This paper provides a helpful checklist for NIST adoption.

This paper navigates decision-makers through the issues surrounding a specific technology or business case, explores the business value of adoption, and recommends the range of considerations and concrete next steps in the decision-making process.

Measuring & Managing the Cyber Risks to Business Operations, which was sponsored by Tenable and conducted by Ponemon Institute, reveals global trends in how organizations are assessing and addressing cybersecurity risks. We conclude from the findings that current approaches to understanding cyber risks to business operations are failing to help organizations minimize and mitigate threats. We surveyed 2,410 IT and IT security practitioners in the United States, United Kingdom, Germany, Australia, Mexico and Japan. All respondents have involvement in the evaluation and/or management of investments in cybersecurity solutions within their organizations. The consolidated global findings are presented in this report.

Security automation architecture can improve organizations’ security posture by augmenting or replacing human intervention in the identification and containment of cyber exploits or breaches through the use of such technologies as artificial intelligence, machine learning, analytics and orchestration. Sponsored by Juniper, the purpose of this research is to understand the challenges companies face when deciding how, when and where to implement the right automation capabilities in order to improve productivity, reduce costs, scale to support cloud deployments and ultimately strengthen the security posture of the business. Ponemon Institute surveyed 1,859 IT and IT security practitioners in Germany, France, the United Kingdom and the United States. All participants in this research are in organizations that presently deploy or plan to deploy security automation tools or applications and are familiar with their organizations use of security automation and have some responsibility for evaluating and/or selecting security automation technologies and vendors.

With hundreds of thousands of implementations across the globe, Enterprise Resource Planning (ERP) applications are supporting the most critical business processes for the biggest organizations in the world. This report is the result of joint research performed by Digital Shadows and Onapsis, aimed to provide insights into how the threat landscape has been evolving over time for ERP applications. We have concentrated our efforts on the two most widely-adopted solutions across the large enterprise segment, SAP and Oracle E-Business Suite, focusing on the risks and threats organizations should care about.

In mid-2018, VansonBourne conducted research on behalf of Nutanix to gain insight into enterprise plans for adopting private, hybrid, and public clouds. The respondent base spanned multiple industries, business sizes, and geographies, which included the Americas; Europe, the Middle East, and Africa (EMEA); and AsiaPacific (APJ) regions.

This is DLA Piper’s fourth Tech Index study into the perceptions and attitudes of European technology growth. As ever, we review how attitudes are changing with regard to market developments, shifts in the financial regulatory landscape and government policies designed to spur business innovation in an increasingly uncertain and disruptive world.

In 2018, our global Services team focused resources, intelligence and technology to detect and disrupt future attacks. We’ve analyzed the massive amounts of security data collected from every engagement this year and we’ve gained new insights into what challenges organizations face and how they can better prepare for the next wave of threats. This casebook presents some of the findings and recommendations we’ve made in key engagements across a representative sample of the work we performed last year. We dig into: Emerging and notable trends Examples of ill-prepared organizations and the devastating effects of the breaches they suffered Essential recommendations to prevent companies from becoming another statistic of poor security planning and execution This casebook also underscores the expertise of our team and the important work we’re doing at CrowdStrike® Services. As you read the case studies, you will see that CrowdStrike stands shoulder-to-shoulder with our clients as we work together to stop adversaries and repair damage. But this casebook is not just for CrowdStrike clients — we want everyone to become better prepared to overcome their adversaries in 2019.

In this issue of the State of The Internet/Security report, they take a look back at some of the events they were a part of and the research the Akamai teams produced in the past 12 months. They also examine a few of the stories that formed the background in security this year.

Since the 2016 U.S. presidential election, the term “fake news” has integrated itself frmly into our daily vernacular. However, fake news is used very broadly to describe: disinformation, propaganda, hoaxes, satire and parody, inaccuracies in journalism, and partisanship. Disinformation campaigns are not limited to the geopolitical realm – its use is far more pervasive. The sheer availability of tools means that barriers to entry are lower than ever. This extends beyond geopolitical to fnancial interests that affect businesses and consumers. This paper presents an overview of these different motivations and tools actors can turn to. In Digital Shadows’ Disinformation Campaign Taxonomy, we lay out the stages used in disinformation campaigns. In doing so, it is possible to develop ways to potentially disrupt these efforts and create greater friction for actors involved.

This paper outlines the results of the DomainTools second annual Cybersecurity Report Card Survey. More than 500 security professionals from companies ranging in size, industry and geography were surveyed about their security posture and asked to grade the overall health of their programs.

From the report, “Unless companies come to realize that their security perimeters must grow beyond the corporate firewall to encompass social media networks and other areas such as the Dark Web, then the global cost of cyber crime will continue to mushroom.

This report provides a summary of OverWatch’s findings from intrusion hunting during the first half (January through June) of 2018. It reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. OverWatch specifically hunts for targeted adversaries. Therefore, this report’s findings cover state-sponsored and targeted eCrime intrusion activity, not all forms of attacks.

This e-book provides good insight into understanding cyber crime.

After analyzing the activities of cyber threat actors this year, the DomainTools Research Team has identified four key cybersecurity concerns that security teams, executives, consumers and government officials can expect to encounter next year. From hacked drones with the potential to cause physical harm, to advancing activity from North Korea and Hidden Cobra, this paper connects the dots between the past, present and future to help organizations get ready for the security challenges of 2018.

This report, prepared by CyberInt, summarises the currently known information regarding the recent breach at Deloitte, one of the ‘big four’ accounting firms, and includes a timeline of events, what is known of the breach itself as well as the aftermath.

This report describes the Sentry MBA, a credential stuffing attack tool, which has become the most popular cracking tool among threat actors in recent months. Among the reasons for its popularity, the Sentry MBA hacking tool is freely and publicly available, extremely effective, and easy to operate.

This paper provides information on Bad Rabbit a new ransomware roving the internet.

This report offers information related to an ATM Jackpotting kit for sale on darknet.

To lure unsuspecting consumers to fake websites to purchase counterfeit goods, cybercriminals abuse the Domain Name System (DNS) – every day, every hour, every minute. In this report, “Luxury Brands, Cheap Domains: Why Retailers Are Losing The Fight Against Online Counterfeiting,” cybersecurity firms Farsight Security and DomainTools, the leaders in DNS intelligence, took a close look at four international luxury brand domains and learned that the potential abuse of their brand, by counterfeiting and other malicious activities, is significant.

The current environment for doing business forces business leaders to face an expanding attack surface, more sophisticated threats and threat actors, and mounting regulatory compliance. These factors are creating a perfect storm that puts your organization and your customers at risk. Now is the time to act. As a Board member or executive, it is not only your goal, but your responsibility to shareholders to protect their interests. The threat to your bottom line from a single incident are significant but a digital risk management strategy can help.