By: Jessica Cooper
April 29, 2019

Top Cybersecurity Reports of 2019

Cisco Data Privacy Report

With the onset of more stringent regulatory compliance around data privacy, like GDPR, it’s refreshing to see such an in-depth report on the subject. This report doesn’t just talk about the importance of adhering to regulatory requirements, but the fact that companies should go beyond compliance and actually care about protecting people’s privacy. In the study, Cisco found that 59% of companies report they are meeting all or most of GDPR’s requirements today, with another 29% expecting to get there within a year. The top challenges to getting ready for GDPR were identified as data security, employee training, and keeping up the evolving regulations. Next month is the anniversary of GDPR, so expect to see more VERA blogs on the subject!

VERA Security’s State of Encryption Report

One of the things we were most proud of here at Vera, was partnering with UBM to produce the 2019 State of Encryption Report. Most cybersecurity reports, while still greatly important, focus on malware or nation-state attacks, highlighting the need for perimeter security solutions like sandboxing. Most reports don’t mention how to protect the data itself. In an effort to get the message out, VERA partnered with UBM to gain deeper insights into how organizations are currently protecting their data, as well as their challenges and what they want in a solution. In the majority of cases, cybersecurity leaders wanted a solution that gives them the ability to revoke access to sensitive files in real time, and that, only 26% of enterprises could quickly locate and revoke access to lost or stolen files. This is especially true for organizations that utilize cloud collaboration technologies. These tools are great for productivity, but it can be overwhelming to traditional security models that rely on perimeter and endpoint solutions. Want to know more? You can download it here.

Check Point Software Cyber Security Report

Check Point Software has been releasing a major security report for several years, highlighting the work of their R&D team in Israel. Their 68-page, 2019 report tackles cyber attacks that became popular in 2018, primarily targeted attacks for financial and espionage reasons. They offer insight into ransomware, banking trojans, keyloggers and cryptojackers, and how they are becoming more accessible to potential cybercriminals due to Malware-as-a-Service (MaaS). Check Point also acknowledges that hacking profits can often be higher due to more private data being stored on mobile devices, and larger databases and resources held in the Cloud. They cite account takeovers becoming more common, and that with the introduction of GDPR in 2018, potential data breaches and other attacks are too costly to ignore.

Symantec Internet Security Threat Report

Symantec’s annual threat report had quite a few elements that stood out. The first one that caught my eye was formjacking. This involves the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout pages of eCommerce sites. According to Symantec, formjacking has trended upwards in 2018. Magecart, which is believed to be several groups, is thought to be behind many high-profile attacks including British Airways, Ticketmaster and VisionDirect. Symantec also reports an upward trend in attacks on the Cloud, citing misconfiguration issues to vulnerabilities in hardware chips. It was the Cloud that saw the widest range of security challenges, with poorly secured cloud databases reported to be the weakest point for organizations. Specifically, “In 2018, S3 buckets emerged as an Achilles heel for organizations, with more than 70 million records stolen or leaked as a result of poor configuration. This was on the heels of a spate of ransomware attacks against open databases such as MongoDB in 2017, which saw attackers wipe their contents and seek payment in order to restore them. Attackers didn’t stop there—also targeting container deployment systems such as Kubernetes, serverless applications, and other publicly exposed API services. There’s a common theme across these incidents—poor configuration.” No matter how you look at it, you have to secure the data that lives in these places. More layers of perimeter security clearly aren’t working.

WhiteHat Security Application Security Statistics Report

WhiteHat’s research revealed that serious vulnerabilities continue to increase across all major industries. The 2018 Stats report tracked the following metrics that determine the overall state of application security: 1) window of exposure saw a 33% increase from last year, 2) remediation rates remained the same as compared to last year, and 3) time-to-fix saw a 2% increase from last year. As the WhiteHat team reports, these are but a few examples that indicate a worsening state of application security. The number of applications and application releases continue to increase at an unprecedented rate. The volume and complexity of attacks also continue to increase unabated. With an ever-increasing skill and resource gap in application security, the net result is that application today create an exponential business risk and should be fiercely protected.

Jessica Cooper
Director, Product Marketing

By, Jessica Cooper