The 2024 Data Threat Report (DTR) analyzes how core security practices have changed in response to or in anticipation of changing threats. This report also offers perspectives on what organizations can do to leverage data assets to expand opportunities to make their businesses more agile and build trust with their customers. This report also considers both securing the use of GenAI and using GenAI to better secure the enterprise. Differing priorities from different functional leaders and external stakeholders will require security and risk management leaders to build stronger relationships.

Security Observability is a technique of using logs, metrics, and traces to infer risk, monitor threats, and alert on breaches. It is a critical technique for security professionals to embrace. Security professionals use observation of system behavior to detect, understand, and stop new, unknown attacks. The Observe Data Lake approach gives customers the power they need to see how systems and people interact over time. Better security for less spend with Observe. We’ve been surveying the Observability field for years at Observe via our State of Observability Report, but this year is our first survey to focus on Security Observability. We talked to 500 security professionals to understand their current approach to security and how it’s intersecting with observability.

The State of Email & Collaboration Security 2024 report is based on an in-depth global survey of 1,100 information technology and cybersecurity professionals. Mimecast commissioned UK-based research firm Vanson Bourne to conduct the survey, which took place during October and November 2023.Survey participants worked at organizations ranging from 250 to 500 employees to more than 10,000 employees.

The 9th edition of the Edgescan Vulnerability Stats Report 2024. This report demonstrates the state of full stack security based on thousands of security assessments and penetration tests on millions of assets that were performed globally from the Edgescan Cybersecurity Platform in 2023. This is an analysis of vulnerabilities detected in the systems of hundreds of organizations across a wide range of industries – from the Fortune 500 to medium and small businesses. The report provides a statistical model of the most common weaknesses faced by organizations to enable data-driven decisions for managing risks and exposures more effectively.

This research demonstrates the continual progression of a cybersecurity conundrum that has become an unfortunate but permanent part of the digital environment. Progress is being made, but new fronts open up and new challenges emerge in a seemingly endless cycle. As the need for security rises to a board level concern, cyber leaders are facing more strategic issues to defend against, even while ongoing threats persist. As those security leaders stand to meet the threats, it behooves organizational leaders to provide the support and resources necessary to help enable those they must count on to keep their enterprises safe.

The report stated that “Equifax lacked a comprehensive IT asset inventory, meaning it lacked a complete understanding of the assets it owned. This made it difficult, if not impossible, for Equifax to know if vulnerabilities existed on its networks. If a vulnerability cannot be found, it cannot be patched.” The Equifax case is one example of an existential and underreported cybersecurity issue: the vast majority of organizations do not have comprehensive visibility of every asset they need to secure.

The NetDiligence Cyber Claims Study presents findings from a five-year dataset of over 9,000 real-world cyber insurance claims. In this spotlight, we focus on the subset of BEC incidents: 17% of claims reported (N=1,480) between 2018 and 2022. BEC starts with human error and ends with high crisis services costs. Educating and training the workforce is a continual and incremental process. Preventing BEC is the endless task of cybersecurity

The Professional Services sector includes a broad array of organizations. Although there are no strict criteria for considering a company to be in this sector, there is general agreement that inclusion requires specialized training and experience, and, in many cases, qualification by exam and licensing managed by either national or state authorities. Using our 5-year dataset, we have analyzed 1,500 Professional Services claims dated 2017 through 2021. Professional Services sector incidents account for 20% of all claims in the dataset.

This new study makes it clear that enterprise demands have certainly continued to grow since then. Organizations place greater strategic priority on TPRM to contribute to a widening scope of enterprise risk that extends beyond cybersecurity. It’s also clear from these results that supply chains are expanding as is the need to efficiently assess risk across those business relationships. Respondents tell us they’re increasingly relying on automated assessments and risk ratings to meet that demand.

The Flashpoint 2024 Global Threat Intelligence Report offers a critical examination of the current threat environment. This year’s analysis goes beyond traditional threat intelligence, incorporating Flashpoint’s unparalleled data and insights to shed light on cyber threats, geopolitical turmoil, and escalating physical conflicts around the world. The goal: help your organization to strengthen its defenses, ensure operational resilience, and proactively confront multifaceted threats—thereby safeguarding critical assets, preventing financial losses, and protecting lives.

In the 2024 State of Omnichannel Fraud Report, TransUnion brings together trends, benchmarks, and identity and fraud expertise from across our organization. It provides insight to those responsible for preventing fraud and streamlining customer experiences to deliver better business outcomes. Use this report to evaluate current fraud prevention programs in the context of the broader market.

The report sheds light on the sectors most at risk, with technical services vendors leading the breach statistics for the fourth consecutive year. Despite this, a silver lining emerges as a significant portion of these vendors demonstrated improvements in their cyber ratings postbreach. The healthcare sector continues to bear the brunt of these incidents, reinforcing the need for heightened security measures within this critical industry.

The report presents the industry’s most comprehensive analysis of intelligence from 2023. It covers threat actors and their playbook of targets, methods, and attacks to help you eliminate blind spots in your current security posture. groups, and more for the year ahead. Wherever you are in your threat intelligence journey, you can use this report as a roadmap. It will help you strengthen your operations, create a forward looking strategy, and protect your organization’s data, intellectual property, and brand reputation.

Our research sheds light on a concerning trend: 90% of exposed valid secrets remain active for at least five days after the author is notified. This finding emphasizes a crucial lesson in code security: while detecting vulnerabilities is critical, the real challenge lies in remediation. Security, we believe, must be a shared responsibility across all stages of the Software Development Life Cycle (SDLC), not just the domain of specialized teams. Raising awareness about these seemingly minor lapses is essential for mitigating supply chain risks.

The report raises a number of interesting findings, which you’ll read about in the pages to come. However, one through line that emerges is the need for reliable threat intelligence and its impact on threat hunters’ ability to do their jobs well. Threat intelligence, or lack thereof, is a commonality across the top challenges respondents identified. Access to threat intelligence also affects nearly every aspect of how respondents say they do their jobs.

Our survey results revealed that more companies than ever are viewing GRC as a holistic process and taking steps toward getting a complete view of their risk environment and regulatory obligations. Centralizing strategy, unifying risk and compliance data, and revamping the approach to cybersecurity are becoming more popular strategic objectives among respondents, especially with the rise of AI technology dismantling barriers and fostering collaboration among various GRC functions. This means the criteria for which GRC technology is being evaluated against in the purchase cycle is rapidly expanding.

Our sixth annual retrospective, this report is based on in-depth analysis of nearly 60,000 threats detected across our more than 1,000 customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications over the past year. This report provides you with a comprehensive view of this threat landscape, including new twists on existing adversary techniques, and the trends that our team has observed as adversaries continue to organize, commoditize, and ratchet up their cybercrime operations.

The 2024 Cybersecurity Risk Report from the FAIR Institute shows broadly positive trends compared to last year’s survey. At the FAIR Institute, they believe that effective cyber risk management can only be achieved through transparent and defensible risk analysis using a standard such as FAIR and quality cyber risk data.

The goal of this report is to help security professionals remain at the forefront of securing organizations, as its content is based on real-world techniques employed by attackers to target cloud-based environments. As commercial adoption of cloud technologies continues, cloud-focused malware campaigns have increased in sophistication and number – a collective effort to safeguard both large enterprises and small businesses alike is key.

In this report, we shed light on these vulnerabilities and how they impact commercial and federal organizations today. We provide insights from a survey of IT security and data science leaders navigating these challenges. We share predictions driven by data from HiddenLayer’s experiences securing AI in enterprise environments. Lastly, we reveal cutting-edge advancements in security controls for AI in all its forms.

This report sets itself apart with our proprietary data and insights derived from comprehensive detection coverage coupled with human-led expert investigation and confirmation of threats. The data that powers Deepwatch results from thousands of expert investigations across hundreds of thousands of protected systems. This report examines the broader landscape of threats that leverage techniques and other tradecraft. We also track specific threats associating malicious or suspicious activity with a new or existing threat activity cluster, specific malware variants, abuse of legitimate tools, and known threat actors. ATI continually tracks and analyzes threats throughout the year, publishing weekly threat intelligence reports.