Cyber Threats: key insights from the best reports

Click each image to view each Cyber Threat report.  Or look at the reports on how to Respond.

 
Cybersecurity for the modern era Proofpoint– 15pgs – 5th September 2018
90% of targeted attacks start with email.
$5.3 billion the cost of email fraud from October 2013 to December 2016.
Attackers are the ultimate adapters – changing their tactics to present a moving threat.
Social media phishing is the fastest-growing social media threat, with a 150% increase from 2015 to 2016.
 
The Fake Email Crisis Valimail – 11pgs – 27th August 2018
91% of all cyber attacks start with a phishing email.
6.4 Billion fake messages are sent worldwide every day
The United States continues to lead the world as a source of fake email
 
Protected Health Information Data Breach Report Verizon –  20pgs – 26th August 2018
58% of incidents involved insiders.
Healthcare has a major paper problem that causes sensitive data leakage.
Healthcare is the only industry in which internal actors are the biggest threat to an organization.
Ransomware is responsible for 70% of breach attempt incidents.
 
Cybersecurity mistakes all small business employees make, from entry level to the C-Suite Switchfast – 11pgs – 24th August 2018
35% of SMB leaders don't know what a Clean Desk.
35% of employees don’t even know if there is a response plan in their company.
60% of small businesses that suffer a breach are likely to go out of business within six months.
Negligent employees remain the number one cause of data breaches at small businesses across America.
 
Malwarebytes Global Cyber Study – 8th August 2018 Nearly 15% of U.S. security budgets go to remediating active compromises.
Consensus estimate is that more than five percent of global security pros are Gray Hats.
12% of 900 cyber professionals reported they have considered “black hatting” (working for criminals).
Mid-sized companies’ security budgets increased nearly 36% to protect against the high volume of malicious attacks.
 
CYBETHREATSCAPE REPORT 2018 MidYear CyberSecurity Risk Review – 71 pgs – 3rd August 2018
Organizations should stay as current as possible on both the broader threat and the specific threats' landscape.
The attack surface for threat actors and threat groups growing and expanding.
Organizations should think beyond the enterprise to the full ecosystem.
71% believe that cyberattacks are still a “bit of a black box”
 
The Cybersecurity and Identity Gap Survey CORE SECURITY – 18pgs  –1st August 2018
44.7% increase in data breaches since 2017.
$93 billion are expected to be spent on cyber security by the end of 2018.
Most organizations risk breaches due to gap between Identity and Cybersecurity silos.
81% of confirmed data breaches today still involve weak, default or stolen passwords
 
Under GDPR, Data Breach Reports in UK Have Quadrupled Mathew J. Schwartz – Bank Info Security – 25th July 2018
"The 72 hours to file a report isn't just to email or phone us" - ICO
The number of breach reports submitted to UK's ICO quadrupled in the months before and after GDPR.
Organizations based outside the EU but which store or process Europeans' personal data must also comply with GDPR.
Organizations need to have detailed policies and procedures in place to help data controllers best make breach determinations going forward.
 
2018 Data Exposure Report Code 42 – 32pgs – 24th July 2018
A feeling of personal ownership over work puts data security at risk.
50% of business leaders and 63% of CEOs admit to clicking on a link they didn’t intend to.
Even the strongest data security policies and perimeters are no match for human emotion and behaviour.
78% of CEOs and 74 % of business leaders agree that ideas are data, and still the most precious assets in the enterprise.
Foreign Economic Espionage in Cyberspace - DNI – NSCS - 20 pgs – 24th July 2018 Hackers are targeting software supply chains to achieve cyber espionage, organizational disruption, or financial impact.
2.2 million computers were infected by their anti-virus software CCleaner, when it was compromised with Floxif malware downloader.
 
Cybercrime tactics and techniques: Q2 2018 Malwarebytes – 25pgs – 23rd July 2018
Cryptomining detections are still hot, but starting to decline.
The second quarter of 2018 had a huge spike in backdoor malware detections.
The first quarter of 2018 ended with a massive campaign effort to infect thousands of users with the Emotet banking Trojan.
 
ERP Applications under fire Digital Shadows – 30pgs – 23rd July 2018
Cybercriminals have evolved malware to target internal, “behind-the-firewall” ERP applications.
Hacktivist groups are attacking ERP app to disrupt critical business operations and penetrate organizations.
There has been a dramatic increase in interest in exploits for SAP apps in dark web and cybercriminal forums.
Nation-state sponsored actors have targeted ERP applications for cyber espionage and sabotage.
 
Securing the Supply Chain Vanson Bourne  – Crowdstrike – 46pgs – 22nd July 2018
68% of security professionals say they are not prepared to defend against supply chain attacks.
81% of senior IT decision makers say they need to spend significantly more on software supply chain security.
79% of security professionals say software supply chain attacks could become one of the biggest cyber threats to organizations over next 3 years.
 
Quarterly Incident Response Threat Report Carbon Black – 16pgs – 19th July 2018
59% of cyber attacks now involve lateral movement
35% of respondents say attackers' end goal is espionage
46% of cyber response experts have experienced counter incident response
78% of cyber response experts say the financial industry is attacked most often
 
2018 Cost of a Data Breach Study: Global Overview Ponemon Institute LLC - 47pgs – 12th July 2018
US organizations pay the highest price for losing customers after a data breach.
Healthcare companies have the highest days to contain a cyber incident at 103 days.
Third party involvement in a breach and extensive cloud migration at the time of the breach increase the cost.
Incident response teams and the extensive use of encryption result in the greatest decrease the cost of a breach.
The typical enterprise is estimated to have a 28% chance of suffering a material breach in the next 24 months.
The cost of the typical data breach has risen 6.4% this year, and now stands at $3.86 million
 
Singapore Cyber Landscape - CSA - 50 pgs - published 19th June 2018 832% annual increase in fake websites (Phishing URLs) with a Singapore link
17% annual increase in website being hacked and defaced across Singapore
2018 expected to see more spoofed mobile applications and Wi-Fi
2018 expected to see AI-enabled social engineering attacks
 
Data Breach Reports Identity Theft Resource Center (ITRC) - 137pgs - 11th June 2018
28% of 2018's reported breaches have been in the Health Sector, and 13% in Financial Services.
71 data breaches announced across the USA in May, bringing the total to 522 in the first 5 months of 2018.
 
National Exposure Index - Inferring Internet Security Posture by Country Rapid7 - 60 pgs - 7th June 2018
Rapid7 have identified 500,000 servers that are still vulnerable to WannaCry and similar malware.
In 2018, Rapid7 identified 13 million exposed database services, which a a significant risk of data loss worldwide.
Rapid7's data indicates that the countries that have the most exposed internet servers are the USA, China and Canada.
Amplification potential can be abused by malicious actors either to cause DDoS events on their own, or in conjunction with more serious attacks.
 
 
2018 Risk: Value Report NTT Security – 12 pgs – 4th June 2018
In Sweden, 27% of companies worry about a lack of employee skills in key areas.
69% of UK organizations fretted about brand damage, compared to 52% globally.
Companies are over-confident about their level of vulnerability: 47% claim that had not been affected by data breaches yet.
73% of UK respondents worried about the impact on customer confidence following an information security incident, compared to the 56% global average.
 
On the Money: Growing IT Security Budgets to Protect Digital Transformation Initiatives Kaspersky – 27pgs – 2nd June 2018
23% of IT budgets are now allocated for cybersecurity.
47% of CEOs are being challenged by their boards to digital transform.
Cyber attacks become more sophisticated with devastating financial and reputational implications.
The costliest threats are related to data leaving the business premise ($1.09m) followed by inappropriate data sharing by mobile devices
 
2018 Cybercrime Report – Europe Deepdive: Insights from the ThreatMetrix Threat Metrix – 19pgs – 17th May 2018
80m European attacks detected and stopped in Q1 2018.
38% of all cyber attacks originate from Europe.
21% of bot attacks originated from Europe in Q1 2018.
European login attack rates over double the global figure
 
 
2018 EfficientIP Global DNS Threat Report Efficient iP – 12 pgs – 16th May 2018
£715,000 is the average cost of DNS attacks
77% of organisations is subject to a DNS attack
33% of organisations has suffered data theft via DNS
Cyber attacks in 2017 cost around $1 trillion in damages, compared with $300 billion for natural disasters
 
Cybersecurity Strategy U.S. Department of Homeland Security – 35pgs – May 15th 2018
An excess of 20bn devices will be connected to the Internet by 2020.
Non-state actors' cyber capabilities are equally sophisticated with those of nation-states.
DHS identified 5 key pillars of risk management for effective mitigation
Data Breach QuickView Report Q1 2018 Data Breach Trends –19pgs – 9th May 2018
686 breaches have been reported through March 31st, exposing approximately 1.4 billion records.
Fraud captured the top spot for the breach type compromising 1.27 billion exposed records during the first quarter.
The leading cause of breaches for the quarter was Hacking (unauthorized intrusion), accounting for 38.9% of incidents.
 
Properly Framing the Cost of a Data Breach DarkReading – 8th May 2018
Who knows What, When?
Simple graphs do not always reflect the reality.
Negative Publicity increases the costs of the breach.
 
Governing Cyber Risk A Guide for Company Board – 24pgs -26th April 2018
7 key questions for Boards include: has breach response plan been dry-run?
7 key questions for Boards include: is cyber governance independently assessed and certified?
 
How Secure is Blockchain really? MIT Technology Review - Orcutt – 1pg – 25th April 2018
Hackers CAN and DO break into "hot wallets".
Neither Bitcoin nor Ethereum is as decentralised as you may think.
In 2016 hackers stole $80 million from Decentralised Autonomous Organisation (DAO).
 
Cyber Security Breaches Survey 2018 Department for Digital, Culture, Media and Sport – 58 pgs – 25th April 2018
53% of businesses that have experienced a cyber breach have been seriously affected.
74% of businesses' senior management view cyber security as a high priority.
43% of businesses have experienced a cyber breach in the past 12 months.
73% of businesses have no formal cyber security policy in place.
 
Managing Insider Threat James Christiansen – 27 pgs - 20th April 2018
27.5% annual growth in data breaches reported by businesses
32 staff say they will steal company data per year, in a typical business with 1,000 staff
 
BlueBorne – an airborne cyber attack Nadir Izrael - 31 pgs – 20th April 2018
BlueBorne does not need users to access internet, click on a link, download a file or pair device
BlueBorne malware spread from device to device, to steal credentials or deliver ransomware
5,300 million devices are at risk from BlueBorne malware, which spreads via BlueTooth
 
Study of Cyber Security Professionals Jon Oltsik – 15 pgs – 20th April 2018
43% of IT Security specialists say Execs should have cybersecurity as performance metrics
24% of IT Security specialists say Execs don’t understand or support appropriate cybersecurity
46% of IT Security specialists say most organisations are “extremely vulnerable” to cyber attack
 
Into the web of profit Bromium – 178pgs – 20th April 2018
Hackers-for-hire can cost $200 for small hacks.
Cybercrime generates at least $1.5 trillion in revenues each year.
10% of globally laundered money is attributed to cybercrime revenue.
$1bn in profits is generated through multinational cybercrime operations.
 
How AI will be used for to manipulate videos The Verge – 17th April 2018
Voices can be faked by AI if the computers have just minutes of real audio to analyse.
AI-based face-swapping software causes concern for progression of ‘fake news’ and spear phishing
 
Lazy hackers turn to automated tools BBC News – 17th April 2018
Within 15 seconds of getting access, the bot:
• sought out and exploited several known vulnerabilities
• scanned the network to which the server was connected
• stole and dumped credentials for other vulnerable machines
• created new user accounts for its creators to use
20 billion cyber attacks are blocked every day.
 
2018 Security Report Check Point Research - 46 pgs - 14 April 2018
77% of IT Professionals feel unprepared for today's Cyber Security challenges
The new IoTroop Botnet is recruiting IoT devices at great pace & could be devastating when it attacks
 
2018 Data Breach Investigations Report Verizon – 68pgs – 12th April 2018
68% of breaches took over a month to detect.
93% of breaches used Phishing and Pretexting.
59% of Phishing attacks were financially motivated.
 
The cyber threat to UK business NCA – 28pgs – 10th April 2018
$9bn global loss projected from BEC scams in 2018.
Only 40% of data stored in clouds is access secured.
Mandate fraud is third highest method to defraud companies.
Ransom DDoS attacks seen sharp rise – costing companies up to $1m.
 
2018 Global Security Report Trustwave – 105pgs – 5th April 2018
Financial Services are suffering more breaches of their corporate networks than any other sector
100% of web applications have at least one vulnerability, with average of 11 vulnerabilities
55% of Corporate Network breaches are achieved through Phishing or Social Engineering
45% of E-Commerce site breaches are achieved through malicious file upload
60% annual increase in high impact Vulnerabilities disclosed in last year
 
2018 Internet Security Threat Report Symantec – 4pgs – 4th April 2018
46% increase in Ransomware variants over last 12 months.
8,500% increase in Cryptojacking (coinminers on endpoint computers) during last 12 months
600% increase in IoT attacks (on devices in the "internet of things) during last 12 months
54% increase in new Mobile Malware variants and apps during last 12 months
 
Vulnerability Review 2018 Flexera – 17pgs – 3rd April 2018
Zero- Day vulnerabilities remain rare: 12 out of 19,954.
20,000 High-profile vulnerabilities were documented in 2017.
Major gap remains between identifying vulnerabilities and fixing them.
86% of known vulnerabilities have patched available at the disclosure day.
High-profile vulnerabilities and breaches hit the front pages forcing many businesses to adopt a reactive approach.
 
IBM X-Force Threat Intelligence Index 2018 IBM - 43pgs - 31 March 2018.
79% of malicious activities on enterprise networks in 2017 were injection attacks.
Over 2.9bn records leaked in 2017 from publicly disclosed incidents.
Financial services ranked #1 for security incidents target in 2017.
$2.1 trillion losses forecasted by financial firms by 2019.
 
Cyber Security: Export Strategy Department for International Trade – 20pgs – 26th March
Pursue, Enable, Respond: The three Key stages of the new cyber security strategy.
90% of big businesses have been hit by a major cyber attack but still lack a good understanding around potential cyber risks.
 
Internet Security Threat Report Symantec – 89pgs – 22nd March 2018
1 in 13 web requests in 2017 lead to malware.
7% rise of zero-day vulnerabilities recorded in 2017.
Over 1,000 Ransomware each day were detected last year.
24,000 malicious mobile applications were blocked each day last year.
 
Declassified: Unravelling the cyber skills gap & talent shortage Cybrary – 20pgs – 22nd March 2018
Cybersecurity industry shortage effecting 2/3's of organisations.
68% doubt their organisations ability to defend against breaches.
85% have to contribute towards cybersecurity training expenses.
80% of respondents are unprepared to defend against cyber threats.
Training is a key factor in breach resilience on employee and corporate levels.
 
Threat Horizon 2020 ISF - 4pgs - 21st March 2018
Employees are targeted to expose organisation vulnerabilities.
Attackers utilising AI will create self-learning malware.
Fear looms over weaponised IoT devices.
 
The black market report Armor – 16pgs – 20th March 2018
$12.99 is the price tag of your online identity.
$100bn's in cybercrime costs for businesses globally.
U.S. financial loss from cyber attacks has exceeded $1.3bn.
$200 per day is the cost to 'hire' a DDos attack.
 
Policing and Cyber Crime Parliament Street – 4pgs – 20th March 2018
Police forces spend as little as £6 per person on training.
Effective policing requires a standardised cybercrime strategy.
£130bn is stolen from consumers annually as a result of a cybercrime.
£1.3m (only!) spent by Police Forces to bridge the knowledge gap between police and cybercriminal.
 
Small Gains, Big Wins Bitdefender –11pgs – 19th March 2018
20% of Executives view the finance department as a main target.
75% sees managers as the biggest source of poor security practice.
"Loss of Customer Trust" the most feared impact of a data breach for any organisation.
40% regard the human element being an important factor when detecting cyber threats.
 
Russian Government Cyber Activity Targeting Critical Infrastructure DHS and FBI - 19 pgs - 15th March 2018
Details Russian government actions against U.S. Government, + energy, nuclear, commercial, water, aviation, & critical manufacturing sectors.
HR Department's public web page accidentally provided sensitive info on industrial control systems at organisation targeted by Russians.
 
The Third Annual Study on the Cyber Resilient Organization Ponemon – 44 pgs – 15th March 2018
69% of high performers have a mature cybersecurity program in place.
66% say that Incident response plans often do not exist or are "ad hoc".
61% say that hiring skilled personnel improved their cyber resilience.
 
Not a Bitcoin owner? You could (still) be at risk Check Point – 12th March 2018
$425 million already stolen from Coincheck in 2018.
Crypto-Mining attacks produce devastating reputational risks for the organisation.
100-fold increase in Crypto-Mining attacks in the last six months, stealing energy & processing power.
55% of organizations were a target of crypto-mining attacks in December 2017 alone.
Crypto-Mining malware can easily consume the entire CPU power of your servers.
 
Losing the cyber culture war in healthcare Accenture – 10slides – 1st March 2018
18% of respondents willing to sell confidential date to unauthorised parties for as little as $500.
24% of health employees are aware of someone in their organisation who has sold their credentials or access to unauthorised outsider.
99% of respondents that an organisation cannot rely solely on employees to safeguard data.
 
The cyber aware perception gap HM Government – 32pgs – 1st March 2018
86% of small firms have no incident management processes to counter security breaches.
69% of businesses do not perceive cyber security as a very high priority for senior management.
The average person is 11 times more likely to fall victim of cyber crime than a robbery.
45% of SMEs had their data breached in the past 12 months.
 
2018 Global Threat Report - Crowdstrike – 42pgs – 26th Feb 2018 Over 90 Billion (!) cyber events now take place worldwide every day.
Criminals are accessing military-grade cyber weaponry because of a “new” trickle-down effect.
118 minutes was the average breakout time, moving from your first compromised computer to your other systems.
39% of malicious software now gets past traditional antivirus defences, because it cleverly avoids writing data to your computer disk.
 
2018 Study on Global Megatrends in Cybersecurity Ponemon & Raytheon – 12 pgs – Survey of 1,100 senior IT staff – 23rd Feb 2018
66% of experts expect their company value will be "seriously diminished" in next 3 years by a cyber attack
The fastest growing worry for those responsible for cybersecurity: "Inability to minimize employee-related risk"
129% growth in importance given to Organisational Factors over 3 years to 2018, now ranked #4 among cyber risk areas.
Twice as many organisations now expect their cyber security to decline in next 3 years (19% say that in 2018, vs 11% in 2015)
 
Cyber Resilience & Trust Report –February 2018 Darkmatter – 28pgs – 23rd February 2018
Cyber threats are turning digital society more anarchic and dangerous.
The IoT is reshaping the threat landscape, enlisting things into botnets.
87% of global public are concerned about the privacy and security of their personal data.
To tackle the threats of tomorrow organisations must adopt a more predictive and antifragile philosophy.
 
Annual Cybersecurity Report 2018 - Cisco - 22 Feb '18 83% of IoT devices sampled still have critical vulnerabilities.
Lack of trained staff is the fastest growing challenge to cybersecurity.
62% of suspicious downloads by staff occurred outside of normal work hours.
44% of cybersecurity alerts are not investigated at all, & only 17% of alerts are remediated.
Operations and Finance are the two departments most likely to be affected by security breaches.
 
2018 Breach Briefing Beazley – 16pgs – 21st February 2018.
46% of cyber incidents reported to insurers were caused by external criminals, via hack, malware or social engineering.
51% of cyber incidents reported to insurers were caused by staff, including accidental disclosure and deliberate crime.
84% of payroll diversion attacks impacted middle-market organisations.
63% of W-2 incidents impacted middle-market organisations.
 
Economic Impact of Cybercrime – No slowing down McAfee – CSIS – 28pgs – 21st February 2018
Only 13% of cybercrime is reported in the UK.
Nearly half of UK crime is online fraud or other cyber crime.
Every day, criminals create up to 1 million malicious software products.
Global cybercrime will cost $600bn in 2018 (0.8% of global GDP).
Every day, criminals conduct about 80 billion malicious scans
 
The Malicious Use of AI (Artificial Intelligence) Published by Oxford & Cambridge Universities, 101 pgs - 21st Feb 2018
AI will expand existing cyber threats, change their character and introduce new ones.
Spear Phishing cyber attacks (customised to the individual victim) may be partially automated by AI.
AI's efficiency, scalability, and ability to exceed human capabilities suggest highly effective attacks will become more typical.
 
BitSight - analysis of 1,212 federal contractors in USA - 16th Feb 2018 Botnet infections are prevalent amongst the US government contractor base.
8% of Healthcare suppliers to the US government reported a Data Breach over the last 25 months.
Nearly one in five users at Technology and Aerospace contractors are vulnerable to malware as they use an outdated internet browser.
 
Voice of the analyst study Cyentia Institute – 24pgs – 12th February 2018
30% of respondents feel disrespected in the wider industry.
28% of respondents lack experience in stopping an intrusion.
Event monitoring analysts are least likely to identify intruders.
25% of experienced analysts are highly dissatisfied with their present job.
 
Business Continuity Report (BCI) – Horizon Scan - 36pgs – 9th February 2018 42% of Business Continuity Managers are extremely concerned about the risk of a Data Breach.
Cyber is the most worrying type of threat to Business Continuity Managers in every Geography and Sector.
The potential emergence of a global [cyber] pandemic becomes more and more realistic.
54% of respondents use ISO 22301 as a framework but are not certified.
 
State of the Internet - Security Akamai - global report based on data in Q4 2017 - 28 pgs - published 7th Feb 2018
Worldwide, there has been a 14% increase in DDoS attacks in last 12 months.
Germany was the source of 30% of DDoS attacks observed in Q4 2017.
79% of DDoS attacks were suffered by the Gaming industry.
SQLi made up 50% of web application attacks in Q4 2017.
 
2018 Cyber Readiness Report Hiscox – survey of 4,100 businesses - 24pgs – 6th February 2018
German firms have been hit hardest by cyber crime, cost figures ranging up to $5 million.
53% of the US government entities have reported a cyber incident in the past year.
The average organisation spends 10.5% of their IT Budget on cyber security.
73% of responding organisations rank as cyber novices.
 
Cyber Incident and Breach Trends Report Published by Online Trust Alliance – 11 pgs - 25th January 2018
52% of data breaches in last 12 months were the result of actual hacks
93% of data breaches in last 12 months could have been prevented
18.2% is the annual growth rate in reported data breach incidents
90% rise in business targeted ransomware in last year
 
Cybercrime Tactics and Techniques: 2017 State of Malware Malwarebytes - 32 pgs - published 25th Jan 2018
"The second half of 2017 marked an average of 102% increase in banking Trojan detections."
"Ransomware detections increased by 90 percent for businesses in last 12 months."
"2017 saw a massive increase in the malicious use of cryptominers."
"The volume of adware increased 132 percent year-over-year."
 
Risk Barometer - Top Business Risks for 2018 Allianz - survey of 1,911decision makers in 80 countries - 21 pgs - 16th Jan 2018
"Cyber Incidents are the business risk that are currently most underestimated."
Cyber risk is expected to still be be a top 3 risk in 10 years, for 48% of businesses surveyed.
The way in which a business manages a data breach has a direct impact on the final cost.
 
Cyber Resilience Playbook - World Economic Forum - 16th Jan 2018 The Playbook is intended to guide intra-state public-private collaboration on cybersecurity policy, including:
- Cyber exercises are one of the best ways to test an organization’s robustness and resilience
- Government involvement in Zero-day market, including research and purchasing
- Trade-offs between values created by Attribution policy choices
 
Carbon Black 2017 Threat Report Non-Malware attacks and Ransomware Continue to own the spotlight – 17pgs – 3rd January 2018
$5 Billion was the cost of ransomware attacks in 2017.
6.8% per month increase in non-malware attacks.
52% of all attacks in 2017 were non-malware.
 
Ransomware piercing the anti-virus bubble Malwarebytes – 6 pgs – 20th December 2017
Complacency creates opportunities for a hacker.
The growth in the volume and sophistication of ransomware attacks is widely expected to continue in the coming years.
The market for endpoint protection solutions is forecasted to grow from US$4.8bn to US$5.8bn between 2017 and 2020 (Radicati Group).
Existing defenses often fail to protect data and systems from new strains of attack, and will continue to fall short unless …preventive measures are in place
 
CyberArk Global Threat Landscape Report 2018: The Business View of Security CyberArk – 6pgs –14th December 2017
52% of business leaders unsure as to what they should do in a cyber incident.
31% of security professional surveyed do not use privileged account security solutions.
46% of business leaders believe that they "cannot stop every cyber attempt"to break in.
It is not uncommon for organisations to hide the extent of damage caused by a cyber attack.
50% of organisations did not fully inform customers when their personal data was compromised in a cyber attack.
 
Cybersecurity Trends 2018 ESET – 30pgs – 14th December 2017
Back up everything that matters to you.
Cyberthreats to critical infrastructure are rising dramatically.
Hacktivism and attacks during electoral campaigns occur more often than not.
 
Blockchain security: What keeps your transaction data safe? IBM – 1 pg – 12th December 2017
All blockchains are not created equally.
The bigger your network is, the more tamper-resistant your blockchain will be.
Public blockchains are designed around the principle of anonymity and may not always be right for enterprises.
 
A guide to cybercrime for CEOs Malwarebytes - 17pgs - 7th December 2017
2,000% increase in Ransomware over last 2 years.
23% increase in all types of identified cybercrime attacks on businesses since 2016.
"Instead of closing gaps and filling holes, businesses have to turn offensive in the battle against cybercrime."
In the 1980s & 1990s, ‘Hacking’ transformed into criminal activity. In the 2000s, it piqued the interest of criminals & nations.
 
2017 Payment Security Report - Verizon – 58pgs – 7th December 2017 66% of customers say they are unlikely to do business with an organization that experienced a breach
 
Quarterly Threat intelligence report by NTT Global Threat Intelligence Center (GTIC) – Q3 2017 – 19pgs – 29th November 2017
Single insider threat incidents in 2016 cost enterprises an average of $7.8m.
15% of staff took "business critical information" when transitioning into a new company.
Non-compliance with corporate policy and negligence accounts for 68% of insider threats.
42% increase in phishing attempts followed by malware infections were witnessed in Q3 2017.
 
Western European Cities Exposed [Cyber Assets] Trend Micro - 51 pgs -Analysis of over 2m IP addresses in 10 cities - 28th November 2017
The Western European City with the highest number of exposed cyber assets is Berlin.
Amsterdam has the most per exposed cyber assets per capita.
 
Huntpedia Your Threat Hunting Knowledge Compendium –107 pgs – November 2017
Unsolicited outbound communication to the hostile domain with no referrer could indicate malware command and control.
Organisations need to have a clearly defined, evaluated, executed and matured response strategy in place.
Cyber Threat Intelligence and the Pyramid of Pain.
High-end intruders are always one step ahead.
 
Quarterly Threat Report – Quickheal – 28pgs – 20th November 2017 Compared to Q2 2017, Q3 2017 registered a drop of 11% in the detection count of Windows malware samples.
The only truly secure system is one that is powered off, cast in a block of concrete and sealed in lead-lines room with armed guards.
Cryptomic and Cerber ransomware are expected to hit its targets with new variants and sophisticated propagation techniques.
"Hoaxes prey on the Human Operating System."
 
2018 Security Predictions Report - Forcepoint – 21pgs – 20th Nov 2017 2018 will see many organizations undergo CISO reshuffles as these individuals realize they are unprepared for GDPR.
2018 will see increased risk of a breach from a trusted insider because of the adoption of cloud technologies.
2018 will see the Internet of Things (IoT) become a target for mass disruption
2018 will see Workforce Monitoring (UEBA) become a top priority for CISOs
 
 
Threat Intelligence Report Nokia - data from the Nokia NetGuard Endpoint Security solution, protecting 100 million devices - 20 pgs - 13th Nov 2017
Cybercriminals are changing their focus from the Windows/PC ecosystem to smartphones and IoT devices.
0.68% of all mobile devices carry an infection identifiable by NetGuard Endpoint Security.
0.94% of Android devices carry an infection identifiable by NetGuard Endpoint Security.
The volume, velocity and variety of security data today is overwhelming security teams.
 
Poor PAM processes and policies leave the crown jewels susceptible to security breaches Global Survey of IT Professionals – 18pgs – 7th November 2017
54% of companies use password vaults for admin and/or privileged accounts.
36% use Excel and 18% of companies use paper to store passwords.
98% change privileged passwords but only 14% do so after each use.
 
Fail to Plan, Plan to Fail: Understanding the role of LoB practitioners and SOCs in securing IoT environments Forrester – 11 pgs – 7th November 2017
54% of security leaders are anxious about IoT security.
90% of companies expect an increased volume of IoT devices over the next 24 months.
48% of companies see improved awareness and visibility as a critical next step to improving IoT security.
 
 
CyberArk - survey of 825 professionals in Security and DevOps - 8 pgs -7th Nov 2017
Many organisations now have fast-growing a DevOps function, to achieve significant business and IT benefits.
Due to the dynamic nature of the DevOps function, key ‘secrets’ (like privileged account credentials) are copied and shared in multiple locations.
60% of DevOps staff store privileged account or admin passwords in a document on a company PC.
99% of the 825 professionals surveyed failed to identify all places such secrets are stored.
 
Cyber Resilience Report Redseal - interviews with 600 CISOS and CIOs in USA and UK - 3pgs - 3rd Nov 2017
55% of CISOs and CIOs say they can't react quickly enough to limit damage in the event of a major security incident.
54% of CISOs and CIOs say they lack the resources and tools they need.
 
Investigation: WannaCry Cyber attack and the NHS National Audit Office – 33 pgs – 27th October 2017
The NHS had not rehearsed for a national cyber attack, so it was not clear who should lead the response.
There was no clear relationship between vulnerability to the WannaCry attack and leadership in trusts.
The Department was warned about the risks of cyber attacks on the NHS a year before WannaCry but still failed to react.
 
Breach Insights Report Beazley - review of 2,013 cyber incidents in 2017 - 3 pgs - 24th Oct 2017
34% of data breaches caused by hacking and malware; 29% of data breaches caused by unintended disclosure.
A social engineering attack occurs when a hacker uses deception to manipulate individuals into divulging con dential or personal information.
Nine-fold rise in data breaches due to social engineering in 2017 compared to 2016.
2017 Cybercrime Report Steve Morgan – 14 pgs – 16th October 2017
Cybercrime damages will cost the world $6 trillion by 2021.
The Big Data Bang’ will explode from 2 billion objects to 200 billion by 2020.
Cybersecurity spending will grow from $86.4 billion to $93 billion in the next twelve months.
Every 40 seconds a business falls victim to a ransomware attack.
In 2018, a legion of small businesses will wake up to the reality that they are under cyber-attack
 
Cyber Threat-Scape Report - Accenture - 56 pigs - 5 October 2017 Criminal marketplaces are profitable and tools are more accessible to all.
Destructive cyber-threat activity is becoming more common and attribution is getting harder
Although governments are trying hard to avoid future leaks, more exploit arsenals will be exposed in the coming years.
An increasingly lucrative criminal marketplace is driving differentiated criminal offerings, emboldening and enabling more actors with better capabilities.
 
Sensitive Data at Risk - Data Protection Survey SANS - survey of 257 IT and security administrators - 24 pgs - 30th September 2017
48% of breaches resulted in the exfiltration of sensitive data via an encrypted channel established by malware.
31% say lack of staffing and resources is the biggest obstacle to protecting sensitive data.
 
Europol (EC3) - "The Internet Organised Crime Threat Assessment" IOCTA – 2017 – 80pgs – 28th September 2017
Coercion and sexual extortion are increasingly being used to victimize children online. 

USA remains one of the key destinations for cashing out counterfeit EU payment cards, along with Southeast Asia. 

Most terrorist activity concerns the open internet; however there is a share of terrorist exchange in the Darknet too.
Malware developers are pushed to rely more on other infection methods, including spam botnets and social engineering. 

Law enforcement is witnessing a transition into the use of secure apps and other services by criminals across all crime areas.
 
Cisco - 2017 Annual Cybersecurity Report - 110 pgs - September The top constraints to adopting advanced security products and solutions, according to the benchmark study, are:
Budget (cited by 35% of the respondents), Product compatibility (28%), Certification (25%), and Talent (25%).
 
Uber Arrogance “God View” and Data Protection Noel Doherty – 2pgs – 18th August 2017
Uber failed to implement basic security practices to protect customers.
Uber may be fined up to 4% of its total annual turnover under GDPR.
 
2017 Data Breach Investigations Report - 76 pgs - 14 Sept. 2017 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
73% of breaches were financially motivated; 21% were for espionage.
75% of breaches are perpetrated by outsiders.
51% involved organised criminal groups.
 
The colossal Equifax data breach has hit 400,00 UK customers Mark Burgess – Wired – 18th September 2017
Equifax failed to treat either people’s data or the law surrounding it seriously.
A flaw in the American firm's systems left the data of a potential 143 million people exposed.
UK’s Informational Commissioner’s Office is “pressing” Equifax on the “nature of the data breach”.
"[Equifax's] Safe Harbour certification suggests that it was not a process failure but a conscious choice."
 
Effective Ransomware Responses - 8 pgs - FireEye - 15 Sept. 2017 Most ransomware attacks target either the confidentiality or availability of data.
Ransomware operators have infected victims worldwide using their native languages.
Ransomware has primarily affected Windows operating systems, but recently it has affected other operating systems.
 
EU to beef up cybersecurity agency EUOBSERVER – Teffer – 13th September 2017
Europe faced 4,000 ransomware per day in 2016.
Cyberattacks know no borders and no one is immune.
Jean-Claude Juncker's proposal to set up a European Cybersecurity Agency confirmed.
 
Government wants to remain in EU cyber security club after Brexit Scroxton – ComputerWeekly – 12th September 2017
Cyber security is a key element of protecting European security and values.
The UK is a world leader in cyber security and seeks to maintain its position.
Need for continuation of collaboration to promote conflict prevention, cooperation and stability in cyber space.
 
 
CyberSecurity across US Government Security Scorecard - analysis of security posture of 552 government bodies - 24 pgs - 24th August 2017
Government ranks 16th out of 18th sectors in the USA when it comes to protecting its computer systems from hackers.
Government performs particularly badly in four categories of security measurements: Endpoint Security, IP Reputation, and Patching Cadence.
Among large departments of Government, the IRS, Congressional Budget Office and FTC have the fewest vulnerabilities visibilities visible to hackers.
 
State of the Internet, 2017 Akamai – 27 pgs - 23rd August 2017
25% increase in total web application attacks since 2016
Gaming customers were targeted by 81% of all volumetric DDoS attacks.
U.S. retained the top position both the source (112 million) and the target (218 milion) of web application attacks.
Even the best, most rational, risk-driven decision made six months ago may no longer be appropriate today.
Patching is not a simple issue. Organizations make patching decisions based on risk and business priorities.
Patching has direct costs, such as staff and testing, and indirect costs, such as downtime.
 
Data Protection: Employer Obligations and Motivations General global assistance – White Paper – 24 pgs – 21st August 2017
Vetting third-party ventors could prevent information leakage into the wrong hands.
Establishing a cyber security culture within a workplace, eliminates the chances of a ‘human error’.
Employee data can be by far more valuable than customer data.
In cybersecurity, the only certainty is change.
 
Cyber security among charities: findings from qualitative research IPSOS MORI – Department for Digital, Culture Media & Sport – 29pgs – 21st August 2017
“At the moment cyber security is not a priority, but I do see it becoming a big one in two or three years. Now our turnover’s low...”
“Because of the way we're structured, it's very difficult to have somebody that really focuses on cyber security ... “
Some charities lack the knowledge and skills to pull together training themselves.
Lack of awareness of the notion of cyber insurance among charities.
 
Online Privacy Guide: How to Stay Safe on the Web Crace – 21st August 2017
Encryption minimises the risk of your data being stolen.
Employ two-factor authentication against password cracking.
 
FTSE 350 Cyber Governance Health Check Report 2017 HM Government – 28pgs – 21st August 2017
31% of Boards say they receive comprehensive and informative management information on cyber risk.
54% of Boards view cyber risk as a top risk when compared with all the risks faced by their company.
6% of Boards see themselves as completely prepared to meet the requirements of the GDPR.
68% of respondents have not received any training to deal with a cyber incident.
10% of Boards admit they do not have a plan to respond to a cyber incident.
 
Security Intelligence Report, 2017 Microsoft - data from over 600 million computers – 74 pgs – 18 August 2017
Over two-thirds of incoming attacks on Azure services in 1Q17 came from IP addresses in China (35,1%) and the U.S. (32.5 %).
Trojans were the most commonly encountered category of malicious software in 1Q17 by a large margin, led by Win32/Xadupi.
About 8 % of RCE and EOP vulnerabilities were exploited within 30 days of the corresponding security update release.
300% increase in user accounts attacked the past 12 months.
 
 
 
Second Annual State of Ransomware Report: UK Survey Results Osterman Research – 23pgs –10th August 2017
14% of UK organisations admit they do not conduct ransomware security awareness training.
43% of UK companies paid their worst ransomware, vs 21% in USA, 17% in Germany and 16% in France.
For many UK- based organisations, the source of ransomware is unknown and higher than any country other than France.
71% of the UK-based organisations vs 75% globally see dealing with ransomware to be their highest priority but lack confidence in their abilities.
Downtime is the small business killer, not ransom demands.
 
Cyber attack landscape of 2017 Cyber Security Insider – 9th August 2017
2016 was one of the biggest years yet in cyber security terms.
The USA receives the most cyber attacks, followed by Germany, Netherlands and UK.
In the second half of 2016, the top five sources of activity were Russia, the Netherlands, the U.S., China and Germany.
Maintaining effective information security is a constant uphill struggle as you are never done.
 
Insider Threat Survey Dtex Systems – SANS - 23 pgs - 7th August 2017
Managing internal threats is a Herculean task because of all the unknowns associated with this attack vector. It's easier to focus on external threats.
Organizations are spending over $4.3 million to mitigate, address and resolve insider-related incidents.
Malicious insiders continue to be a top concern (40%), followed by negligent user (36%).
68% of enterprises believe they have never experienced an insider attack.
 
2017 Risk Value Report: Business Security – Always a Journey, Never a Destination NTT Security – White Paper – 12 pgs - 4th August 2017
33% of respondents don’t know where their data is physically stored.
Globally, only 40% of organisations believe that they will be subject to GDPR.
Just 39% of organisations in the U.K. currently identify GDPR as a compliance issue.
Outside Europe may organisations are failing to grasp how GDPR regulations will affect them.
 
Cyber Threats to SMEs in 2017 Webroot - online survey of 600 IT Decision-Makers at mid-sized businesses - 6 pgs - 1st August 2017
94% of medium sized businesses plan to increase their IT security budget, by an average of 12% this year.
96% of medium sized businesses say their organisations will be susceptible to external cybersecurity threats in 2017.
89% of medium sized businesses are confident they could successfully address and/or eliminate issues caused by a cyber attack.
 
Risk Index for Small & Medium Sized Businesses Zurich - survey of 1,087 decision makers from British SME businesses (less than 250 staff) - 1st August 2017
16% of UK SMEs have fallen victim to a cyber-attack in the last 12 months, equating to more than 875,000 nationwide.
Businesses in London are the worst affected with almost a quarter (23%) reporting that they have suffered a breach within this period.
Of the SME businesses that were affected, 21% reported the cyber attack cost them over £10,000, including 11% who said it cost over £50,000.
25% of medium sized businesses say they have been directly asked by a customer or prospect about what cyber security measures they have in place.
5% of SMEs claim to have gained an advantage over a competitor because of stronger cyber security credentials.
49% of SMEs plan to spend less than £1,000 on cyber security in the next 12 months.
 
Cybersecurity Trends for Managed Service Providers Webroot - Survey of 500 MSPs - 18 pgs - 28th July 2017
Nearly 90% of Managed Service Providers (MSPs) say their clients were hit by ransomware in last 12 months.
Nearly 70% of MSPs are not completely confident their clients’ endpoints are secure against future ransomware attacks.
Webroot has seen a 3,500% increase in cybercriminal internet infrastructure for launching attacks since January 2016.
12% of MSPs have paid Ransomware for their clients; 78% of MSPs say they never would.
 
Data Breach Trends, H1 2017 RiskBased Security - analysis of 2,227 breaches reported - 19 pgs - 27 July 2017
2,227 reported breached in the first half of 2017, exposing over 6 billion records.
Web, the leading cause of records compromised (68.3%) in 2017, but only 7.1% of incidents reported so far this year.
41.6% of reported breaches were the result of Hacking, yet accounted for 30.6% of the exposed records.
121 breaches, or 5.4%, affected Third Parties.
 
Black Hat 2017 Hacker Survey Report Thycotic – 6pgs – 27th July 2017
The ‘human factor’ is to blame for the majority of the security breaches (85%).
Hackers cite “remembering and changing passwords” as the biggest source of cyber fatigue.
73% of the respondents see traditional perimeter security firewalls and antivirus as irrelevant and obsolete.
 
Nearly 10, 000 Vulnerabilities Disclosed so far in 2017 – Major vendors continue to be affected Risk Based Security – 26th July 2017
Large number of unreported vulnerabilities makes PCI compliance problematic.
 
Midyear Cybersecurity Report Cisco - 90 Pgs - 20th July 2017
20% of 300 companies surveyed by Cisco were infected by Spyware.
US$1 billion raised by criminals through Ransomware exploits in 2016.
$5.3 billion was stolen through "business email compromise" between October 2013 and December 2016.
6% of end users per cloud platform have privileged user accounts, which generates risk as only about 1% need them.
28% of IT experts at Medium Sized Businesses doubt the viability of their disaster recovery and business continuity plans.
 
Trends in Encryption and Data Security: Retail Edition 2017 Thales Data Threat Report – 16pgs – 20 July 2017
80% of global retail organisations deploy new technologies such as cloud, big data, IoT.
19% of U.S. retail organizations feel very or extremely vulnerable, vs 39% of retail organizations globally.
Compliance remains the number one reason for spending on security globally (44%).
 
 
At Mid-Year, U.S. Data Breaches Increase at Record Pace ITRC – 18th July 2017
The business sector continues to top the list at 54.7% of the total breaches, followed by the healthcare/medical industry at 22.6%.
The exposure of credit/debit cards in the first half of 2017 rose slightly over 2016 figures, at 12.6 % and 9.6% respectively.
Bad news for consumers: cyber criminals intent on stealing their Social Security numbers, the most effective route to identity theft.
 
Counting the cost – cyber exposure exposed Lloyd’s of London and Cyence, input from over 50 experts, 56 pgs, 17th July 2017
Lloyd’s estimates insurers will receive $3bn to $3.5bn in premiums for cyber insurance in 2017, with 85% of that paid in the USA.
$53bn direct losses could be suffered by businesses if a major cloud service provider (eg Amazon, Microsoft, IBM) suffered an extreme outage.
Successful attacks on popular hypervisor software used by cloud service providers could result in cascading outages & significant losses.
 
Decoding Cyber Risk: Cyber Risk Survey – UK results Willis Towers Watson – Survey of 71 companies – 38 pgs – 14th June 2017
4% of UK businesses claim to have embedded cyber risk management within our company culture.
33% of UK businesses claim their Risk Management and HR functions work closely together on cyber
61% of UK businesses claim that insufficient employee understanding limits effective management of cyber.
Employees’ cyber behaviour is strongly linked to training time, type of work and age.
46% of employees spent less than 30 minutes in training in the last year.
 
Troops, Trolls and Troublemakers: A global inventory of organised social media manipulation Computationa Propaganda Research Project– Oxford University – 37pgs – 14th July 2017
Governments have their own in-house teams tasked with influencing public opinion.
Fake accounts are “bots” or bits of code designed to interact with and mimic human users.
Cyber troop teams are highlystructured with clearly assigned duties and a reporting hierarchy.
Cyber troops engage in wide range of activities, from politology to research and development.
Major governments and political parties make use of social media for public opinion manipulation.
Organised social media manipulation occurs in many countries around the world.
 
Analysis: How data breaches affect stock market share prices Information Security – 11th July 2017
On average, share prices suffer an immediate decrease following a breach of 0.43%.
More recent breaches had less of a negative impact on share price than older ones.
E-commerce and social media companies experience the long term share price drop.
The sensitivity of breached data had a less clear impact on share price in the long term.
 
Quarterly Report on Cyber Attacks on UK Firms Beaming - Analysis of 1 pg - 6th July 2017
52% increase in number of internet-borne attacks on UK firms, in Q2 2017 vs Q2 2016
105 attempts per day by hackers to take control of database applications at each average UK firm
UK firms were, on average, subjected to almost 65,000 internet-borne cyber attacks each in the three months to June.
 
The Impact of a Security Breach Dark Reading - Survey of 330 IT security professionals at companies with >100 staff -25 pgs - 30 June 2017
18% suffered from intellectual property theft or compromise of information confidentiality in the past year.
25% suffered direct financial losses due to an attack or breach in the past 12 months.
55% experienced phishing-initiated breaches in the past 12 months.
65% fell victim to malware-related breaches in the past 12 months.
 
Data Protection Risks & Regulations in the Global Economy Ponemon Institute – 33pgs – 27thJune 2017
49% of organizations have outdated and inadequate security solutions to manage a global data breach.
70% of companies do not believe or are unsure whether the GDPR will benefit the victims of a data breach.
59% of companies are struggling to understand how to comply with the GDPR regulations.
Cyber Resilience Report Business Continuity Institute (BCI) – Report – 33pgs – 27th June 2017
33% of organisations with a business continuity professional suffered cyber disruptions costing > €50,000
60% of organisations have top management committed to cyber defences (up from 55% last year)
57% of organisations say Phishing & Social Engineering are the top driver of cyber disruption
23% of organisations involve their Business Continuity teams in cyber resilience issues
Reputation management remains a key driver in pushing the cyber resilience agenda
 
Sensitive Data in SharePoint and other Collaboration Tools Ponemon - survey of 1,043 IT security professionals in Germany, UK and USA - 49 pgs - 25th May 2017
79% don't have very effective tools for protecting sensitive content
68% don't have sufficient visibility of where sensitive data is located
 
PhishMe Malware Review 2017 PhishMe - analysis of 10,000 unique malware samples - 20 pgs - 6th June 2017
69% percent increase in botnet activity, which can facilitate a lengthy espionage operation
WannaCry was the “atom bomb of ransomware” worming malware
 
Know the Odds - Cost of a Data Breach Ponemon - 1 pg - 20th June 2017
28% chance of suffering a material data breach, vs 0.5% chance of dating a millionaire
An experienced incident response team can help you quickly identify and contain a cyber attack
Be prepared to provide responders with logs & tools to help them understand what happened
Be prepared to quickly execute a reset of all passwords and service accounts
 
Cost of Data Breach - Annual Study Ponemon - interviews of 419 organisations in 11 countries - 35 pgs - 20th June 2017
28% chance of businesses suffering a material data breach in next 24 months
14% reduction in total cost of a breach if companies have good incident response
$225 per lost record is average cost of breach in USA, vs $123 in UK and $64 in India
47% of breaches are caused by criminal or malicious activity; 28% by human error; 25% by system glitch
$380 per lost record is average cost of breach in healthcare, vs $150 in communications & $71 in public sector
 
National Exposure Index for cyber risk Rapid7, study of percentage of internet servers that are insecure – 39 pgs – 14th June 2017
Belgium hugely reduced its cyber exposure in last 12 months, through national leadership efforts
In the worst 10 countries (e.g. Australia, Ireland) 5% of internet servers are insecure
The Russian Federation and China are among the top 50 most exposed nations
United States and China are leaders in providing internet services to the globe
In the best countries, less than 1% of internet servers are insecure
 
2017 User Risk Report: Results of an international cybersecurity awareness survey WOMBAT (security technologies) – 16 pgs – 13th June 2017
US employees outpaced the UK nearly 2-to-1 in the misuse of corporate devices (71% vs 39%)
58% of US employees believe that their anti-virus software could save them from an attack
38% of US employees are using a password manage vs 10% in the UK
54% believe that a trusted location = trusted WiFi
 
Rethink Security: A massive paradigm shift in the age of access Centrify – ebook – 36 pgs – 12th June 2017
Over $75B spent on cyber security last year to protect important assets
Cybercrime related damage costs are expected to exceed $6 Trillion annually by 2021
2/3 of all recent confirmed data breaches involved weak, default or stolen passwords
80% of security breaches involve privileged credential misuse
An average of 165,000 records are compromised every hour
 
Financial Infrastructure Report Riksbanken - Sweden's Central Bank - 22 pgs - 7th June 2017
A comprehensive cyber attack could result in central financial services becoming unavailable.
Even an insignificant part of operations that has been outsourced can become a target for cyberattacks.
Cyber attack against an important external supplier of IT services could put critical IT systems out of action for several banks.
 
The Current State of Enterprise Endpoint Security Duo - review of security on 4.6 million computer endpoints, e.g. smart phones - 53 pgs - 5th June 2017
62% of phishing campaigns captured at lease one credential and 68% had at least one out-of-date device.
53% of devices are running our of date Adobe Flash software, leaving them open to devastating attacks.
The majority of phishing cases feature phishing as a means to install persistent malware.
5% of mobile devices are "jailbroken" ("rooted") which opens them to malware attacks.
 
Hacking UK Trident nuclear systems BASIC (British American Security Information Council) - 38 pgs - 2nd June 2017
80% of global cyber attacks originate from social engineering and spear phishing
Cyber warfare: a vital part of conventional warfare and a new military domain
A cyber attack on a submarine may be apart of a multidimensional attack
UK nuclear weapons’ cyber vulnerabilities and challenges are immense
 
Breach Impact Study Ponemon, survey of 1,010 IT managers – Marketeers and Consumers – 31st May 2017
A data breach is one of the top three negative effects on brand reputation
61% of CMOs believe the biggest cost of a security incident is the loss of brand value
5% immediate stock price decline following the disclosure of a data breach
79% of consumers believe organisations have an obligation to control access to their information
70% of IT practitioners for not believe their companies have a high level of ability to prevent breaches
 
Modelling the cyber (insurance) gap Novae Insurance, study with Oxford University, 7 pgs, 17th May 2017
Oxford University have modelled relationships between risk controls, assets, and cyber harm
78% of UK organisations are not fully confident they can recover after a cyber disruption
40% of SMEs don’t back up their data at all and 60% of business data held on PC does not get regularly backed up
Data loss and downtime cost enterprises over $1.7 trillion round the globe
51% of organisations lack a disaster recovery plan
 
Akamai’s [state of the internet] / security Akamai - Report 80 pgs - 16th May 2017
28% increase in SQLi attacks in the last year
35% increase in total web application attacks in the last year
57% increase in web application attacks coming from the USA in the last year
 
UK Firms sleepwalking into cyber attach chaos Lockton - Survey of 200 CFOs, CROs and CIOs - 1 page - 15th May 2017
27% of firms fail to ensure their staff know how to deal with a cyber breach
60% of UK firms “think” they are well-prepared for cyber threats, despite being dangerously exposed
Only 50% of UK businesses involve the Board in cyber-breach planning
Just 8% of UK companies use hacking detection methods every day
26% of companies do not fail to “cyber” educate new staff
 
Half of UK firms claim their broker fails to discuss cyber CFC - research method not explained by author - 1 page - 8th May 2017
90% of cyber claims come from businesses with less than £50 million in revenue
50.8% of SMEs say that their insurance broker has not raised the issue of cyber insurance with them
56% do not have an incident response plan in place outlining roles and responsibilities in the event of a cyber attack.
 
UK Annual Statistics on Data Protection reports ICO - the UK Information Commissioner's Office - key statistics - 15th May 2017
ICO becoming slower, with 18% decrease in percentage of concerns addressed in 30 days, from 50% (2015/16) to 32% (2016/7)
80% of breaches reported to ICO come from the sectors required to report to ICO: health (41%) & telecoms (39%)
31.5% increase in data breaches reported by UK organisations to ICO over last 12 months, to 2,565
12% increase in the number of concerns received from the public over last 12 months
0.7% of organisations that reported a breach are fined, while 3% are given an Improvement Action Plan
 
Today's security is not secure Centrify – infographic – 1 pg – 15th May 2017
90% of all organisations are moving to the cloud
200 Billion IoT devices will need to be secured by 2020
$2.1. Trillion is the projected cost of data breaches by 2019
An average of 166,000 records are lost or stolen every hour
66% of organisations experience an average of 5 or more security breaches
 
Worldwide DDoS Attacks & Cyber Insights Research Report NeuStar Security Solutions – 52 pgs – 5th May 2017
40% of respondents learned of an attack on their network from their customers
90% of companies are investing more on DDoS- specific defences more than they did 12 months ago.
63% of all respondents indicated that the average peak hourly revenue loss was greater than $100,000
 
Your employees won’t protect you Glasswall – 10 pgs – 4th May 2017
Conventional antivirus and sandboxing solutions are no longer effective.
Relying on the vigilance of employees leaves a business open to devastating cyber-attacks.
94% of cyber attacks use what seems a legitimate email, Word files, Excel, PDF or PowerPoint.
In the US and UK, data-theft is the most commonly feared consequence of an attack.
 
Business E-mail Compromise - Annual Statistics by FBI and IC3 - 4th May 2017 2,370% increase in identified losses in 2 years.
20 business victims reported to IC3 per day in most recent 6 months.
The email accounts of Executives are hacked or spoofed, and used to ask a second employee to make a funds transfer.
 
Global Threat Intelligence Report Dimension Data - includes analysis of over 6.2 billion cyber attacks - 36 pgs - 4th May 2017
73% of malware that entered organisations came through phishing attacks
68% of organisations have no formal plan for (technical) incident response
47% of cyber vulnerabilities at organisations are more than 3 years old
USD 67,000 is the average cost of a business email compromise
USD 700 is the average cost of a ransomware incident
 
2017 Internet Security Threat Report Symantec - Data from 98 million sensors in 158 countries - 77 pgs - April 2017
266% increase in average ransomware demand over last 12 months, now at $1,077, vs $294.
237% increase in types of ransomware over last 12 months, now at 101, vs 30.
76% of websites have vulnerabilities, including 9% with critical vulnerabilities.
1 in every 131 emails sent worldwide is malicious.
 
2017 Thales Data Threat Report Thales - Report - 20 pgs - 2017
68% of respondents have experienced a breach with 26% experiencing a breach in the 12 months
73% of organizations have increased IT security spending in last 12 months, up from 58% in previous year.
 
European Cyber Security Perspectives KPN - report 68 pages - 11 May 2017
The threat to reliability, integrity and availability has never been this alarming.
Vulnerabilities in our information security lead to global instability.
 
The Realist's Guide to Practical Endpoint Protection F-Secure - Report - 24 pgs
A hands-on guide to fighting emerging cyber security threats like ransomware.
Many organizations think they’re protected because they comply with cyber security regulations. The truth is, compliance is not enough.
 
Cyber Security: Are we barking up the wrong tree? Article - Cyber Security Review - Ken Soh - The Good Hackers Alliance
Malware that crashes hard-disks and slows down desktop operations are common today and act by stealth.
 
Telstra Cyber Security Report Telstra - survey of 360 IT decision makers - 52 pages - May 2017
30% of Australian organisations that suffered a ransomware incident and paid the ransom did not recover their files (pg 18)
26% of Australian executives say the CEO is responsible for cyber security; 19% say it's the CIO's job (pg 11)
23% of Australian businesses have conducted a cyber attack rehearsal (pg 12)
23% of Australian businesses have estimated the value of their data (pg 12)
7% of Australian Directors say cyber security is not at all important (pg 9)
 
Cyber threat to UK business National Cyber Security Centre & National Crime Agency - report 24 pgs - April 2017
Cyber Threat to UK business is significant and rising
 
Cyber Insurance, Privacy and Data Security Newsletter DAC Beachcroft - May Newsletter
"Significant and growing" risk of cyber threats, as outlined by a recent report by the National Crime Agency.
Warning of increased risk related to Industrial Connected Devices; Internet of Things and Botnets.
Cyber crime is becoming "more aggressive and confrontational".
 
JOINT COMMITTEE REPORT ON RISKS AND VULNERABILITIES IN THE EU FINANCIAL SYSTEM Joint Committee of the European Supervisory Authorities - Report 16 pgs - 26 April 2017
Blockchain poses an increasing risk to Europe’s financial system
Inadequate IT governance can contribute to poor operational management practices
"Supervisors should consider to further assess the resilience of financial institutions to cyber security and ICT risks."
 
2017 Data Breach Investigations Report Verizon annual survey Data Breach Investigations Report (DBIR) April 27, 2017.
81% of hacking-related breaches leveraged either stolen and/or weak passwords.
75% of breaches perpetrated by outsiders.
73% of breaches were financially motivated.
62% of breaches featured hacking.
 
Cyber Security Breaches Survey 2017 HMG (UK Government) + University of Portsmouth: survey of 1,500 businesses - April 2017
66% of medium sized businesses "experienced a cyber security breach or attack" in the last year (Fig 5.1, pg 39)
57% of those companies have been materially impacted, eg 4% suffered reputational damage (Fig 5.5, pg 44)
3.8 days is the average time taken by medium sized businesses to deal with a breach (Table 5.2, pg 45)
19% of companies that suffered breaches or attacks reported the most disruptive one to the Police (Fig 6.4, pg 53)
8% of all UK businesses are aware of Cyber Essentials scheme, including 18% of medium firms and 28% of large firms (Fig 3.3, pg 13)
 
Why computers will never be safe Economist Magazine - Leader Page - April 2017
The incentives for software firms to take security seriously are too weak.
The risks posed by bugs and hacking are large and growing.
Computer security is a contradiction in terms.
The problem is about to get worse.
 
Phishing For Funds (BEC) Keith Turpin - CISO, UWA - 33 pgs - 10th March 2017
In 1 ½ years there has been a 1,300% increase in reported losses.
22,000 victims have lost 3$ billion.
 
Cyber Threat Defense Report Imperva - Cyber Edge -Survey of 1,100 IT Security decision makers - 37 pgs - 8th March 2017
33% of Ransomware victims paid the ransom, equal to 20% of all 1,100 surveyed
34% are confident they can monitor what their Privileged Users do online
Low security awareness among staff is the main concern among respondents
 
Likelihood of a breach Forrester, survey of 203 IT decision makers – 16 pgs – 28th February 2017
49% of Level 4 firms are likely to never experience a security breach across six key areas vs 32% of Level 1 firms
Level 4 firms experience about 50% fewer breaches than Level 1 firms
Level 4 firms average $5 million in cost savings
Level 1 firms endure $5,184, 600 more in costs than Level 4 firms
Level 1 firms experience 90% less benefits than Level 4 firms
 
The Currency of Trust CapGemini - survey of 180 security professionals + 7,600 consumers - 24 pgs - February 2017
21% of retail banks and insurers are highly confident that they can detect a cybersecurity breach.
29% of retail banks and insurers offer both strong data privacy practices and a sound security strategy.
26% of these institutions have been hacked, Vs 3% of consumers believe their bank or insurer has ever been breached.
74% of consumers [say they] would switch their bank or insurer in the event of a data breach.
85% of consumers want to be notified within one day of a breach.
 
Annual Cybersecurity Report 2017 Cisco - Survey of 2,912 security professionals - 110 pgs - 31 Jan 2017
After a public breach, 29% of organizations lost revenue, including 22% that lost customers (pg 57).
The cost of a public data breach is ">20% of business opportunity" according 42% of security professionals.
56% of security alerts are investigated at average organisations. Of investigated alerts, half are "legitimate."
44% of "legitimate" security alerts are remediated at the average organisation.
65% of all email is spam, with about 9% of spam being malicious.
 
Data Breach Report ITRC (Identity Theft Resource Center) - Details 1,093 publicly reported data breaches in USA - 19th Jan 2017
40% increase in the number of publicly reported data breaches in USA: 1,093 in 2016 vs 780 in 2015.
106% increase in number reported data breaches caused by hackers: 607 in 2016 vs 295 in 2015.
55.5% of data breaches reported in 2016 caused by hackers (including skimming & phishing).
 
GRIZZLY STEPPE – Russian Malicious Cyber Activity NCCIC & FBI - 13 pgs - 29th December 2016
Report details the tools and infrastructure used by Russians to compromise networks associated with the U.S. election.
APT28 leverages domains that mimic those of targeted organizations and trick victims into entering legitimate credentials.
APT29 crafts targeted spearphishing campaigns leveraging web links to a malicious dropper to Remote Access Tools (RATs).
Actors likely associated with Russian Intelligence are continuing to engage in spearphishing campaigns.
Indicators of Compromise and recommended Mitigations are detailed.
 
Microsoft Security Intelligence Report Microsoft - 19 pgs - 14th December 2016
20.6% of computers worldwide that give feedback to Microsoft encountered threats that were not blocked by their web browser.
Microsoft's Malicious Software Removal Tool (MSRT) identified a highly prevalent or serious threat on 1% of reporting computers.
Ransomware was detected by Microsoft on 0.82% of computers in Italy, and 0.74% in Bulgaria (the worst 2 countries worldwide).
According to Microsoft, 27% of computers that still use Windows Vista do not have any real-time security running on them.
 
Security of Mobile Payments and Digital Wallets ENISA - 47 pgs - 19th December 2016.
Quotes ISACA survey of 900 mobile cybersecurity experts:
Reviews security features of Apple Pay, Google Pay, Samsung Pay.
ENISA identify 8 key threat areas and makes 4 recommendations.
 
Securing Smart Airports ENISA - Interviews with 20 organisations in 8 countries - 84 pgs - 16th December 2016
Most critical information assets held by airports: passenger check-in (38%); baggage handling (38%); CIPPS (31%); ATM (31%).
This report details three attack scenarios (e-Tickets; Baggage Handling; Drone Intercept) and their cascading effects.
This report details 8 main gaps in relation to cyber security in smart airports, and offers 8 recommendations.
 
Yahoo announces largest breach in history (again) 14th December 2016 - Data shown on "Information is beautiful"
Breach of 1 billion accounts included Passwords, Secret Questions, DOBs, Names and Phone Numbers.
Breach occurred 5 years after warning that Yahoo's MD5 encryption is "broken and unsuitable for further use."
Yahoo responds: "We have invested more than $250 million in security initiatives across the company since 2012."
Yahoo added "we have a deep understanding of threats and strive to stay ahead to keep our users and our platforms secure."
 
Cyber security incidents reported to UK's ICO ICO - Information Commissioner's Office - 5th December 2016
46% increase over last 3 months in cyber security incidents reported in UK to ICO
54% increase in over last 3 months in cyber exfiltration incidents (where hacker extracts data)
 
Cyber Security & Intelligent Mobility Transport Systems Catapult (TSC) - over 54 organisations interviewed - 44 pgs - 24th November 2016
Cyber Security issues faced by Transport will not simply be an acceleration of the current constant, with more cyber-attacks.
The UK government has classified its transport network as one of its 13 critical national infrastructures.
80% of security & mobility professionals identify autonomous vehicles as major cyber security issue.
"Many IoT products are being released without even basic security protocols in place."
In excess of 250 million connected vehicles will be on the roads globally by 2020.
"A rogue actor seizing control of a fleet of vehicles does not bear thinking about."
 
Cyber Insurance Claims Study NetDiligence - sampling of 176 cyber liability insurance claims - 56 pgs - 17th October 2016
The average (mean) total breach cost was $665K, with an average (mean) payout for Crisis Services of $357K.
The average (mean) payout from cyber insurance is $495K (74% of cost), with typical (median) payout $49K (82% of cost).
The typical (median) breach cost was $60K, including a typical (median) cost for Crisis Services of $43K, including $16K on legal.
Cause of the Loss covered by Cyber Insurance reported as: Hackers (23%); Malware (21%); Lost Device (13%); Staff Mistake (9%).
 
Uncovering hidden threats within encrypted traffic Ponemon - Survey of 1,023 IT & Security Practitioners - 16 pgs - 30th Aug 2016
Nearly 50% of attacks used malware hidden in encrypted traffic to evade detection.
75% of IT experts admit malware could steal employee credentials from their networks.
A surprising outcome of the growing use of encryption technology is an increase in cyber attacks.
Encryption that protects sensitive data can allow malware hidden inside encrypted traffic to pass uninspected into an organization.
 
Cost of cyber incidents affecting CIIs ENISA - 32 pgs - Review of 17 studies of cost of cyber-security incidents on Critical Information Infrastructures - 5th August 2016
"Measuring real impact of cyber incidents in terms of the costs needed for full recovery proved to be quite a challenging task."
A large majority of organisations still have not implemented basic security controls against cyber attacks.
DoS/DDoS and malicious insiders constitute approximately half the annualized cost of all cybercrime.
It is estimated that cyber-attacks against oil and gas infrastructures will cost $1.87 billion by 2018.
The financial loss from cyber incidents reaches up to 1.6% of GDP in some EU countries.
Cyber-attacks affecting IoT and similar infrastructures are increasing dramatically.
 
Are Data Breaches Becoming More Common? Motherboard - 1 pg - 28th July 2016
Dumps of databases of breached personal information appear to be increasing over 50% per year
 
The 2016 State of Privileged Account Management Report Thycotic - Survey of over 500 IT security professionals - 35 pgs - 25th July 2016
76.5% of organisations say Privileged Account Management security a high priority.
67.2% of organisations allow a single approver to create a new Privileged Account.
39.8% of organisations use the same security for Privileged Accounts as Standard Accounts.
17.8% of organisations have not changed the default passwords on Privileged Accounts for some of their systems.
 
UK Crime Rate set to double after true scale of internet offences laid bare The Guardian - 1 page summary of Office of National Statistics report - 21 July 2016
One in 10 people in England and Wales have been victim of cybercrime in the past year, first official figures show.
These figures include online shopping scams, virus attacks, theft of bank details and other online offences.
2m computer misuse offences include 1.4m virus attacks plus 0.6m hacks of personal information.
5.8m incidents of cybercrime in the UK in the last year according to ONS estimate.
 
Law firms’ cyber fraud losses up 40% in a year Hazelwoods - 1 pg - 20th July 2016
UK law firms’ losses to cyber fraud have jumped by 40% in the last year alone as the costs of email hacking continue to rise.
Cyber frauds at UK law firms in the six months from November 2015 to April 2016 totalled £2.53 million.
Law firms expected to repay lost client funds immediately.
 
Ransomware and Businesses 2016 Symantec - 30 pgs - 19th July 2016
$679 is the average Ransomware demand - more than double the $294 at the end of 2015. Highest demand is $5,083.
31% of Ransonware attacks are in USA, followed by Italy, Japan, NL, DM, UK, Canada, Belgium, India & Australia.
57% of Ransomware attacks are on Consumers. Among businesses, Services & Manufacturing suffer half attacks.
Keep security software, operating system & other software up to date, delete suspicious email, back-up data.
 
Security Beyond the Traditional Perimeter Ponemon - BrandProtect - interviews with 591 IT and IT security practitioners in the United States - 5 pgs - 18th July 2016
External threats include socially engineering, impersonations, ransomware, malware, rogue social domain activity and hactivism.
The assets that executives believe external threats put at risk: Reputation (60%), Revenue (52%), Employee Safety (47%).
79% of respondents have inadequate security processes for monitoring social media and the internet for external threats.
62% of respondents say external threats are harder to detect than internal threats.
$3.5 million is average spend to deal with each external attack.
 
Mapping the CyberSecurity Landscape Ward Solutions - Survey of 133 senior IT professionalsin Ireland - 16 pgs - 15th July 2016
79% of Irish companies invest in IT security more for reasons of "Compliance" than to "Reduce Security Risks"
23% of Irish companies don’t have policies or controls in place when it comes to third-party access to data.
46% of Irish companies would not disclose a data breach to impacted third parties.
26% of Irish companies have not planned for potential data breaches.
 
52% rise in young identity fraud victims in the UK Cifas (the UK’s leading fraud prevention service) - data on confirmed fraud cases from 261 member organisations - 5th July 2016
57% increase in confirmed Identity Fraud cases in UK, to 148,463.
86% of all identity frauds in 2015 were perpetrated online.
Video shows Social Media risks: https://goo.gl/o59LJt
 
Taking the Offensive - Working together to disrupt digital crime BT & KPMG - 33 pgs - 4th July 2016
Gartner estimates that spending on digital security in 2015 was $75bn.
A DDoS attack costs just $5 per hour to mount but more than $40,000 an hour to defend against.
22% of companies say they are fully prepared to combat security breaches perpetrated by organised crime.
The internet economy is estimated to be about $4.2 trillion, but digital crime currently costs the world in the region of $400 billion.
 
2016 State of Cybersecurity in SMBs Ponemon - 30 pgs - 30th June 2016
14% of SMBs (Small & Medium Sized Businesses) rate their ability to mitigate cyber attacks as highly effective.
59% of SMBs say they have no visibility into employees' password practices and hygiene.
65% of SMBs do not strictly enforce their documented password policies.
 
Cyber Resilience Report 2016 Business Continuity Business Continuity Institute (BCI) - 369 respondents in 61 countries - 29th June 2016
Top causes of Cyber Disruption: 61% Phishing, 45% Malware, 37% Spear Phishing, 24% Denial of Service, 21% Old Software.
Some respondents cited that they only came to know about a disruption through law enforcement & the media.
19% of respondents report it takes over 4 hours for their organisation to respond to a cyber incident.
7% of respondents estimated the cumulative cost of cyber incidents at over €250k.
66% of respondents report at least 1 cyber incident in last 12 months.
 
CyberSecurity and the M&A Due Diligence process NYSE Governance & Veracode - Survey of 276 Directors - 8 pgs - 30th June 2016
78% of deal makers didn’t specifically quantify cybersecurity risk in their M&A due diligence processes in 2015.
74% of directors claim a high profile breach would significantly lower the valuation of an acquisition, or stop it completely.
31% of Directors say the discovery of major security vulnerabilities would "very likely" affect an acquisition or merger.
Assessing the risk of the expanded security perimeter created by adding web applications of acquired company.
Perimeter assessments by Veracode identified nearly 40% more applications than their owners were aware of.
 
Security & the C-Suite Radware - survey of 205 IT executives 19 pgs - 28th June 2016
91% of British Executives say they won't pay cyber ransom, but 64% do pay when attacked.
29% of Executives say IoT devices are extremely likely to be top avenues for cyber attacks.
Companies that paid cyber ransoms reported an average of $7,500 in the U.S. and £22,000 in the U.K.
Board-level concerns about cyber attacks: damage to brand (34%), operations (31%), revenues (30%), productivity (24%).
 
Cost of Data Breach Ponemon - IBM - 32 pgs - Study of 383 companies in 12 countries - 15th June 2016
Mean Time to Identify a breach = 201 days (range = 20 to 569). Then Mean Time to Contain = 70 days (range of 11 to 126).
48% of breaches in this study caused by malicious or criminal attacks, 27% by "system glitch," 25% by human error.
$4 million is the average total cost of data breach (up 29% since 2013): more in Healthcare, Education & Finance.
Abnormal churn following a breach ranges from 6.2% in Finance and 5.3% in Health to 0.1% in Public Sector.
Probability of a data breach in next 12 months involving a minimum of 10,000 records = 25.6%.
Cost is reduced most by: Incident Response Team (-10%), Encryption (-8%), Training (-6%).
$158 is the average cost per lost or stolen record (up 15% since 2013).
 
£1bn lost by UK businesses to online crime in a year Action Fraud - Crimes reported to NFIB - published 13 June 2016
22% increase in number of online crimes reported, at 37,070 in last year.
Other types of fraud which have spiralled are CEO Fraud and extortion (RansomWare).
Hacking is one of the most widely reported types of fraud in the past 12 months, with 1,314 reported cases.
66% increase in Mandate Fraud (when fraudster gets victims to change a direct debit or standing order): 2,323 crimes reported.
 
Cyber Resilience - How to protect small firms Federation of Small Businesses - Questionnaire completed by 1,006 respondents in UK - 10th June 2016
66% of small businesses have been a victim of at least one cyber crime in the last 2 years.
Phishing & Spear Phishing are the most common cyber attacks, experienced by 49% & 37% of small businesses.
The highest incidence of Phishing is suffered in the arts, entertainment and recreation sector.
The average cost of cyber crime to small businesses is just under £3,000.
 
State of the Internet Akamai - 10 pgs - 7th June 2016
125% increase in total DDoS attacks in last year, (including 138% increase in mega attacks over 100 Gigabytes per second).
26% increase in Web Application Attacks in last year, (including 236% increase in web application attacks over HTTPS).
 
Symantec Monthly Threat Report Symantec - Global Intelligence Network (GIN) - 3rd June 2016
1 in every 2 emails are spam.
1 in every 134 emails link to malware.
1 in every 2,284 emails are phishing.
 
Phishing Activity Trends Report APWG - 23rd May 2016
123,555 unique Phishing sites identified in March 2016.
42% of Phishing attacks target the Retail & Services sector.
18% of Phishing attacks target the Financial Services sector.
250% surge in unique Phishing websites detected over last 6 months.
51% of PCs in China are infected with Malware, 23% in UK, 20% in Sweden.
 
Managing Insider Risk through Training & Culture Ponemon survey of 601 individuals in companies with data protection and privacy training - 23rd May 2016
60% of companies believe employees are not knowledgeable about the company’s security risks.
49% of companies that offer data protection training include Phishing in the course.
46% of companies that offer data protection training make it mandatory.
43% of companies that offer data protection training provide only one basic course.
35% of companies have leaders who prioritise training staff about data security risks.
29% of companies with mandatory data protection training give an exception to CEOs.
 
Users really do plug in USB Drives they find IEEE Security Symposium - University of Illinois + Google - 14 pgs - 23rd May 2016
48% of the USB drives dropped randomly were picked up, plugged in, and clicked on by users.
USB Drives marked "Confidential" more likely to be opened than those marked with Owners return label.
No difference between the demography, security knowledge and education of the users who plugged USB drives.
This research raises the question of the effectiveness of security education at preventing breaches.
 
Timeline of Disruption HPE - Hewlett Packard Enterprise - Infographic - May 2016
55 years after Passwords were introduced on computers, 33% of companies still allow weak ones.
41 years after Encryption was introduced on computers, 35% of organisations still don't use it.
 
117 million LinkedIn Passwords for sale Motherboard - report of sale by Hacker called "Peace" - 18 May 2016
Details actions taken today by LinkedIn's CISO, about these passwords stolen in 2012
 
Cyber and The City TheCityUK and Marsh - 36 pgs - 17th May 2016
Includes map of the 31 organisations fighting cyber threats to Financial Services in the UK.
"Surveys say average annual cost of cyber crime to large firms is £1.5m – £3m, but this is likely to be far short of the actual cost."
"We propose that the financial sector sets up a Cyber Forum comprising a steering group of Board level cyber risk owners."
Recommended Check-List for Board: #8 - Preparations have been made to respond to a successful cyber attack.
Recommended Check-List for Board: #1 - The main cyber threats for the firm have been identified and sized.
"The City should work on systemic cyber risk reduction: infosharing, risk aggregation & sector resilience."
 
The Business of Hacking HPE - Hewlett Packard Enterprise - 20 pgs - 17th May 2016
Weaknesses of Hacker Business Model: paranoia, anonymity, breakdown of trust, extra tracking features in tools.
Threats to Hacker Business Model: Law Enforcement, New Security Tech, "Noisy" Newbies, Weakest Link in Groups.
 
Breaches of Unsecured Health Information in USA U.S. Department of Health and Human Services - Breaches affecting >500 individuals - 13th May 2016
1,551 breaches of personal medical data reported in USA, impacting 158 million individuals, in the last 60 months
20% of medical data breaches involved a "business associate" of the medical organisation, eg billing, insurance, software provider.
 
Privacy & Security of Healthcare Data Ponemon - survey of 91 healthcare organisations & 84 of their business associates in USA - 51 pgs - 12th May 2016
50% of breaches affecting healthcare entities are reported to be caused by a criminal attack, 41% by a "third-party snafu."
53% of healthcare entities in USA are confident they would be able to detect the loss or theft of patient data.
89% of healthcare entities in USA say they know they experienced at least 1 data breach in the last 2 years.
69% of healthcare entities in USA believe they are at greater risk than other industries for a data breach.
40% of healthcare entities in USA hire external third parties to help with breach response.
31% of actual breaches known to healthcare entities in USA were identified by patients.
 
The real cost of data breaches FireEye - Interviews with 6,500 individuals in 6 countries - 11th May 2016
91% of consumers say "24 hours or less" is acceptable delay before an organisation holding their data informs them of any breach.
21% of consumers think an organisation that has suffered a breach in the past would be more secure than other organisations.
Among causes of a breach, the least harmful to consumer loyalty is Human Error (vs eg organisational negligence).
15% of consumers say "I do not want to be associated with any brand capable of losing its customers' data."
32% of consumers say their loyalty to an organisation would diminish if it suffered a data breach.
13% of consumers say they would definitely pay more to a provider with better data security.
 
UK Cyber Security Breaches Survey UK Government - telephone survey of 1,008 representative UK businesses - 50 pgs - 8th May 2016
95% of all UK businesses kept their most disruptive breach from the public, including 82% who don't report breaches to police.
24% of all UK businesses detected at least 1 cyber security breach in last year, including 51% of medium firms and 65% of large firms.
17% of all UK businesses provided any training on cyber security to any staff in last year, including 38% of medium firms and 62% of large firms.
Where a breach is detected, business operations are back to normal in under a week in 92% of cases, including 78% in under a day.
10% of all UK businesses have formal cyber security incident processes, including 25% of medium firms and 42% of large firms.
6% of all UK businesses are aware of Cyber Essentials scheme, including 11% of medium firms and 20% of large firms.
18% of all UK businesses are aware of ISO27001, including 39% of medium firms and 60% of large firms.
 
FTSE 350 Cyber Governance Health Check UK Government - Survey completed by 113 companies in the FTSE 350 - 36 pgs - 8th May 2016
71% of Britain's 350 top companies anticipate that net cyber risk will increase in the next year or so.
In the last 2 years, the percentage of UK's top companies that place Cyber as a Top Risk has doubled, to 49%.
In the last 2 years, the percentage of UK's top companies that clearly set their appetite for cyber risk has doubled, to 33%.
In the last 2 years, the % of UK's top companies that review Information Assets "regularly and thoroughly, at main Board" doubled, to 15%.
2% of Britain's top 350 companies say that Cyber Risk "is a technical subject, not warranting Board-level consideration."
 
World's Biggest Data Breaches Information is Beautiful - 6th May 2016
 
Reuters report: 273 million email passwords stolen 5th May 2016: Reuters reporting that 1 in 7 Yahoo email accounts appear compromised, plus hundreds of millions of other email accounts.
 
Social Engineering by Chocolate University of Luxembourg - Survey of 1208 random individuals - published 4th May 2016
48% expressed their gratitude for a piece of chocolate by giving the researcher their password.
(This is better than 2007, when 64% did so, & much better than the 71% who did in 2004.)
 
Data Breach Investigations Report Published by Verizon - 85 pgs - 25th April 2016
Analysis of 2,260 confirmed data breaches across 82 countries in last 10 years.
63% of confirmed data breaches involved weak, default or stolen passwords.
89% of breaches have a financial or espionage motive.
30% of phishing messages are opened, and 12% of targets actually download malicious software.
Organisations are told of their Breach by Law Enforcement (41%), Third Parties (35%), Fraud Detection (14%) or Internal (10%)
 
Internet Security Threat Report Published by Symantec - 81 pgs - April 2016
The number of sophisticated “zero day” cyber attacks is rising at 125% a year
The number of personal identities reported as breached jumped 23% to 429 million
Companies choosing not to report the size of their data breach increased by 85% in the last year
Spear-phishing campaigns targeting employees increased 55% in 2015
78% of web sites reviewed by Symantec had vulnerabilities, of which 15% were "critical"
Ransomware increased 35% in 2015
 
Web Site Hijacking Google and University of California - Analysis of 760,935 web sites that were hijacked - April 2016
In an average week, Google identifies 15,000 web sites that have been compromised by hackers.
Google finds that 40.5% of web site hijackings aren’t fixed a month after Google has notified the site owner.
Google finds that 12% of hijacked web sites fall victim to a new attack within 30 days.
Google reports that “webmasters often find hijacking to be a traumatic experience”
 
Cybersecurity as a growth advantage Cisco - survey of 1,014 C-level executives - 23 pgs - April 2016
41 percent of C-Level Executives are much more concerned about cybersecurity than they were just three years ago.
The main purpose of cybersecurity is to Enable Growth, according to 35% in Retail, 34% in Transport, 33% in Banking, vs 23% in Hospitality.
"Secure Digitizers" capitalize on Cybersecurity and Compete to win.
 
SMEs Under Threat - Databreach preparedness study (UK) Experian - survey of 302 IT business decision makers + 2,008 consumers in UK - 14 pgs - 7th April 2016.
The average SME under-estimates the cost of a data breach by 40%.
Staff disagree about who is responsible for a breach: 44% say CEO & Board; 42% say IT.
Almost all organisations that have experienced a breach now invest in response plans.
23% of SMEs believe their customers would stop using the company if the safety of their personal data was jeopardised.
77% of SMEs say the financial impact of a breach would be significant to the day-to-day running of their organisation.
 
Consumer Attitudes Toward Data Breach Notifications RAND Corporation - 78 pgs - Survey of 2,038 American adults - April 2016
11% of US adults who received a breach notification say they quit doing business with the hacked company
Older, Richer & more Educated consumers are about 50% more likely to close or switch from breached account (pg 31)
62% of US adults say they accepted offers of free credit monitoring after a breach
Actions wanted from hacked company: prevent repeat of breach, offer free credit monitoring, notify consumers immediately.
 
The Accountability Gap Report – Cybersecurity and Building a Culture of Responsibility Tanium & Nasdaq - 32 Pgs - April 2016
The worst 10% of the 1,530 Executives interviewed in 8 countries are "highly vulnerable"
Among the "highly vulnerable" Executives: 91% can’t interpret a cybersecurity report, only 10% are updated about cybersecurity.
40% of these Executives don't feel responsible for the repercussions of cyber attack
 
FBI warns of Dramatic Increase in Business E-Mail Scams FBI - Phoenix, USA - April 2016
Victims range from large corporations to tech companies to small businesses to non-profit organizations
270% increase in identified victims and exposed losses from this "spear fishing" and "whale fishing" since January 2015
Over $2.3 billion in losses reported by 17,642 victims since October 2013
Schemers spoof company e-mail or use social engineering to assume the identity of the CEO, etc.
 
Datastrophe Code 42 - 25 pgs - March 2016
25% of knowledge workers don't trust their employers with their data
25% of knowledge workers don't tell their IT Teams about external systems they use to share company data
55% of enterprise IT decision makers say end users don’t understand the risks that poor data security poses to the business
 
Annual Data Breach Trends Kroll - 8 pgs - March 2016
32% of data breaches investigated by Kroll were of paper records.
16% increase in cyber hacking incidents investigated by Kroll over previous year.
58% of breaches considered malicious or non-accidental were low-tech, such as from laptop thefts.
60% of breaches investigated by Kroll were caused by human errors (eg accidental exposure, or lost devices).
Cause of breach: 48% Current Employee; 31% Outside Perpetrator; 17% Related Third Party; 4% Former Employee.
 
Cyber Risk Diligence in M&A Good Harbor and Sidley Austin LLP - 20 pgs - 4th March 2016
Annual Loss Expectancy of future years should be discounted to provide risk discount on acquisition.
Buyers should assess major upstream & downstream players in the supply chain of company being acquired.
Cyber Risk is "material" when M&A target possesses data on consumers, employees, cardholders, or intellectual property.
 
State of Cybersecurity - Implications for 2016 ISACA and RSA - global survey of 461 cybersecurity managers - 23 pgs - March 2016
75% of cybersecurity managers expect to fall prey to a cyberattack in 2016.
82% of companies’ board of directors are “concerned” or “very concerned” about cybersecurity.
62% of cybersecurity managers expect risk will increase in the long term, Vs 7% who think it will decrease.
Only 31% of cybersecurity managers are comfortable with their ability to detect and respond to complex cyber incidents.
 
BYOD & Mobile Security LinkedIn ISC on "Bring Your Own Device" to work - survey of 882 IT professionals - 39 pgs - March 2016
Main concerns among IT about BYOD: 72% data leak; 56% unauthorised access to systems; 54% users download unsafe apps.
42% of IT staff struggle to detect and remediate threats on mobile devices.
39% of IT staff know that mobile devices used by staff have downloaded malware, 35% are unsure.
24% of IT staff know that mobile devices used by staff have access a malicious WiFi, 48% are unsure.
21% of IT staff know that mobile devices used by staff have been involved in a security breach, 37% are unsure.
 
Cyber security in the boardroom CGI - 28 pgs - 15th March 2016
28% of UK board members think that a cyber breach is an IT issue.
38% of UK board members think their company will suffer a cyber security breach in the next twelve months.
52% of CEOs in B2B companies are accountable for cyber security, but only 18% of CEOs in B2C companies.
 
Cyber Security - Underpinning the digital economy Institute of Directors (UK) - 24 pgs - March 2016
12.5% of IoD members have experienced damage due to a cyber attack that interrupted business
72% of cyber attacks on UK companies aren’t reported to the police
68% of IoD Members are unaware of Action Fraud, the UK’s national reporting centre for fraud and internet crime
 
Cyber Chasm: disconnect between C-suite & Security EIU (Economist Information Unit) - Survey of 1,100 executives at large firms - 25 pgs - 3rd March 2016
The #1 asset to be protected during a cyber attack is Reputation, according to the C-Suite.
Reputation is the #5 priority among assets that cyber security leaders focus on.
 
Data Breach Digest Verizon - 82 pgs - March 2016
Of the breaches Verizon has investigated, 16% due to Social Engineering, 9% to Digital Extortion.
The types of attack that hit Services companies most often are Crimeware, then Web App attacks.
The types of attack that hit Mining companies the most are Insider, then Espionage.
 
Business leaders inadvertently leave their companies open Digitalis Reputation - March 2016
51% of UK business leaders have altered privacy settings on websites such as Facebook to protect sensitive personal information.
Only 24% of UK business leaders regularly check what information about them is easily accessible online.
64% of UK business leaders use strong passwords and change them regularly.
55% of UK business leaders only accept friend requests from people they already know.
 
CyberThreat Defense Report CyberEdge - Survey of 1,000 IT Security Professionals from Large Organisations - 36 pgs - March 2016
85% of large companies spend >5% of their IT budgets on security, including 30% spending >15%.
62% of IT Security staff at large companies expect their organization will fall victim to a successful cyberattack in the coming year.
30% of IT Security staff at large companies are confident their employer adequately monitors privileged IT users.
25% of security professionals doubts their organization has invested adequately in cyberthreat defenses.
Low security awareness among staff is the strongest inhibitor of efforts to defend large organisations from cyberthreats.
 
State of the Internet - Security Report Akamai - 76 pgs - 29th February 2016
149% increase in last 12 months in number of DDoS (Denial of Service) attacks
49% decrease in last 12 months in average attack duration, to 15 hours.
The gaming sector is most frequently hit by DDoS attacks.
The retail sector is most frequently targeted in web application attacks.
 
Global Economic Crime Survey PWC - 56 Pgs - Feb 2016
Over 60% of businesses express no confidence in the ability of law enforcement to deal with cyber crime
55% of UK organisations have suffered economic crime in last 24 months
24% of UK organisations have suffered cyber crime in the last 24 months (an increase of 20%)
51% of UK organisations expect to be the victim of cybercrime in next 24 months
 
Cyber Threat Brief Webroot - 24 pgs - February 2016
Cybercriminals created 29% more Malware files (such as Ransomware) in 2015 vs 2014
Cybercriminals now design 97% of Malware to be polymorphic (changing shape to avoid detection)
Cybercriminals created 100,000 new malicious IP addresses each day in 2015, up 18% on 2014
 
Horizon Scan 2016 Business Continuity Institute - 32 Pgs - February 2016
Survey of 568 organisations in 74 countries
The top threats to business continuity in 2016: #16 = Earthquake, # 4 = Terrorism, #2 = Data Breach, #1 = Cyber Attack
85% of Business Continuity Managers fear the possibility of a cyber attack
 
Annual Data Breach Report California DoJ - 76 Pgs - February 2016
Analysis of 657 breaches in 4 years to December 2015
90% of all the data records reported lost are caused by cyber attack
Failure to implement all 20 ISCS Controls constitutes a lack of reasonable security... .
 
Cyber Risk Report 2016 HP - analysis of over 7,000 scanned applications - 17th Feb 2016
153% yearly growth in newly discovered malware samples on Android platform
The most exploited bug in 2014 (Allaple) is still the leader in 2015, demonstrating poor patching by organisations. [The malware was created in 2006, and the author was jailed in 2010, but Allaple is still the most frequently seen malware on corporate systems.]
 
Threat Landscape 2015 ENISA - 88 pgs - 27th January 2016
Top 3 Threats all increased in last 3 months: Malware, Web based attacks, Web application attacks.
Malware increases by about 1m new samples per day, to over 2bn, mostly held in Russia (50%), USA (12%), NL (8%), DM (5%).
Web Based Attacks are based on bad URLs, with 58,000 new ones detected daily, of which 50% are hosted in USA.
Web Application Attacks support malware injections & data breaches, with key methods being Shellshock (40%), SQLi (28%).
DDoS attacks rose in number by 130%. The most attacked sectors are Gaming (35%), Software (27%) & Internet Providers ( 13%).
Physical theft / loss is the fastest rising threat (up from #10 to #6), and is a leading cause for data breaches and identity theft.
Phishing attacks cost large companies about $380 per employee, vs $3.7 for training to bring a 50% mitigation of this threat.
 
Attitudes to Data Protection in Ireland Irish Computer Society DPO - 26 pgs - January 2016
20% of Irish organisations are certain they had a breach in 2015
4.4% of organisations are certain they had a breach in 2015 that affected over 100 individuals
Only 12% of breaches caused by malicious attack, Vs 70% by staff & 12% by 3rd party over last 2 years
2.8% of Irish organisations identified they suffered 1 or more breaches caused by malicious attack in last 2 years
 
Cybersecurity in Private Equity eSentire and PEI - Survey of 91 PE Firms - 24 pgs - January 2016
61% of PE Firms expect to come under cyber attack in next 12 months
45% of PE firms believe that cybersecurity is a high threat to business their operations
11% of PE firms have standardised cybersecurity for all of their portfolio companies
Responsibility for cybersecurity sits with the PE Firm's CFO (50%), COO (24%), CIO (12%)
 
Annual Security Report Cisco - 87 pgs - January 2016
55% of CEOs are not told about data breaches
45% of security professionals are confident they can determine scope of a breach
Who gets told about about security incidents: CEO (45%), HR (32%), Legal (28%), PR (24%), Authorities (18%)
State of the Data Nation Informatica - January 2016
62% of consumers say they’d lose trust if a company didn’t communicate about a breach
56% of consumers say they’d lose trust if a company suffered a 2nd confirmed breach in a year
 
Cyber is #1 Operational Risk for 2016 Survey of Chief Risk Officers worldwide, by Risk.Net - January 2016
"Cyber risk has been shown to be a clear and present danger to business and the public generally"
 
Cyber preparedness: the next step for boards EY - 2pgs - January 2016
46 days is the average time needed to resolve an attack.
19% - the annual increase in cost of cybercrime to businesses.
Only 5% of Directors at the world’s largest firms are knowledgeable about cybersecurity matters.
Only 7% of organizations claim to have a robust incident response program for cyber attacks.
 
Cyber Resilient Enterprise - UK Ponemon Institute and Resilient Systems (IBM) - Survey of 450 IT practitioners in UK organisations - Jan 2016
44% of UK firm's leaders recognise that cyber resilience affects enterprise risks and brand image.
43% of UK organisations do not have any CSIRP (Cyber Security Incident Response Plan) at all.
32% of UK organisations experience collaboration between business functions that is either poor or non-existent in cyber.
18% of UK organisations have a well-defined CSIRP (Cyber Security Incident Response Plan) that is applied consistently
 
Annual CEO Survey PWC - 44 pgs - January 2016
Cyber security is a worry for 61% of CEOs worldwide, including for 79% of those working in Insurance
74% of UK CEOs worry about cyber security
Only 38% of CEOs in the Mining sector are worried about cyber security
 
Targeted cyber attacks - trouble at your door Quocirca - 17 pgs - December 2015
 
State of the Internet - Security Akamai - 61 pgs - December 2015
 
State of Cybersecurity Survey Inhouse Lawyers - ACC - Association of Corporate Counsel - 14 pgs - December 2015
Survey of in-house lawyers hailing from 887 organizations in 30 countries
Employee Error is the number-one cited cause of breaches, said to be behind 26%-36% of system breaches
48% of American inhouse laywers say their company has mandatory training on cybersecurity for all employees
 
Cyber security - A failure of imagination by CEOs KPMG - 12 pgs - December 2015
20% of CEOs say information security is the risk they are most worried about
 
10 cyber security predictions ThreatStream - 2 pgs - December 2015
 
Cyber security sector struggles to fill skills gap Financial Times - 2 pgs - 18th Nov 2015
"Largest human capital shortage in the world” as demand for cyber security experts forecast to outstrip supply by a third.
Only 103,000 people are CISSP-certified, but there were almost 50,000 job openings for CISSP-certified workers in the US in 2014.
Cyber security is more difficult to recruit for than data science, advanced manufacturing and petroleum engineering.
(ISC)2 expects demand for cyber staff to increase 10.8% pa to 2019, while supply will increase 5.6% pa.
In the UK, salaries have increased up to 10% pa for cyber security staff, & 16% for consultants.
 
Data Breach Trends Risk Based Security - 14 pgs - November 2015
 
Retail and eCommerce Security SecurityScorecard - 19 pgs - November 2015
 
Attacks on Industrial Control Systems HBKU and MIT - 33 pgs - November 2015
 
Cyber Risks - Alternate cyber futures for the world Atlantic Council - 25 pgs - November 2015
 
Cyber Risk of growing importance to Credit Analysis and Ratings Moodys Investor Service - 17 pgs - November 2015
 
Data Breach Industry Forecast Experian - 9 Pgs - November 2015
 
Insider Threat RSA EMC - 25pgs - November 2015
 
Global state of Information Security PWC - 39 pgs - November 2015
In 2015, the average organisation detected 38% more information security incidents than in 2014
Retail and Consumer organisations detected 154% more incidents in 2015 than in 2014
 
Security Issues that deserve a Logo Tenable - 31 pgs - November 2015
 
Global Information Security Survey 2015 EY - 34 pgs - November 2015
 
Retail Hacking Season R-CISC - 12 pgs - November 2015
 
CyberCrime - Consumer Data Under Threat Deloitte - 28 Pgs - November 2015
73% of consumers "would reconsider a company it failed to keep their data safe”
33% of consumers would "close their online account following a breach"
 
Global Cybersecurity Assurance Report Card Tenable - 19 pgs - November 2015
 
Insider Threat Index Clearswift - 11 pgs - November 2015
 
Botnets are the new data breach threat ThreatMetrix - 2pgs - November 2015
 
Vulnerability Risk Management NopSec - 8 pgs - November 2015
 
High Profile and International Events Cyber Security Advice Australian Cyber Security Centre - 5 Pgs - November 2015
 
UK National Computer Emergency Response Team - Q2 Report CERT UK - 13 pgs - Published November 2015
Malware remains the greatest threat to cyber-security
The 5 sectors reporting the most incidents: Government, Communications, Professional Services, Financial Services, Health
The Conficker worm is the most prolific malware affecting the UK, despite being discovered almost seven years ago
 
European Cyber Risk Survey Report Marsh - 14 pgs - October 2015
79% of European organisations don't assess suppliers they trade with for cyber risk.
68% of European organisations have not estimated the financial impact of a cyber-attack.
55% of European organisations don't have cyber risk on their corporate risk register.
27% of European organisations possess an incident response plan for material cyber events.
Insider Risk Report - Riskiest Users Intermedia - LARGE FILE - Survey of 2,031 users in UK and USA - October 2015
32% of IT professionals admit they have given out their login / password credentials to other employees
28% of IT professionals admit they have accessed systems belonging to previous employers after they left the job
31% of IT professionals admit they would take data from their company if it could positively benefit them
52% of IT professionals admit they use re-use their personal passwords for business apps
41% of Millennials think it’s OK to install applications on their work computer without consulting IT
30% of Millennials admit they have emailed company information to a personal email address
 
What CEOs should know about Cybersecurity ATT - 36 pgs - October 2015
78% of employees don't obey company policy on information security
 
APT - Advanced Persistent Threat report ISACA CSX - 17 Pgs - October 2015
 
Cost of Cyber Crime to UK organisations with 1,000+ staff Ponemon - HP - 31 pgs - 2015
Denial of service, malicious insiders and web-based attacks account for 49% of all cyber crime costs per organisation
Average cyber crime costs are up 14% in last 12 months
 
Navigating the threat landscape 10 tips - Kaspersky - 20 pgs - October 2015
 
Biggest data breaches Information is Beautiful - October 2015
 
Cyber Attacks cost business $300bn per year Grant Thornton - 2 pgs - Sept 2015
 
Debate: The Market for Cyber Insurance isn't Sustainable Professional Liability Underwriting Society (PLUS) - 17th September 2015
 
Cybersecurity - Executive Guide Foley and Lardner - 18 pgs - September 2015
 
Information Security Data Breaches Survey PWC - InfoSecurity - UK Government - 8 pgs - September 2015
Typical cost of each "Worst" data breach of year: for a large firm = £1.5m to £3.1m; for a small firm = £75k to £311k
90% of large UK businesses & 74% of small ones know they suffered "some form" of information security breach in last 12 months
75% of large UK businesses & 31% of small ones know they suffered staff-related security breaches in the last year
69% of large UK businesses & 38% of small ones know they experienced cyber attack last year
50% of the worst security breaches were caused by "human error," 28% "partly by senior management"
 
The Greatest Cybersecurity Risk Comes From Within - Insider Threat Caresani and Snyder - 5 pgs - September 2015
 
Guide to Cyber Risk Allianz - 32 pgs - Sept 2015
$445bn - the estimated annual cost to the global economy from cyber crime
$200bn - the estimated annual cost to the world’s largest four economies (US, China, Japan and Germany).
80% of cyber-attacks can be prevented or mitigated by basic information risk management
50 billion machines will be exchanging data on a daily basis in the near future.
By 2025 the cyber insurance market could be worth $20bn
A catastrophic cyber loss is increasingly likely.
 
Data Breaches 2005-2015 - Debunking Myths TrendMicro - 51 Pages - Sept 2015
 
Data Breaches 2005-2015 - By Industry TrendMicro - 24 Pages - Sept 2015
 
Most Ransomware Isn’t As Complex As You Might Think Engin Kirda - LastLine Labs - 26 pgs - 5th August 2015
Only 36% of Ransomware studied actually delete files, & most "deletion" manipulates but leaves data on disk.
60% of Ransomware studied don't delete, simply create a persistent new desktop
 
Executive Brief on Information Security Universities in USA - Educause - 11 pgs - August 2014
 
Top 10 Risks for Internal Audit in 2015 KPMG - 16 pgs - July 2015
 
DDOS - Distributed Denial of Service Akamai Technologies - pg 70 - July 2015
 
Cyber Risks as viewed by UK Captains of Industry AIG - 6 pgs - July 2015
52% of businesses rarely discuss cyber security policy at board meetings (only 26% actually do)
47% of companies do not designate cyber security to be a boardroom issue.
Lists the 5 key questions companies should be asking themselves as the cyber threat continues to evolve.
 
Cyber Threat Report 2015 Australian Cyber Security Centre - 28 Pgs - July 2015
 
Audit Committee Oversight of Cyberrisk EY - 12 Pgs - July 2015
 
Global CEO Outlook - Cyber KPMG -32 Pgs - July 2015
 
Cybercrime Survey in USA PWC - 16 Pgs - July 2015
 
Hackers expose credentials of staff at half of FT 500 Europe Recorded Future - 7 pgs - June 2015
 
Organised Crime National Crime Agency UK - 47 pgs - June 2015
 
Cybersecurity threat to Growth GrantThornton - 8 pgs - June 2015
 
Cyber Security Infographic HP and FireEye - 4 pgs - June 2015
 
Cost of Data Breach in USA Ponemon - IBM - 22 Pages - May 2015
Last year there was an 11% increase in the total cost of a data breach, to a $217 average per lost or stolen record
An Incident Response team can decrease the average cost of a data breach by 11%.
 
CyberCrime & the Internet of threats 0.12% of cyber attacks resulted in security incidents in 2013
The cost of malicious data breaches will exceed $2 trillion in 2019, equivalent to 2.2% of global GDP.
 
Are Millennials the latest security threat? Software Advice - Survey of 529 employees of U.S. businesses - May 2015
85% of those born after 1980 re-use passwords etc across different sites
19% of those born after 1980 accept social media invites from strangers "most, or all of the time"
15% of those born after 1980 “very likely” to find a way around security controls they consider too restrictive
 
Website Security Statistics WhiteHat - 30 pgs - May 2015
86% of all websites have a serious vulnerability
 
Cybersecurity for For-for-Profit Leadership GrantThornton - 47 Pgs - May 2015
 
Threat Brief 2015 Webroot - 24 pgs - April 2015
 
Interactive Exercise Game on responding to a Targeted Cyber Attack Trend Micro - March 2015
 
Cyber Crime Extortion ThreatTrack Security Study - 3pgs - March 2015
 
Cyber Guide for SMEs UK Government - CyberEssentials - 14 pgs - March 2015
 
Cyber Risk Report for IT Directors HP - 76 Pgs - March 2015
 
Global Megatrends in Cybersecurity Raytheon Ponemom - 23 pgs - February 2015
 
Cyber security risks in the supply chain and third party risks CERT-UK and CiSP - 12 Pgs - February 2015
"A determined aggressor will identify the organisation with the weakest cyber-security, & gain access to other members of the supply chain."
Risks highlighted include your suppliers of: web site development, data aggregation, data storage.
"Challenge your suppliers to practice and develop collaborative processes for reacting to compromise or data breaches"
 
Internet of Things (IoT) - research study HP Enterprise - February 2015
80% of IoT devices have privacy concerns
80% of IoT devices have poor passwords
70% of IoT devices lack encryption
60% of IoT devices have vulnerabilities in the User Interface
 
Cybersecurity - You are Already Compromised Level 3 - 5 pgs - February 2015
"There are more than 100,000 new strains of malware distributed by over 10,000 malicious new domains each day."
 
Horizon Scan Survey BSI - 34 pgs - Feb 2015
 
Data Breach Trends of 2014 Risk Based Security - 12 pgs - February 2015
 
Breach Notice Letter to Customers - Anthem - 3pgs - Feb 2015.pdf
 
Reducing Cyber Risk in 10 Critical Areas UK Government - CyberEssentials - 21 pgs - Jan 2015
 
Cyber Governance - FTSE 350 Healthcheck KPMG and UK Government - 24 pgs - January 2015
 
Common Cyber Attacks CESG GCHQ - 21 Pages - Jan 2015
 
Common Cyber Attacks InfoGraphic CESG GCHQ - 1 Page - Jan 2015
 
California Data Breach Statistics California Attorney General - 1pg - Jan 2015
 
Executive Breach Response Playbook Brochure - HP - 12 pgs – Jan 2015
 
Steps to surviving your first data breach as CIO AlienVault - 12 pgs – Jan 2015
 
Insider Threat Report Vormetric - 24 pgs - Jan 2015
 
Cyber Threat Landscape ENISA - EU Agency for Network and Information Security - 89 pgs - December 2014
 
California Data Breach Report CDoJ - 56 pgs - Oct 2014
 
Senior Exec Involvement in Breach Response Ponemon - 30 pgs – Oct 2014
 
Privileged Users and Data Breaches IANS - Thycotic - 11 pgs - Sept 2014.pdf
 
Data Breach Notification Guide Australian Government - 49 pgs - Aug 2014
 
Data Breach Resilience example - Castle 1204 Alan Calder - 1pg - July 2014
 
Consumer Data Insecurity Report Javelin - 33pgs - June 2014
 
Cyber Risk Oversight - Director's Handbook ISA NACD AIG - 64 pgs - June 2014
 
Economic Impact of Cybercrime Intel McAfee - 24 pgs - June 2014
 
Data Breach Guide v4 Online Trust Alliance - 39 pgs - April 2014
 
Security Metrics FireMon - Ponemon - 34 pgs - April 2014
50% of IT security staff "actively omit negative facts" in updates to executives
 
Malware in Pirated Software Is Costing the World Billions IDC - 35 pgs - March 2014
 
Optimism Bias in cyber security BitSight - 6 pgs - March 2014
94% of companies think their security is better than the bottom third of companies
 
POS System Breaches - Point of Sale for Retailers and Hospitality Trend Micro - 18 pgs - February 2014
 
Risk in a Hyperconnected World - WEF McKinsey - Interviews with 250 Executives - 40 pgs – Jan 2014
The main principles for Cyber Resilience: Recognize, Educate, Integrate and Promote.
The notion of cyber security seems quaint in a world where it is impossible to draw a clean ring around one company.
Challenges to Resilience: Jurisdiction limitations, Accountability, Liability, Info Sharing and Public/Private sector imbalances.
58% of executives say cyberattacks could have major strategic implications for their company over the next 5 years.
10% of executives say cyberattacks are an existential threat for their company over the next 5 years.
Large organizations can be the target of 10,000 cyberattacks per day.
 
Cyber Security Incident Response Procurement Guide CREST CSIR - 56 pgs - November 2013
 
Cyber Security Incident Response Supplier Selection Guide CREST CSIR - 40 pgs - November 2013
 
Data Breach Response Sample Policy 3 pgs - DII Inc - 2013
 
Computer Security Incident Handling Guide NIST - 79 pgs – Aug 2012
 
Playing war games to prepare for a cyberattack McKinsey - 6 pgs – July 2012
 
Responding to a Data Breach DII Inc - 2 pgs - 2012
 
Lightweight Breach Notification Plan Ingenuity - 2012 - 30 pgs
(Tools on Slide 23-4)
 
Critical Security Controls Tripwire - 64 Pgs - October 2013
 
Cyber Scenario Planning Commonwealth Bank of Australia - 51 pgs - February 2013
 

Membership gives unlimited access to the Cyber Rescue curated library of expert advice on cyber attacks, including:

 
 
 
 
 
 
 
 
 

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur pharetra dapibus pharetra. Donec interdum eros eu turpis pharetra et hendrerit est ornare. Etiam eu nulla sapien. Nullam ultricies posuere nunc, eget mollis nulla malesuada quis.