While Malwarebytes observed a relative plateau in the overall volume of threat detections in 2019, our telemetry showed a clear trend toward industrialization. Global Windows malware detections on business endpoints increased by 13 percent, and a bifurcation of attack techniques split threat categories neatly between those targeting consumers and those affecting organizations’ networks. The Trojan-turned-botnets Emotet and TrickBot made a return in 2019 to terrorize organizations alongside new ransomware families, such as Ryuk, Sodinokibi, and Phobos.

In addition, a flood of hack tools and registry key disablers made a splashy debut in our top detections, a reflection of the greater sophistication used by today’s business-focused attackers.

Meanwhile, the 2019 mobile threat landscape fared no better. While Malwarebytes launched a massive drive to combat stalkerware—apps that enable users to monitor their partners’ every digital move—which led to an increase in our detections, other nefarious threats lingered on the horizon, with increases in their detections not being helped along by our own research efforts. We observed a rise in pre-installed malware and adware on the devices of our Android customers, with the goal to either steal data or steal attention.

Click to download

The expectations for the year 2020 are massive, as major world events underscore mounting geopolitical tensions. The United States will elect a president, Tokyo will host the Olympics, and renewable energy is anticipated to outcompete fossil fuels. Likewise, this time of economic uncertainty and increased competition across industry is contributing to the rise of digital transformation. Unprecedented innovations have been promised to us. Commercial space programs will take us to Mars, we will control devices with microchips implanted in our brains, and cars will be fully autonomous. Whether the above will come to fruition, one thing is for certain: the transformational benefits of next-generation technology are here.

Leaders are investing in digital transformation to increase competitive advantages, drive operational efficiencies, and grow market share. Leading-edge technology companies are manufacturing products faster, advancing logistics processes, and filling talent gaps. Alongside this rapidly scaling digitalization is organizational convergence. Enterprises are aggressively expanding through mergers and acquisitions, and evolving across geographical markets and industry. All the while, threat actors continue to challenge innovative security systems, uncovering gaps and slipping into the globally connected landscape the world is constructing. Organizations that prepare for uncertainty and approach their digital transformation with a security-focused mindset will be better positioned to survive this increasingly hostile connected ecosystem.
Today’s leaders must approach their security challenges with the same imagination, agility, and tenacity as their adversaries.

Click to download

Data protection and compliance present daily challenges. Security specialists must be on their toes to assure that controls remain in place and perform consistently. Despite good intentions, more than half of organizations are still struggling to design, implement and maintain a sustainable compliance program.

One challenge is that many security professionals believe they can protect data by following a script, as if doing A, B and C in the correct order will achieve effective and sustainable data protection. In the real world, things are messy. Organizations might be spending a lot of time and money creating their DPCPs, but many are ineffective and fail to advance beyond a program that looks good on paper but
does not withstand the scrutiny of a professional security assessment. The DPCPs lack the design, implementation, review process and revisions to become effective and sustainable.

Additionally, organizations have inadequate or overly complex strategies, which originate from a lack of proficiency in designing, implementing, monitoring and evaluating a DPCP.

Click to download

Data Security Is Essential to Our Future

Like you, cybercriminals are on their own digital transformation journey. Connected Internet of Things (IoT) devices, bring-your-own-device
(BYOD) trends and cloud initiatives have given them new ways to infiltrate your organization by exponentially expanding the attack surface.
Technologies like artificial intelligence and machine learning have given these miscreants new tools with which to distribute malware, vector in on high-end targets, and reach bigger and more diverse audiences. And as these technologies evolve, cybercriminals are becoming
increasingly stealthy, sophisticated and evasive.

These days, cybercriminals are creative, ambitious and intelligent, with no shortage of resources at their disposal. They’re constantly reaching into their arsenal of tools to help them gain a competitive edge — only they’re competing to break into your systems and abscond with your IP address, personally identifiable information (PII) and other critical data before you even notice it’s gone. While their financial motivations have remained the same for decades, their methods have significantly evolved over the years.

Click to download

Security threats continue to be more sophisticated and advanced with each day, with the majority often going completely undetected. Organizations are usually scrambling to keep up and implement new security controls to protect themselves, which adds a new layer of
complexity.

Situation

Not everyone’s process needs are the same. These differences drive out different categories and niches within  the Security Information and Event Management (SIEM) market space. Understand your own business’s processes and the unique technical and functional requirements that accompany them. Use your own set of requirements to determine the SIEM solution that best fits your organization.

Complication

• With the rise of Advanced Persistent Threats (APTs) and insider attacks, it becomes extremely difficult for security staff to detect all the risks.
• Many IT and IT Security staff are already stretched thin by keeping track of many different security technologies that already exist.

Anyone looking to purchase a SIEM product must understand what they want and need from this technology. Many are quick to get any SIEM product and assume that it will satisfy their requirements, while it may not be the correct choice for them.
Others may find greater value in the capabilities of another security technology rather than a SIEM. This can also go beyond what your peers at similar organizations are doing. As each company has its own unique processes and internal controls, their requirements become very specific and can differ widely from that of others in the same industry.

Click to download