data center and enterprise environments of Vectra customers from January through June 2018.

The 2018 RSA Conference Edition of the Vectra Attacker Behavior Industry Report provides a first-hand analysis of active and persistent attacker behaviors inside cloud, data center and enterprise environments of Vectra customers from August 2017 through January 2018.

This White Paper attempts to paint a comprehensive picture of the file-borne threat crisis facing health insurance companies due to the tight connection with medical institutions and the immense number of files shared and transferred between the two sectors, as well as explain why current security systems and industry regulations fail to adequately meet this sophisticated threat, and what measures can be taken to guard against it without investing in security infrastructure.

The survey upon which this report is based was fielded by the Financial Services Information Sharing and Analysis Center, in conjunction with Deloitte’s Cyber Risk Services practice. Fifty-one companies participated in the pilot launch of the survey, with representation from entities both larch and small, as well as those in between. Respondents came from all financial sectors, albeit skewed more heavily toward the US banking community.

This report includes detailed technical information discovered during our analysis of the forensics artifacts collected from the affected systems by the AIR Module. The report provides detailed information about the key processes used by AIR to review the malicious activity and detect the infection quickly. We also break down the encoding techniques, the registry operation, and the protection and communication mechanisms used by Kovter.

This report has been produced in partnership with the 400,000 member Cybersecurity Insiders community of IT security professionals to explore how AWS user organizations are responding to security threats in the cloud, and what tools and best practices IT cybersecurity leaders are prioritizing in their move to the cloud.

From the report, “Over the past few year’s attackers have exploited this opportunity, and as documented in our Anatomy of an Attack (AOA) report, have compromised a wide variety of manufacturing control systems. This report documents five case studies which show how cyber attackers could gain access to manufacturing and utility facilities. We also detail the progression of the attacks which in some cases disabled operations for an extended period. In one of our case studies, losses were catastrophic with the impacted entity suffering losses of over 800,000 euro per day. This report will explain how the attacks happen, and once established, how the attackers can extend these command and control points to breach the institution’s records, blackmail and extort funds, or worse, disable ongoing operations of the facility over an extended period.” Read on to find out more.

This report offers insight into Cyber Breaches and the health industry for 2016. It provides information on the important trends of 2016, medical device hijacks and the top ten health care cyber attacks of 2016.

This guide provides some important considerations to keep in mind when investigating a cloud security platform that can address today’s realities and tomorrow’s cloud-first or cloud only end goals.

From the report, “With endpoint security products continuing to be at the tip of the spear of cyber defenses for years to come, the question is how to ensure the best possible security posture. No matter which way an endpoint security buyer turns, there is no one magic bullet. It is likely that a layered approach with multiple different technologies working together is required.” Read on to find out why.

From the report, “An OS-Centric Positive Security isn’t a silver bullet, but it can be a tremendously valuable and complementary defense mechanism—your second or last line of defense. The majority of endpoint security solutions deployed today are based on the Negative Security model; so, it’s time to add a Positive Security solution to strengthen your endpoint protection.” Read on to find out more.

The findings from this study provide strong evidence that organizations are benefitting from their privacy investments beyond compliance. Organizations that are ready for GDPR are experiencing shorter delays in their sales cycle related to customers’ data privacy concerns than those that are not ready for GDPR. GDPR-ready organizations have also experienced fewer data breaches, and when breaches have occurred, fewer records were impacted, and system downtime was shorter. As a result, the total cost of data breaches was less than what organizations not ready for GDPR experienced.

This report offers a variety of case studies that highlight the challenges in the Healthcare Network.