This report is the first attempt to map out the most critical identity security weaknesses in the hybrid enterprise environment. These Identity Threat Exposures (ITEs), gathered from hundreds of live production environments, are the key weaknesses that allow attackers to access credentials, escalate privileges and move laterally, both on-prem and in the cloud.

The purpose of this report is to assess and summarize the current threat landscape facing organizations as a result of the digital identities that they issue to legitimate users. We called this report “The Unpatchables” because digital identities represent a source of technical risk that is impossible to completely mitigate even in theory.

In our new State of Cyber Threat Intelligence, we examine the factors that contribute to these two themes: the converging nature of cyber threats as well as the perpetual cycles in which they exist. Plus, we explore the big-picture impact of cyber attacks on organizations across a variety of industries globally and provide guidance on how to fight back.

To understand the challenges facing U.S. government agencies, Lookout analyzed data specific to our federal, state and local customers from the Lookout Security Graph. The graph, which includes telemetry and more than 175 million apps, enabled us to identify and break down the most prominent mobile threats agencies face. For this report we specifically reviewed data from 2021 and the first half of 2022.

The 2021 Remote Workforce Security Report reveals the current state of protecting the new workforce of widely distributed organizations. The report explores their key challenges, along with the new security threats they face, technology gaps and preferences, investment priorities, and more.

This report is designed to explore the state of evolving email threats and how organizations are responding to protect themselves. Business Email Compromise attacks are one of the financially most damaging cyber crimes. They typically involve phishing emails and social engineering tactics to attack organizations and trick unsuspecting employees and executives into conducting tasks under the guise of legitimate business activity, often appearing to come from a trust sender.

This report shares insights from the XM Cyber Research team’s analysis of the Attack Path Management platform from January 1st, 2021 - December 31st, 2021. The Impact report begins with a close look at the methodology of attack paths and then reveals the impact of attack techniques used to compromise critical assets across organizations, whether hybrid, on-prem or multi-cloud.

For this, our 15th anniversary installment, we continue in that same tradition by providing insight into what threats your organization is likely to face today, along with the occasional look back at previous reports and how the threat landscape has changed over the intervening years.

This 2021 State of Phishing and Online Fraud Report highlights the key trends that drove digital scams using data gathered from analyzing more than one billion sites. A multitude of factors drove record growth in fraud campaign activity in 2020 with an increase of 185% from what was observed in 2019.

The annual Data Breach Investigations Report (DBIR) is the annual marque analysis of breach and incident information over the previous year.

This report explores how the broad adoption of cloud services has affected cyber risk and fraud.

This research purports to help better understand the emerging risks and modern threat landscape both in qualitative and quantitative aspects, and to help cybersecurity companies better prioritize and address emerging cyber risks.

This threat report covers traffic and attack trends, with industry and geographical breakdowns, for the first several months of 2020. A special focus on the use of cloud and SAAS providers supporting telework is included.

An annual review of threat traffic and patterns across geographies as seen by NTT Security.

In our 3rd annual Global Password Security Report, we strive to share interestingand helpful insights into employee password behavior at businesses around theworld. We want to help IT and security professionals understand the greatestobstacles employees face when it comes to passwords, learn how to addresschallenges of managing and securing data in today’s digital workplace and enablethem to see how their businesses’ password security practices measure up. Thisyear, we’re bringing even more data points to the table.

Ponemon Institute is pleased to present the findings of the 2020 Cost of Insider Threats: Global study. Sponsored by ObserveIT and IBM, this is the third benchmark study conducted to understand the direct and indirect costs that result from insider threats.

This report compiles information gained by the Trustwave SpiderLabs who maintain a presence in some of the more prominent recess of the online criminal underground. The provide information on the dark web’s code of honor, reputation systems, job market, and techniques used by cybercriminals to hide their tracks from law enforcement.

A necessary pillar of an effective cyber defense strategy is the capability to detect and mitigate threats at the earliest stages of the cyber kill chain. While internal and perimeter security solutions are critical to your security program, external threat intelligence gives you the ability to defend forward by eliminating threats outside the wire. This ebook is designed to provide a framework for security professionals on how to conduct effective external threat hunting on the dark web.

This report discusses the problems with passwords, “The problem is that passwords, 2FA and legacy multi-factor authentication solutions have one thing in common – they rely on shared secrets. That means that a user has a secret, and a centralized authority holds the same secret. When authenticating, those two secrets are compared to approve user access. If a malicious 3rd party intercepts the secret, they can impersonate the user. The bad news is that this reliance on shared secrets has kept large populations of users vulnerable to phishing, credential stuffing attacks, and password reuse while contributing to the steep rise in Account Take Over (ATO). The good news? The Digital Identity landscape is about to change very quickly.”

Risk IQ offers a glimpse into the multiple attacks on IT infrastructure organizations like Wipro and several others. This report is an analysis of those campaigns, their operators, and their targets.

This report takes a deep dive into examining the types of fraud that occur in the travel industry.