The report presents the findings of the analysis of statistical data obtained using the Kaspersky Security Network (KSN) distributed antivirus network. The data was received from those KSN users who gave their voluntary consent to have data anonymously transferred from their computers and processed for the purpose described in the KSN Agreement for the Kaspersky product installed on their computer.

Our findings in this year’s Skybox Vulnerability and Threat Trends Report, detailed below, make the urgency of the situation abundantly clear. Vulnerabilities have skyrocketed, eclipsing all previous records. Attacks are increasing in velocity and impact. Threat actors are targeting more sensitive assets and inflicting more damage. They are better organized—backed increasingly by large crime rings and nation-states—and are employing more sophisticated tools and tactics, such as a growing assortment of backdoor malware and advanced persistent threat (APT) attacks.

The Threat Horizons Report will continue to highlight advanced threats to the cloud, sophisticated attack campaigns, and novel techniques used to target victims in the cloud. By focusing on good cloud hygiene, defenders will raise the bar necessary for attackers to be successful while reducing the risk of becoming a victim to a common attack.

This year, we delve deeper into web entities, or content served over HTTP – think websites, web-based control panels, load balancers, and even APIs. Web entities have become a ubiquitous part of our daily lives, enabling us to shop, read the news, and stay in touch with loved ones. Our goal is to share our findings and analysis with the community to provide a deeper understanding of the complexities of the internet. We hope that readers can use these findings to enhance their understanding of the services that comprise the web and make more informed decisions about how to safeguard their digital assets.

The purpose of this report is to assess and summarize the current threat landscape facing organizations as a result of the digital identities that they issue to legitimate users. We called this report “The Unpatchables” because digital identities represent a source of technical risk that is impossible to completely mitigate even in theory.

This report covers the threat landscape, as encountered by our sensors and analysts in the first half of 2023. General malware data presented in the report is gathered from January–May of this year, and reflects threats targeting endpoints that we observed in these months. The report represents a global outlook and is based on over 1,000,000 unique endpoints distributed around the world. Most of the statistics discussed focus on threats for Windows operating systems, as these are much more prevalent then those targeting macOS and Linux.

In this study on general phishing awareness, over 9,000 simulated phishing emails were sent to users who signed up in 2022. Participants were sent three simulated attacks over the course of a week- all classified as moderate in terms of complexity. The users had to identify these emails. If they clicked, they were forwarded to contextual learning resources.

The 2023 SANS Security Awareness Report analyzes data provided by nearly two-thousand security awareness professionals from around the world to identify and benchmark how organizations are managing their human risk. This data-driven report provides actionable steps and resources to enable organizations at any stage of their Awareness program to mature said programs and benchmark them against others.

Our annual Threat Intelligence Report is aimed at anyone interested in cybersecurity, from the technical specialist to the senior CISO. The main focus, however, is to guide decision-makers responsible for developing strategic plans for their organization’s cybersecurity to ensure that resources are well invested. Our report last year focused on technical challenges; this year’s report will focus on real-world changes and how they can impact your organization’s cybersecurity.

The 2023 Elastic Global Threat Report is a summary of more than a billion data points distilled down to a small number of distinct categories. We describe the tools, tactics, and procedures of threats from the perspective of endpoints and cloud infrastructure — the most common enterprise attack surfaces — so readers with varying priorities can determine the best course of action to take next.

The 2023 Comcast Business Cybersecurity Threat Report was developed to help technology and security leaders get a deeper understanding of trends in cybersecurity threats—and the steps they can take to help protect their organizations from an evolving set of threats. Our goal is to provide insights from billions of threat data points and context around common ways that cybersecurity attacks arise and unfold.

The annual Cybersecurity considerations report identifies eight considerations that CISOs should prioritize in the year ahead as they seek to accelerate recovery times, reduce the impact of incidents on employees, customers and partners and aim to ensure their security plans enable — rather than expose — the business. The report also explores the key actions CISOs should take to meet the challenges ahead and to help ensure security is the organization’s golden thread, woven into the business across the board — providing the basis for trust.

Cloud security risks and vulnerabilities are on the rise and 30% of businesses fail to apply adequate security controls or provide the tools security and DevOps engineers really need to solve this problem. Unprecedented and rapid expansion to the cloud, prompted by many organizations’ digital transformation also means that cloud services are expanding faster than ever before. AWS alone has experienced over 1000% growth in services since 2013.

This report is based on the summary statistical analysis of over 9,000 cyber claims for incidents that occurred during the five-year period 2018–2022. By comparison, the third Cyber Claims Study, published in 2013, analyzed fewer than 150 cyber insurance claims.

Splunk sits at the heart of Security Operations for many of the world’s largest and most complex organizations. We spend our days helping CISOs and their teams get ahead of emerging threats, respond quickly when incidents inevitably occur, and succeed as business enablers. In The CISO Report, we share the results of our original research and offer insights on how leaders can evolve along with the cybersecurity landscape.

The United Kingdom’s National Cyber Security Centre (NCSC) found that cyberattacks against sports organizations are increasingly common, with 70% of those surveyed experiencing at least one attack per year, significantly higher than the average across businesses in the United Kingdom. In this edition we offer first hand learnings about how threat actors assess and infiltrate these environments across venues, teams, and critical infrastructure around the event itself.

In this fourth annual edition of the Microsoft Digital Defense Report, we draw on our unique vantage point to share insights on how the threat landscape has evolved and discuss the shared opportunities and challenges we all face in securing a resilient online ecosystem which the world can depend on.

Process for Attack Simulation and Threat Analysis (PASTA) is a threat modeling methodology, co-developed by VerSprite’s CEO Tony UcedaVelez. It provides a process for simulating attacks to applications, analyzing cyberthreats that originate them, and mitigating cybercrime risks that these attacks and threats pose to organizations. The process is employed by security professionals across industries to prioritize risks and develop a mature cybersecurity framework that is woven into the business culture and the application development process.

The ninth annual ISACA global State of Cybersecurity Survey continues to identify current challenges and trends in the cybersecurity field. For the second consecutive year, ISACA fielded questions to gain deeper insight into persistent issues in cybersecurity workforce skill sets and staffing for entry-level positions. The State of Cybersecurity 2023 report analyzes the survey results on cybersecurity skills and staffing, resources, cyberthreats and cybersecurity maturity.

Coalition’s 2023 Cyber Claims Report: Mid-year Update features data from organizations across the United States. Cyber risk is global in nature, and we believe the trends and risk mitigation strategies within this report are applicable regardless of location. We’re proud to share these insights to help our policyholders, broker partners, and others in the cyber insurance industry stay informed about the ever changing threat landscape.

Coalfire’s 5th Annual Penetration Risk Report confirms that enterprise security teams in key industry sectors are starting to embrace continuous penetration testing as a core component of a comprehensive defensive strategy. The report reveals gaps on an expanding attack surface, showing that organizations face ever-greater difficulties mitigating modern attacks.