Have you ever gotten to your desk in the morning and declared that you have everything under control? Fat chance. If you are like most IT and security professionals, you are virtually always alarmed about some potential threat that may creep into your environment (or is already there). But that is also the nature of the game in a fast-moving profession that requires steady hands to keep up with the abject and elaborate behavior of cybercriminals.
For the infosec practitioner, predictability can be your best friend. If you are up to speed on the tactics and maneuvering of your adversaries - e.g. What type of malware do they prefer? Which vulnerabilities are they exploiting? Which file attachments are they using in phishing emails? - you can better prepare for the inevitable. The more impervious you can make your organization to attack through prevention, detection and response, the more you will reduce your risk.
Fortunately, while security pros may be engulfed by priorities, they also care. If you want to have all the latest information about your enemies at your disposal, you will be pleased to learn that the Trustwave Global Security Report is back for its ninth year. The 2017 version looks back on 12 months of vulnerability, threat and breach activity to formulate patterns of attack that you can use to not only assess your exposure, but also fight off an active siege.
The report's design is modeled after ASCII, short for the American Standard Code for Information Interchange, a throwback to early computing days. In fact, ASCII art was employed in early versions of email because images could not be embedded. The layout and copy of the report thus pays tribute to how far computing has come, while acknowledging how far we have yet to go to adequately secure it.
And as you will see, the report drills down into specifics about a wide range of topics, but sections are written and designed in such a way that non-technical audiences will be able to acquire important insight as well.
The report is 90 pages long - so do not try to finish it all in one sitting. Instead, think about it as a working document, one which you can reference throughout the next year to gather useful wisdom that will help your security program move forward.