A necessary pillar of an effective cyber defense strategy is the capability to detect and mitigate threats at the earliest stages of the cyber kill chain. While internal and perimeter security solutions are critical to your security program, external threat intelligence gives you the ability to defend forward by eliminating threats outside the wire. This ebook is designed to provide a framework for security professionals on how to conduct effective external threat hunting on the dark web.

In 2018, WSJ Pro Cybersecurity partnered with ESI ThoughtLab, a thought leadership and economic research firm, to gather data on how more than 1,300 enterprises were responding to the challenge of managing cyber risk. The study launched in late 2018 with the ground-breaking report ‘The Cybersecurity Imperative’ and continues with this pulse update report based on the findings of a new sample of companies.

From the report, “It is clear that there is no shortage of vulnerabilities to find. In the last year, Bugcrowd saw a 92% increase in total vulnerabilities reported over the previous year. The average payout per vulnerability increased this year by a whopping 83%, with average payouts for critical vulnerabilities reaching $2,669.92 — a 27% increase over last year.”

From the report, “BEC is a specific type of phishing email that operates without links and without attachments (two of the standard markers that perimeter defenses look for). However, instead of taking over a computer or stealing data, BEC hackers impersonate an executive (a known CEO, CFO or other CxO), and persuade the recipient (an employee) to perform some action – like wiring money or attaching information to an email. " Read on to learn more.

In this report they explore: • Why AI-enabled cybersecurity is increasingly necessary • How organizations are benefitting from AI in cybersecurity • Where organizations should focus their cybersecurity initiatives • Building a roadmap for implementing AI in cybersecurity

This report covers trends in retail and hospitality in 2019. It covers Cyber espionage that impacts hospitality, how virtual skimming threat data poses risk to payment card data, and an analysis and comparison of point-of-sale malware companies.

This report is essential reading for executives, security practitioners and development teams who want to better understand the present state of software security risk, and who seek to benchmark and improve their own organization’s performance.

In April-May 2019, ESI ThoughtLab surveyed 467 firms to gain insights into their latest cybersecurity perspectives, plans, and practices. With limited budgets, and cyber risks mushrooming, it is paramount that organizations understand the ROI of cybersecurity so that they invest in those efforts that will result in the optimal outcome.

This report offers insights into the 40 year history of spam. It discusses what this means for business, and how the new spam has surpassed the spam of 40 years ago.

This technical whitepaper explains the challenges cybersecurity professionals face, how they’re prioritizing vulnerabilities today and how they can dramatically improve cyber risk management with Predictive Prioritization – the process of re-prioritizing vulnerabilities based on the probability that they will be leveraged in an attack.

From the report, “After working with hundreds of security professionals and covering over 1 million assets at some of the world’s most innovative brands, the team at Axonius has identified 5 things that security teams discover when they automate cybersecurity asset management. In this short paper, we’ll review each of these findings, discuss their security implications, and show how automating asset management can both find and resolve these challenges.”

The 2019 Malware Report was produced by Cybersecurity Insiders and HelpSystems to reveal the latest malware security trends, challenges, and investment priorities.

State of Cybersecurity 2019 reports the results of the annual ISACA® global State of Cybersecurity Survey, conducted in November 2018. This second of two reports focuses on current trends in cybersecurity attack vectors and response methodologies, organizational governance and program management.

This installment of State of the Internet / Security examines credential stuffing and web application attack trends over the last 17 months, with a focus on the gaming industry. One reason gaming is so lucrative is the trend of adding easily commoditized items for gamers to consume, such as cosmetic enhancements, special weapons, or other related items. Gamers are also a niche demographic known for spending money, so their financial status makes them tempting targets. We began collecting credential abuse data at the beginning of November 2017 and chose to use the same period with our application attack data to make direct comparisons between plots easier for readers.

Now in its fifth year, Sonatype’s annual State of the Software Supply Chain Report examines the rapidly expanding supply and continued exponential growth in consumption of open source components. Their research also reveals best practices exhibited by exemplary open source software projects and exemplary commercial application development teams.

This report is about evolution, how phishing emails and malware are in a state of constant flux. But one thing hasn’t changed: phishing is still the #1 cyber-attack vector. The vast majority of breaches begin with malicious emails or other social engineering and most malware is delivered by email.

This report provides insights culled from a year of security data analysis and hands-on lessons learned. Data analyzed includes the 6.5 trillion threat signals that go through the Microsoft cloud every day and the research and realworld experiences from our thousands of security researchers and responders around the world. In 2018, attackers used a variety of dirty tricks, both new (coin mining) and old (phishing), in their ongoing quest to steal data and resources from customers and organizations. Hybrid attacks, like the Ursnif campaign, blended social and technical approaches. As defenders got smarter against ransomware, a loud and disruptive form of attack, criminals pivoted to the more “stealth”, but still profitable, coin-miners.

Positive Technologies experts regularly perform security analysis of mobile applications. This report summarizes the findings of their work performing security assessment of mobile apps for iOS and Android in 2018.

Since 2017, risk experts have consistently ranked large-scale cyber attacks and data fraud among the top five mostly likely risks around the world. Despite growing anxieties about cyber threats, cyber resilience strategies and investments continue to lag. Globally, the time taken to discover a data breach has considerably lowered since 2017, but organizations in the Asia-Pacific region took four months longer than the global median. Internet users are growing 10 times faster than global population, exponentially increasing the surface area of attack. For example, in 2018, the total cost of cyber crimes grew by a third compared to 2016, to $600 billion, but investments in cyber security only increased 10 percent over the same period.

The Irdeto Global Connected Industries Cybersecurity Survey polled 700 security decision makers across Connected Health, Connected Transport and Connected Manufacturing plus IT and technology* (who manufacture IoT devices) industries about cyberattacks targeting their organization, concerns about the types of attacks that could target their organization, security measures currently in place and much more. The research surveyed both manufacturers and users of IoT devices in five countries – China, Germany, Japan, the UK and the US. The research was fielded online by Vanson Bourne from March – April 2019.

Risk IQ offers a glimpse into the multiple attacks on IT infrastructure organizations like Wipro and several others. This report is an analysis of those campaigns, their operators, and their targets.