Fourth annual report finds greatest new concern is email and web spoofing Mimecast has released its fourth-annual State of Email Security 2020 report. This report summarises details from 1,025 global IT decision makers on the current state of cybersecurity. Providing year-over-year comparisons, along with Mimecast’s analysis from the first 100-day period of the coronavirus public […]
The purpose of this publication is to give manufacturers recommendations for improving how securable the Internet of Things (IoT) devices they make are. This means the IoT devices offer device cybersecurity capabilities—cybersecurity features or functions the devices provide through their own technical means (i.e., device hardware and software)—that device customers, including both organizations and individuals,
Foundational Cybersecurity Activities for IoT Device Manufacturers Read More »
Computing devices that integrate physical and/or sensing capabilities and network interface capabilities are being designed, developed, and deployed at an ever-increasing pace. These devices are fulfilling customer needs in all sectors of the economy. Many of these computing devices are connected to the internet. A novel characteristic of these devices is the combination of connectivity
IoT Device Cybersecurity Capability Core Baseline Read More »
Third Annual State of Cyber Resilience Lessons from Leaders to Master Cybersecurity Execution At first glance, the basics of cybersecurity are improving and cyber resilience is on the rise. Our latest research shows that most organizations are getting better at preventing direct cyberattacks. But in the shape-shifting world of cybersecurity, attackers have already moved on
Foreword As the world unites and draws on all available resources to contain the global Coronavirus (COVID-19) pandemic, unfortunately, there will be those who’ll try to take advantage of the crisis for nefarious purposes. As organizations continue to drive business practices through digital transformation, the challenges they face evolve as well. Cybercriminals are among this
Executive Guide to the 2020 Global Threat Intelligence Report Read More »
IT professionals are 3X more concerned about the security of company financials and intellectual property than their home security 78 percent of organizations use more than 50 discrete cybersecurity products to address security issues; 37 percent use more than 100 cybersecurity products Organizations who discovered misconfigured cloud services experienced 10 or more data loss incidents
Welcome to the 5th edition of Synopsys’ Open Source Security and Risk Analysis (OSSRA) report. The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape. To help organizations develop secure, high-quality software, the Synopsys Cybersecurity Research Center (CyRC) publishes research
2020 Open Source Security and Risk Analysis (OSSRA) Report Read More »
In March 2020, AT&T Cybersecurity, in partnership with industry analyst firm, the Enterprise Security Group (ESG), completed a research survey of 500 cybersecurity and IT professionals who are directly involved with their organization’s cybersecurity strategies, controls, and operations. Further description of the research methodology and survey demographics are presented in the appendix of this report.
The Relationship Between Security Maturity and Business Enablement Read More »
A software development life cycle (SDLC) is a formal or informal methodology for designing, creating, and maintaining software (which includes code built into hardware). There are many models for SDLCs, including waterfall, spiral, agile, and development and operations (DevOps). Few SDLC models explicitly address software security in detail, so secure software development practices usually need
Cyber actors have increased the use of web shell malware for computer network exploitation. Web shell malware is software deployed by a hacker, usually on a victim’s web server. It can be used to execute arbitrary system commands, which are commonly sent over HTTP or HTTPS. Web shell attacks pose a serious risk to DoD
