Security services remained the top category for M&A activity across consulting and MSSP, followed by sectors including Risk & Compliance and SecOps / IR / Threat Intel. While companies have prioritized email security solutions for decades, analysts expect the email security market to grow significantly in the coming years. Advanced threats relating to phishing and social engineering necessitate strong email security to protect employee and company data from threat actors.

Common Vulnerabilities and Exposures (aka CVEs) in containers, at least according to the interviews conducted for this study, are a pain (in the vuln). Chainguard conducted ten interviews with software professionals at a range of companies that build or operate containers. The interview questions dealt with the processes and workflows that these professionals use to identify, triage, and remediate CVEs in containers. Many of the questions either involved a request for a time estimate of each step of the process or probed the “why” behind the process or workflow.

This is the fifth report in the series which plots the use of vulnerability disclosure in consumer markets with the introduction of enterprise starting in 2021. For consumers, knowing that a manufacturer has the requisite systems in place to receive, and remedy, known security flaws is a welcome form of assurance. Indeed, we have said many times that the lack of an easily identifiable method for reporting security issues could be likened to a canary in the coal mine – it’s a good health indicator as to how serious they are about security.

This new study makes it clear that enterprise demands have certainly continued to grow since then. Organizations place greater strategic priority on TPRM to contribute to a widening scope of enterprise risk that extends beyond cybersecurity. It’s also clear from these results that supply chains are expanding as is the need to efficiently assess risk across those business relationships. Respondents tell us they’re increasingly relying on automated assessments and risk ratings to meet that demand.

The goal of the index is simple: We combine on-chain data and real-world data to measure which countries are leading the world in grassroots crypto adoption. Grassroots crypto adoption isn’t about which countries have the highest raw transaction volumes — anyone could probably guess that the biggest, wealthiest countries are far ahead there. Instead, we want to highlight the countries where average, everyday people are embracing crypto the most. To do that, we’ve designed the Global Crypto Adoption Index to identify countries where the most people are putting the greatest share of their wealth into cryptocurrency.

Marking its fourth year of publication, the Red Report 2024 provides a critical dive into the evolving threat landscape, presenting a detailed analysis of adversaries’ most prevalent tactics, techniques, and procedures (TTPs) used throughout the past year. Conducted by Picus Labs, this annual study examines over 600,000 malware samples and assesses more than 7 million instances of MITRE ATT&CK techniques. It gives security teams invaluable insights into the techniques that pose the most critical cyber risk to organizations.

In this report, sponsored by F5 Labs, we take a step back and examine the universe of vulnerabilities (defined by the CVE) and how it’s changed in the last 20 years. As you will see, we will find some surprising things along the way.

In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military industrial complex enterprises and public institutions in several Eastern European countries and Afghanistan. In the course of our research, we were able to identify over a dozen of attacked organizations. An analysis of information obtained during our investigation indicates that cyberespionage was the goal of this series of attacks.

When it comes to security, there is a paradox. Security can enable businesses to scale and grow, but confusion around security and overly rigid practices can introduce unnecessary red tape. Our survey reveals that startups struggle to find the balance between managing risks and prioritizing security.

Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight.

Bitdefender researchers recently investigated a sophisticated APT-style cyberespionage attack targeting aninternational architectural and video production company, pointing to an advanced threat actor and a South Korean based C&C infrastructure. This report goes in-depth on this attack.

A survey of 273 security professionals on the implications of the COVID-19 pandemic on security perceptions.

A survey of 933 respondants on changes to privacy and data protection after COVID-19 and how companies are keeping their data protected.

This document institutes the third edition of the CISO Current report and contains data gathered from direct interviews surveying almost 40 cybersecurity executives at leading enterprises.

This key findings’ report contains a synopsis of trends on how health systems are scaling innovation and a look-ahead at what the innovation perspectives and strategies of today may mean for the health systems tomorrow. It is structured to provide action items for efficient scaling of innovation at health systems followed by supporting findings.

This research brief presents key highlights on recent veteran participation in the STEM workforce drawing upon an analysis of the American Community Survey (2012-2016), led by the U.S. Census Bureau. From this data, the research team examined veteran participation across 49 distinct STEM occupations, which are grouped into the following five occupational clusters: Engineering, Information Technology and Computer Science, Life and Physical Sciences, Mathematics, and Supervisor/ Management of STEM occupations. Among other analyses, the research team identified year-over-year trends in veteran participation, geographic distribution, and comparisons to non-veterans across all STEM occupations.

An In Depth Look at the most prevalent ATT&CK techniques according to Red Canary’s historical detection dataset.

From the report, “Robotic telepresence is a next-generation technology that allows a person in one location to replicate himself in another. The remote person can see you, hear you, interact with you, and move all around your location. But wait a second! What if the person behind the robot is not who you think he is? What if the robot gets compromised, and now the attacker is watching you and your surroundings? In this whitepaper, all the findings learned while security testing a telepresence robot are presented, as well as the countermeasures implemented by the vendor.”

Outsourcing is a fact of life for healthcare organizations, from routine functions such as food services and laundry to regulatory compliance and clinical activities. Large numbers of vendors must be properly managed in order to reduce clinical, financial and regulatory risk. This paper discusses how to reduce complexity in third-party vendor risk management, and how to turn uncertainty and confusion into efficiency and confidence.

This is the first in a series of books tracking changes and discoveries within the DevSecOps Community. The stories are by people who have been sloshing around in the swamps of software development for years, figuring out how things work, and most importantly, why things didn’t work.

This is DLA Piper’s fourth Tech Index study into the perceptions and attitudes of European technology growth. As ever, we review how attitudes are changing with regard to market developments, shifts in the financial regulatory landscape and government policies designed to spur business innovation in an increasingly uncertain and disruptive world.