=Start=
缘由:
在收集整理内部威胁相关的报告和数据时想到的一个点,列出一些比较出名、值得研究学习的(和内部风险、威胁、数据泄露相关的)报告名称及其所属机构,然后每隔一段时间去学习和了解一下报告中的内容,不论是对于安全视野的提升,还是一些权威数据的收集、好的安全风险表达方式的学习都是非常有帮助的。
正文:
参考解答:
一些比较出名、值得研究学习的(和内部风险、威胁、数据泄露相关的)报告名称及其所属机构
- (by Ponemon Institute) Cost of Insider Risk Global Report
- (by Cybersecurity Insiders) Insider Threat Report
- (by IBM Security) Cost of a Data Breach Report
- (by Verizon) Data Breach Investigations Report
- (by CrowdStrike) Global Threat Report
- (by Elastic) Global Threat Report
- (by Mandiant) Global Perspectives on Threat Intelligence Report
==
另外就是除了自己去收集原版英文报告去看之外,还可以在英文报告出来之后去微信里搜相关的中文关键字(内部风险报告、数据泄露报告、全球威胁报告、……),也能搜出来一堆其它人整理的还不错的内容,一方面是可以节省一些时间,另一方面也是对自己视角的补充(不同的人即便是看同一份报告,侧重点也是不一样的,总结出来的内容也不尽相同)。
==
question:
全球最好的内部风险报告、威胁报告和数据泄露报告都有哪些,分别是由什么研究机构/公司支撑的,请详细的列举出来
answer:
由于我在2021年9月之后进行的训练,无法提供最新的、截至2024年的数据和报告。然而,我可以介绍一些在过去被认为是权威和优秀的报告和研究机构,这些机构可能在未来继续发布相关报告。
- 内部风险报告:
- Gartner:Gartner是全球领先的科技研究和咨询公司,其发布的报告被广泛认为是业界权威。Gartner的报告通常包括对内部风险和安全领域的深入分析和建议。
- 威胁报告:
- McAfee:McAfee是一家知名的网络安全公司,定期发布关于全球网络威胁态势的报告,提供对最新威胁、攻击方式和趋势的分析。
- Symantec:Symantec也是一家著名的网络安全公司,其发布的威胁报告通常涵盖全球范围内的网络安全威胁和趋势。
- 数据泄露报告:
- Verizon:Verizon每年发布数据泄露调查报告,提供关于全球数据泄露事件的详细分析和统计数据,帮助企业了解数据泄露的风险和趋势。
- IBM X-Force:IBM X-Force是IBM安全团队,他们发布的数据泄露报告通常涵盖全球范围内的数据泄露事件、原因和影响。
这些公司和机构都在网络安全领域具有良好的声誉,并且他们的报告通常受到业界和专业人士的关注和重视。请在查看最新数据和报告时,务必确保参考最新的信息和报告发布。
==
question:
top 10 best Global Threat Report institute/company
answer:
As of my last update in September 2021, here are some of the top institutes and companies known for publishing high-quality global threat reports in the cybersecurity domain. Please note that the rankings and positions may have changed since then:
- FireEye – FireEye is renowned for its threat intelligence reports and in-depth analysis of global cyber threats.
- CrowdStrike – CrowdStrike is known for its Falcon Intelligence reports, providing insights into cyber threats and adversary activities.
- Symantec (now part of Broadcom) – Symantec has a long history of publishing threat reports and providing comprehensive cybersecurity solutions.
- McAfee (now part of Intel Security) – McAfee has been a prominent player in the cybersecurity industry, offering threat intelligence reports and solutions.
- Trend Micro – Trend Micro is recognized for its research on emerging threats and vulnerabilities in the cybersecurity landscape.
- Check Point Software Technologies – Check Point publishes threat reports and research on global cyber threats and attack trends.
- Kaspersky – Kaspersky Lab is known for its global threat intelligence reports and analysis of cyber threats worldwide.
- Cisco Talos – Cisco Talos is Cisco’s threat intelligence team that releases reports on the latest cyber threats and vulnerabilities.
- IBM X-Force – IBM X-Force is IBM’s cybersecurity research team that provides insights into global cyber threats and trends.
- Proofpoint – Proofpoint is recognized for its threat intelligence reports and research on email security threats and trends.
These organizations and companies have a strong reputation in the cybersecurity industry for their threat intelligence capabilities and the quality of their reports. It’s recommended to check their latest reports and updates to stay informed about the evolving threat landscape.
参考链接:
Insider Threat Statistics for 2024: Reports, Facts, Actors, and Costs
https://www.ekransystem.com/en/blog/insider-threat-statistics-facts-and-figures
2023 INSIDER THREAT REPORT [GURUCUL]
https://www.cybersecurity-insiders.com/portfolio/2023-insider-threat-report-gurucul/
Cost of a Data Breach Report 2023
https://www.ibm.com/reports/data-breach
Data Breach Investigations Report
https://www.verizon.com/business/resources/reports/dbir/
Cost Of Insider Risks Global Report — 2023
https://ponemonsullivanreport.com/2023/10/cost-of-insider-risks-global-report-2023/
CrowdStrike 2024 Global Threat Report
https://www.crowdstrike.com/global-threat-report/
=END=
《“一些安全风险/威胁报告收集整理”》 有 1 条评论
2024 Cybersecurity Threat and Risk Management Report
2024 年网络安全威胁与风险管理报告
https://ponemonsullivanreport.com/2024/07/2024-cybersecurity-threat-and-risk-management-report/
https://www.optiv.com/sites/default/files/2024-06/2024-Cybersecurity-Threat-and-Risk-Management-Report.pdf
`
随着威胁形势变得更加动荡和复杂,威胁记录也在不断刷新。大多数组织都在经历数据泄露和安全事件,而且这些事件的发生频率也在增加。在本次调研中,61% 的企业在过去两年中发生过数据泄露或网络安全事件,55% 的受访者表示他们经历过四至五次以上的此类事件。
这项由 Optiv 赞助的研究旨在了解企业面临的网络安全威胁程度,以及为管理潜在数据泄露和网络攻击风险而采取的措施。Ponemon Institute 对美国 650 名 IT 和网络安全从业人员进行了调查,这些从业人员了解其所在组织在威胁和风险管理方面的做法。
在过去 12 个月中,61% 的受访者表示网络安全事件大幅增加(29%)或增加(32%)。只有 21% 的受访者表示网络安全事件有所减少(13%)或显著减少(8%)。
以下是最突出的研究结果摘要
全企业范围的网络安全事件响应计划 (CSIRP) 是应对和驾驭安全危机的重要蓝图。CSIRP是一种书面的系统性方法,它建立了程序和文档,并在安全事件发生前、发生期间和发生后为企业提供帮助。为确定计划是否能够应对日益频繁和严重的事件,应定期审查和测试 CSIRP。
……
调查结果显示,企业对安全协调自动化和响应(SOAR)的采用非常感兴趣。
`