At HPE, we believe that our individual and collective success lies in our ability to share learnings, ideas and opportunities. When it comes to securing our respective organizations, we’ve all plagued by the same challenges: a global cybersecurity skills shortage, an expanding attack surface, distributed data, and increasing demands from transparency from stakeholders. This report showcases some of the work we’ve done on that front during 2022 and some predictions for 2023.

In our Security Report, we discuss a few more trends observed by cp throughout the year. The Russia-Ukraine war demonstrated how the traditional, kinetic, war can be augmented by a cybernetic war. It has also influenced the broader threat landscape in the rapid changes of hacktivism and how independent threat actors choose to work for state-affiliated missions.

This report, our third in an annual series, draws upon a comprehensive survey of corporate digital forensics & incident response (DFIR) professionals in North America (NA) and Europe, the Middle East, and Africa (EMEA), and aims to provide intelligence—with analysis, interpretation, and insights, rather than just data— tailored to the needs of enterprise decision-makers, particularly those involved with IT, cybersecurity, and governance.

ESG conducted an in-depth survey of 255 cybersecurity and IT/information security professionals familiar with their organization’s network security tools and processes and responsible for evaluating, purchasing, and/or operating corporate network security controls across public cloud infrastructure and on-premises data centers/private cloud. Survey participants represented mid-market (500 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America (United States and Canada).

The Zimperium 2023 Global Mobile Threat Report examines the trends that shaped the mobile security landscape over the last year and analyzes research from Zimperium’s zLabs team, as well as third-party industry data, partner insights, and observations from leading industry experts. The findings in this report will help security teams evaluate their mobile security environment and improve defenses to ensure a mobile-first security strategy.

As health care delivery organizations have increased their reliance on health information technology, they have also increased their exposure to new cybersecurity risks, such as ransomware attacks.

This is the tenth edition of the ENISA Threat Landscape (ETL) report, an annual report on the status of the cybersecurity threat landscape. It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis. It also describes relevant mitigation measures.

CISOs are facing increased challenges in an escalating threat landscape, with email as the primary target for attacks. This white paper breaks down the requirements for modern email security in protecting organizations from advanced and novel threats – moving from historically-trained tools to a behavioral, AI-driven approach.

This report focuses on confirmed breaches in which confidential data has been exposed and/or stolen, ranging from very small breaches to large caches of data that provide financial incentives to hackers to hold for ransom, sell on the dark web, or both. . Many breaches that occurred as a result of third parties (vendors, suppliers, contractors, or other organizations) were researched to determine the root causes.

In our annual Threat Report, the Deepwatch Adversary Tactics and Intelligence (ATI) team provides data on the leading cybersecurity threats that SOC security analysts faced in 2022, and offers predictions of what teams will likely face in 2023. With analysis from ATI research and Deepwatch customer engagements, we review the types of volumes of threats, look at the challenges in visualization and identification, and consider what lingering or growing threats SOC teams should prioritize.

Attackers persistently adapted their email-based techniques throughout 2022, cycling through new and old tactics in the hopes of evading human and cyber security measures.

In this eBook, we will discuss the challenges of securing today’s rail networks in the face of increasingly frequent and severe cyber threats, the impact of intensifying regulatory requirements and the potential damage that malicious actors could leave behind. Finally, we will explore the most critical things to look for in a security solution for rail transportation networks.

In this data-driven report, based on our scanning of over 200,000 cloud accounts, including more than 30% of the Fortune 100 environments, we analyze the latest industry trends and developments, presenting a factual and data-based assessment of the current state and progression of cloud technology. We examine how the cloud has evolved over the past year and attempt to shed light on some of the complexity of cloud environments, including aspects such as organizational usage of multi-cloud and both managed and non-managed services.

CyberEdge’s annual Cyberthreat Defense Report (CDR) plays a unique role in the IT security industry. Other surveys do a great job of collecting statistic on cyberattacks and data breaches and exploring the techniques of cybercriminals and other bad actors. Our mission is to provide deep insight into the minds of IT security professionals.

Our CEO Report on Cyber Resilience draws on 37 interviews with CEOs of large global enterprises. It explores the role chief executives need to play in successfully managing cybersecurity risks. Our interviews with CEOs reveal that this shift to thinking about cyber resilience requires fundamental changes in approach: how they think about cybersecurity (their mindsets) and how they act (their playbooks).

This paper seeks to introduce some of the new knowledge sources and actionable data, along with a data-driven approach that puts custom cyber intelligence at the center of the process seeking to deliver the tools to help the organization stay as close to the front of the race as possible.

In this edition, we again focus on concentration of malicious activity by the same six categories we studied in the last edition in the Fall of 2021. We expect that some criteria will remain relevant over the foreseeable future; that is, as datapoints related to domain names, there are unlikely to become less forensically-valuable unless that internets fundamental structure changes. Other datapoints may wax and wane in relevance.

In this white paper, you’ll learn how to combat unwanted privilege escalation by reverse engineering the tactics that cybercriminals use. By seeing the world through the eyes of a hacker you’ll be able to identity the red flags of privileged-account attacks. And, you’ll know which techniques and tools to use to mitigate them.

This report aims to take a look at the times when things did not work as intended—not to point fingers but to help us all learn and improve. In a time where almost everyone, corporations and individuals alike, is looking at ways to do more with less, we believe a close analysis of when our defenses failed can be very beneficial. While times of great change are always challenging, they often also prompt us to take stock of our situation and, if necessary, refocus both our viewpoint and our energies. Such is the case with the DBIR this year. As a team, we decided to take a step back toward the fundamental things that got us where we are, an intense focus on actual data breaches analyzed using our own VERIS Framework. And speaking of VERIS, one of the new goodies this refocusing brings is an even better mapping between VERIS and MITRE ATT&CK through a collaboration with MITRE Ingenuity and the Center for Threat Informed Defense (CTID).

In this report, Perception Point analyzes the most pervasive attacks its advanced threat detection platform detected in 2022, noting a particular increase in account takeover attacks in the latter half of the year as well as an ongoing growth in phishing attacks. This report examines cyber threats through distinct lenses based on the intelligence gathered by Perception Point’s proprietary detection engines and its managed incident response service.

The research revealed that the rate of ransomware attacks has remained level, with 66% of respondents reporting that their organization was hit by ransomware in the previous year, the same as in our 2022 survey. With adversaries now able to consistently execute attacks at scale, ransomware is arguably the biggest cyber risk facing organizations today.