Cyber adversaries and threats are becoming increasingly sophisticated and more frequent. The survey of 297 IT security professionals found that although 82 percent of respondents said they know about the MITRE ATT&CK framework, only 8 percent reported that they are using the ATT&CK framework regularly. (more available)

The SANS CTI survey shows that many CTI programs can meet the challenge. While some programs are just getting started due to increased cybersecurity needs and a growing, complex threat environment brought on by the rapid shift to remote work, organizations can rely on CTI providers and information-sharing groups to fill in the gaps as their programs mature. (more available)

The new look at the workforce revealed that the percentage of women in cybersecurity is roughly 24%. While men continue to outnumber women in cybersecurity and pay disparity still exists, women in the field are buoyed by higher levels of education, and are finding their way to leadership positions in higher numbers. (more available)

In this report, we show how this combination of AI and automation can deliver substantially better performance, whether in the form of speed, insights, or flexibility. (more available)

Evolving security threats, exponential data growth, increased complexity, and a continuing cybersecurity shill shortage has given rise to a new category of security solutions called Extended Detection and Response (XDR). (more available)

The Secureworks Counter Threat Unit (CTU) research team analyzes security threats and helps organizations protect their systems. During March and April 2021, CTU researchers observed notable developments in threat behaviors, the global threat landscape, and security trends, and identified lessons to consider. (more available)

CISOs aren’t alone in recognizing the need for new threat detection and response strategies. In fact, security technology providers are championing a new technology initiative dubbed eXtended Detection and Response (XDR). (more available)

Over 5,100 IT and security professionals across 27 countries were asked about their organizations’ approaches to updating and integrating security architecture, detecting and responding to threats, and staying resilient when disaster strikes. (more available)

A survey of 250 UK cybersecurity professionals on their perspectives of the state, benefits, and challenges in security process automation.

This report looks at IT security teams. They highlight changes in the teams and the ways that they work.

An analysis on the indicators to be derived from detecting Internet of Things (IoT) in organization’s public internet facing profiles.

This is the 8th annual Year in Review Report. It looks at cyber threat intelligence, sectoral and thematic threats, emerging trends, and the biggest incidents worldwide from the past year. (more available)

This report takes a look at the most significant stories and trends in order to determine what has changed and what to expect for the second half of 2020 in the cybersecurity industry. (more available)

This report from Cloudflare shows trends and shifts in DDoS attacks for the 2nd quarter of 2020.

A survey of over 1,000 US and UK IT professionals on the challenges to having the necessary in-house expertise to achieve a strong cybersecurity posture. (more available)

A survey-driven report of over 200 IT and security professionals on the practices and the objectives in their use of cloud access security broker (CASB) technologies. (more available)

A survey driven review of 25 indicators via 50 questions spanning nearly 160 respondents. This attempts to focus on factors influencing cybersecurity strategy design and implementation on a year-over-year basis. (more available)

This report focuses on an analysis of security controls effectiveness across the multiple stages of attack lifecycles within 11 global industries. (more available)

This report explains the findings of a study the did, showing that seeking the exact technology to solve your newest, most pressing security concern may actually be multiplying security gaps that slow you down instead of simplifying your security environment. (more available)

A review of 63 events where Kivu participated in payouts of ransomware events on behalf of clients engaged via a post-incident response. (more available)

A review of doxxing related ransomware cases handled by Kivu Consulting in a post-breach role. Explores firmographics of the organizations involved in various variants of ransomware families. (more available)