The need to address human risk management, email and phishing attacks, and generative AI among users across organisations of all types provides the backdrop for Mimecast’s SOECS 2024 report
Based on interviews with 1,100 CISOs and other information technology professionals from numerous industrial sectors and six countries, the report documents the precise nature of these risks and the steps that are being taken to overcome them.
The vendor landscape for security awareness training (SAT) is as diverse as it is innovative. Thismarket has changed significantly over the past several years as CISOs and security leaders nowseek to ensure that any SAT program is changing user behavior and empowering their business tounderstand, reduce and monitor employee cyber risk. An SAT vendor should provide a platform to accomplish this by: • Helping you develop broader thinking around security culture and human risk management • Provide the necessary tools to drive and measure behavioral change • Ensure your users become your organization’s human firewall and last line of defenseagainst cyber attacks and data breaches This white paper provides an overview of what to know before you evaluate SAT platforms,and most importantly, seven critical capabilities any SAT vendor should provide to help yourorganization achieve its goals. Download Now
Offensive cybersecurity practices like pen testing stand apart from other security methods. By learning how other organizations are utilizing penetration testing, we gain valuable perspectives on the efficacy of different approaches, challenges encountered, and lessons learned. Read the report to understand the current state of pen testing practices, providing ongoing, useful data on the following key issues related to pen testing. Each year, Core Security conducts a global survey of cybersecurity professionals across various industries on their penetration testing practices to better understand the different approaches to, common challenges with, and overall development of offensive security. The 2024 Penetration Testing Report is an analysis of the results of this survey, with the aim of providing increased visibility into the current state of offensive security. It also demonstrates the value of collaboration and knowledge exchange, as this collection of shared experiences enables members of the cybersecurity community to better identify best practices, avoid common mistakes, and refine their tactics. With 72% of respondents reporting that penetration testing has prevented a breach at their organization, the value of penetration testing is well established Though continuing financial challenges remain an obstacle, 83% of respondents still prioritize running at least one-two pen tests a year in order to prioritize risks, close security gaps, and stay compliant with important security regulations. • Reasons for pen testing • The impact of compliance initiatives • Usage of in-house teams and third-party services • Frequency of pen testing • Evaluation criteria for pen testing tools • Relationship to red teaming • Commonly tested infrastructures and environments Download Now
Das Aufkommen von Ransomware, der vielleicht lukrativsten Methode der Cyberkriminalität, markiert einen deutlichen Wandel in der Art und Weise, wie Internetkriminelle aus den Daten ihrer Opfer Profit schlagen. Mit Ransomware müssen sich die Angreifer nicht länger auf die Daten konzentrieren, die sie leicht weiterverkaufen können. Sie nutzen stattdessen den Wert aus, den die Daten für ihre Opfer darstellen. Selbst wenn es sich nicht um sonderlich sensible Daten handelt, sie sind möglicherweise für die betrieblichen Abläufe dringend notwendig. Indem sie die Daten „gefangen“ nehmen und für die Freigabe ein Lösegeld fordern, können Angreifer sogar Daten zu Geld machen, für die sie andernfalls wahrscheinlich keine Verwendung gehabt hätten. Aufgrund dieses Paradigmenwechsels geraten viele Unternehmen, die sich bisher für zu klein hielten, um ein lohnendes Ziel für Cyberangriffe zu sein, nun doch in das Visier der Cyberkriminellen Download Now
