The most successful cybercriminals flourish and prosper because they know valuable things about your organization, like how your network is set up, where your weak spots are situated and how to effectively hoodwink your employees.
Sorry to freak you out, but it's true. Your adversaries use this recon to launch all types of attacks, from social engineering to web application code injection to remote access. It's opportunistic or targeted in nature, but either way, they count on knowing more about you than you do about them.
But what if it didn't have to be that way? The truth is, companies that can interrupt attacker advances are the ones with the best chance of avoiding negative headlines, angry customers, financial losses and the rest of the unpleasant aftermath associated with a major security incident.
Which brings us to the 2018 Trustwave Global Security Report. Celebrating its 10th annual edition this year, the report is based not on opinions or polling, but on actual facts about cybercriminals - based off our analysis of hundreds of data breach investigations, threat intelligence from our global security operations centers, telemetry from security technologies and industry-leading security research.
The report is sectioned into three chapters - Data Compromise, Threat Intelligence and the State of Security - all of which contain not only actionable data, but also clear and concise insights that help put every fact and figure into perspective. And as mentioned, this year's edition is a special one for us. As such, the report includes a 10-year retrospect on various threats, while focusing an eye on the future.
To win at cybersecurity, you must keep your friends close and your enemies closer - and the 2018 Trustwave Global Security Report closest of all.
Download and read it to discover:
- The top methods used to compromise corporate networks, point-of-sale-systems and e-commerce sites.
- The most common industries and geographies under attack, and the type of data being targeted.
- An actual email conversation between a "CEO Fraud" attacker and his victim.
- The median number of days between intrusion and detection for both internally detected incidents and externally detected incidents.
- How one botnet carried the weight for spam-delivered malware.
- The most frequent vulnerabilities across databases, networks, applications and other platforms.
- Details on the evolution of exploit kits and other threats, including ransomware and cryptocurrency mining.
- The most common techniques malware used to avoid detection.
- Plus, much more!
Dan Kaplan is manager of online content at Trustwave.