This report offers this key insight, “The heart of the tension between security and efficiency is the key vulnerability within your organization’s cyber security policy: employee passwords.” Read on to discover more.

In this midyear report, TrendMicro tracks the tendency of security risks to emerge from aspects of computing that are often overlooked and show how costly they can be especially for enterprises.

This report provides a “data-driven analysis of vulnerabilities in our industrial and critical infrastructure.”

A trade war with China. A fragile agreement with North Korea. A growing fear of Russian hackers. Ahead of the 2018 U.S. midterm congressional elections, geopolitical conflict continues to play out in cyberspace.

This report is the first in a bi-annual series that examines risks and attacks in the cloud native computing ecosystem. The next report will be released in the first half of 2019.

The first edition of the “State of Cybersecurity report” was well received by customers, industry analysts and cybersecurity professionals. The 2018 edition of the Report maintains the same unique structure to build on the first edition’s ethos and bring in new viewpoints and findings. The rest of this section is reproduced from last year’s report for the benefit of first-time readers.

You can use container security tools to secure critical applications, speed development efforts, and tamperproof your containers. But to access these benefits, you’ll first have to select from a diverse set of vendors — vendors that vary by size, functionality, geography, and vertical market focus. Security pros should use Forrester’s Now Tech report to understand the value they can expect from a container security provider and select vendors based on size and functionality.

In the 2019 Forcepoint Cybersecurity Predictions Report, we explore the impact of businesses putting their trust in cloud providers to protect their data, the impact of end-user trust in those securing personal biometric data, the cascading of trust into the supply chain to protect any critical data in their custodianship, and trust in algorithms and analytics successfully piloting automobiles and alerting security professionals to potential data loss incidents.

This report reviews the research that has been conducted by the federal government concluding that secure online voting is not yet feasible. We examine the insoluble security problems that are inherent to casting ballots online, including server penetration attacks, client-device malware, attacks to emailed and faxed ballots in transit, denial-of-service attacks, disruption attacks and the challenge to reliably authenticate voters.

This report contains an overview of the threat trends and malware families Cylance’s customers faced in 2017. This information is shared with the goal of assisting security practitioners, researchers, and individuals in our collective battle against emerging and evolving cyberthreats.

In this report, they provide an overview of current vulnerability disclosure trends and insights into real-world vulnerability demographics in enterprise environments. they analyze vulnerability prevalence in the wild, based on the number of affected enterprises, to highlight vulnerabilities that security practitioners are dealing with in practice - not just in theory.

This report examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy. Cyber threats are ever-evolving and may come from sophisticated adversaries. Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate. Importantly, cyberattacks and cyber theft impose externalities that may lead to rational underinvestment in cybersecurity by the private sectorrelative to the socially optimal level of investment. Firms in critical infrastructure sectors may generate especially large negative spillover effects to the wider economy. Insufficient data may impair cybersecurity efforts. Successful protection against cyber threats requires cooperation across firms and between private and public sectors.

The Third-Party Security Risk Management Playbook (Playbook) is the definitive study of third-party security risk management practices. Based on in-depth interviews of risk executives from 30 domestic and global firms, it reveals the real-world capabilities and practices employed to manage third-party cyber risk, distilled into 14 capabilities with 72 common, emerging, and pioneering practices.

This post discusses the following event - “On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. "

This blog post continues discussion about the CCleaner supply chain attack.

“For a long time now, SOSS has provided a reliable yardstick for the most common vulnerabilities found in software, as well as how organizations are measuring up to security industry benchmarks throughout the software development lifecycle (SDLC). One thing we’ve always wanted to understand better, though, is how quickly these organizations are actually fixing flaws once they’ve been identified in application security scans. This year, we turned our data analysis up a notch by working with the data scientists at Cyentia Institute, so that we could gain better visibility into the factors that go into fixing flaws. Readers will find valuable insight on how factors like flaw severity, business criticality of applications, and exploitability of the flaws change the rate at which certain vulnerabilities are fixed.”

SecurityScorecard ran an analysis, looking at the security ratings of organizations over a six month period and identified which organizations improved those scores the most; whether overall or within a specific risk area.

“In this year’s report, SecurityScorecard looked at more than 1200 healthcare companies from July 2017 through the end of the year and analyzed terabytes of information to assess risk across ten risk factors.”

“To take a look at the cybersecurity health of financial institutions, this September, SecurityScorecard analyzed 2,924 financial institutions in the SecurityScorecard platform to find existing vulnerabilities within banks, investment firms, and other financial firms to determine the cybersecurity performance of the financial sector, especially as compared to other industries. Our team also analyzed the cybersecurity posture of the Top 20 highest performing FDIC-insured banks to understand what security factors pose risks to these financial institutions.”

This report focuses on key metrics from the following verticals: 1) Education 2) Finance & Finance-related Businesses 3) Technology 4) Healthcare Additional data is provided that focuses on company size. In the following pages, we present specific data showing the types of attacks attempted on these networks and other key findings that we believe are of interest.

This is an annual report that discusses the latest malware and hacking trends in compromised websites.