Trustwave Global Security Report (GSR)
Trustwave is a global security services company. Through their work helping organizations secure their environments, they observe attacks and their security researchers are discovering the latest security threats. Trustwave publishes a comprehensive Global Security Report based on their observations from the previous year. This year's report was as easy to read as a comic book, yet it contained valuable statistics that provide insights into the security challenges enterprises face. The report confirmed other report's observation of the increase in retail attacks and Point-of-Sale (POS) breaches, number of days between intrusion till detection, amount of spam traffic, origins of hosted malware, and victim geography. This report provided a vast amount of infographic-like statistics based on Trustwave's global perspective of current security incidents.
Securosis is a leading independent and objective security research firm that provides practical advice on how to make your organization more impervious to modern cyber threats. Securosis provides much of their research library on their web site and there are a wide range of useful reports listed there. While these reports are not necessarily annual security reports, in the spirit of sharing security information, they provide useful information to organizations wanting to improve their security posture. Some of my favorite reports they have written are their "The Future of Security, The Trends and Technologies Transforming Security" published on February 20, 2014 and their Continuous Security Monitoring (CSM) report from 2013. One of their most recently published reports is their "2015 Endpoint and Mobile Security Buyer's Guide".
The Ponemon Institute is also an independent research firm and consultancy that focuses on IT security topics in order to help organizations learn about emerging threats and the best practices for securing their infrastructure. The Ponemon Institute provides their research library or published papers on their web site. Again, while not necessarily annual security reports on the changing global threat landscape, these are very useful reports nonetheless.
The Ponemon Institute also worked with HP Enterprise Security to create the "2013 Fourth Annual Cost of Cyber Crime Study". These reports are published for different geographies and you can download the report for your location. The Ponemon Institute has published other useful papers such as the "2013 Cost of Data Center Outages", published December 18, 2013 and their "2013 Cost of Data Breach: Global Analysis", published mid-2013.
In the IT industry, there are many people who consume content that is created by others but don't share information. We can be certain that this knowledge sharing is taking place among the attackers. Therefore, it is imperative for us as defenders share our experiences with each other. From the statistics revealed in these security reports, there are many organizations who need their security teams to learn about current Internet threats. We can be certain that the more we share, the stronger we can make our collective defenses.
Sign up for CIO Asia eNewsletters.