This study’s principal conclusion clearly mirrors today’s cybersecurity landscape: every organization is vulnerable to a cyber attack. This report uses measures of awareness and readiness to assess three degrees of vulnerability, each of which indicate differing needs to take action.

This report provides insight into the top stories from the third quarter of 2018.

This infographic provides a summarized list of the points made in McAfee’s 2019 threat predictions blog post.

The Cylance 2017 Threat Report offers valuable analysis on the current state of cybersecurity. The information provided in the report is unavailable anywhere else. This Cylance® study includes research and information drawn from internal data and feedback provided by Cylance customers. The report offers considerable insights into recent threat trends and related security issues.

This paper exerts that there exists very little data on whether companies are winning the war against cyber crime. It seeks to answer several questions with this survey of 270 IT security professionals in North America.

This guide is designed to help enterprises endpoint security solutions.

This paper provides a helpful checklist for NIST adoption.

This paper navigates decision-makers through the issues surrounding a specific technology or business case, explores the business value of adoption, and recommends the range of considerations and concrete next steps in the decision-making process.

In this edition, we highlight the notable investigative research and trends in threats statistics gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q2 of 2018. Cybercriminals continue to follow the money. Although this statement is familiar, our latest Threats Report clearly shows the migration from certain older attacks to new threat vectors as they become more profitable. Just as in Q1, we see the popularity of cryptocurrency mining continue to rise. In this report we detail recent findings from three McAfee Labs analyses that appeared in Q2. You can read summaries of each on pages 5-7. One area of investigation by our research teams is in digital assistants. In Q2 we analyzed a vulnerability in Microsoft’s Cortana. This flaw allowed an attacker to log into a locked Windows device and execute code. Following our vulnerability disclosure policy, we communicated our findings to Microsoft; the analysis resulted in CVE-2018-8140. We also examined the world of cryptocurrency attacks with an in-depth view of blockchain technology. Our report detailed many of the vulnerabilities being exploited by threat actors looking for a quick return on their investment.

Measuring & Managing the Cyber Risks to Business Operations, which was sponsored by Tenable and conducted by Ponemon Institute, reveals global trends in how organizations are assessing and addressing cybersecurity risks. We conclude from the findings that current approaches to understanding cyber risks to business operations are failing to help organizations minimize and mitigate threats. We surveyed 2,410 IT and IT security practitioners in the United States, United Kingdom, Germany, Australia, Mexico and Japan. All respondents have involvement in the evaluation and/or management of investments in cybersecurity solutions within their organizations. The consolidated global findings are presented in this report.

Security automation architecture can improve organizations’ security posture by augmenting or replacing human intervention in the identification and containment of cyber exploits or breaches through the use of such technologies as artificial intelligence, machine learning, analytics and orchestration. Sponsored by Juniper, the purpose of this research is to understand the challenges companies face when deciding how, when and where to implement the right automation capabilities in order to improve productivity, reduce costs, scale to support cloud deployments and ultimately strengthen the security posture of the business. Ponemon Institute surveyed 1,859 IT and IT security practitioners in Germany, France, the United Kingdom and the United States. All participants in this research are in organizations that presently deploy or plan to deploy security automation tools or applications and are familiar with their organizations use of security automation and have some responsibility for evaluating and/or selecting security automation technologies and vendors.

With hundreds of thousands of implementations across the globe, Enterprise Resource Planning (ERP) applications are supporting the most critical business processes for the biggest organizations in the world. This report is the result of joint research performed by Digital Shadows and Onapsis, aimed to provide insights into how the threat landscape has been evolving over time for ERP applications. We have concentrated our efforts on the two most widely-adopted solutions across the large enterprise segment, SAP and Oracle E-Business Suite, focusing on the risks and threats organizations should care about.

In this issue of the State of The Internet/Security report, they take a look back at some of the events they were a part of and the research the Akamai teams produced in the past 12 months. They also examine a few of the stories that formed the background in security this year.

This report offers information related to an ATM Jackpotting kit for sale on darknet.

From the report, “While the developers of this Guide strongly support the important role that governments play in convening a diverse ecosystem, the imposition of prescriptive, compliance-focused regulatory requirements will inhibit the security innovation that is key to staying ahead of today’s sophisticated threats. Moreover, earlier policy efforts were based on utopian solutions to these threats, premised on the notions that internet service providers (ISPs) can simply shut down all botnets, or that manufacturers can make all devices universally secure. Instead, dynamic, flexible solutions that are informed by voluntary consensus standards, driven by market demands, and implemented by stakeholders throughout the global digital economy, are the better answer to these evolving systemic challenges.”

From the report, “Our survey examined the most common malware threats that organizations are grappling with, how often those threats result in actual compromises, and the challenges involved in responding to them. Respondents included CIOs, CTOs, CSOs, IT directors, network administrators, and senior executives from organizations in more than 20 industries.”

“Threat intelligence has become a significant weapon in the fight against cybersecurity threats, and a large majority of organizations have made it a key part of their security programs. Among the key findings of the report are that organizations are leveraging threat intelligence data for a number of use cases, and many rate themselves fairly competent in their use of threat intelligence to identify and remediate cyber threats. The most common benefits of threat intelligence platforms include better threat analysis, faster detection and response, more efficient security operations, and better visibility into threats.”

“Despite the massive impact the WannaCry ransomware attack had on businesses across the globe and the immediate changes to security practices following it, a year later businesses still have a reactive approach and struggle to implement comprehensive security policies that target employees and management. With cyber threats evolving so rapidly, businesses need to learn how to be quick on their toes and expedite the development and enforcement of cyber security policies to better prevent future breaches.”

From the report, “The cyber attacks targeting political elections is in full swing as the 115th United States midterm elections grow closer. The exploitation of vulnerabilities and direct cyber attacks targeting election-related entities are somewhat expected; however, a different form of cyber attack has the potential to have a disruptive impact to the elections: disinformation campaigns. The use of disinformation tactics in today’s social media-obsessed society is the most prominent threat to the democratic process. This form of attack is at a significant and troublesome level that the average voter may not be fully aware of.” Read on to learn more.

This paper seeks to prompt a discussion about how our mindset and approach to cyber security now needs to change. It proposes 10 areas where important challenges must be confronted; this evolution will also provide some structure for innovative and disruptive technologies that are beginning to come to market but don’t fit the mould of traditional security controls.

This report provides information cultivated by the Task Force, which offers the opportunity to address significant cybersecurity concerns in the health care industry.