With the days getting shorter and cooler, we reflect fondly on the past couple of months we spent during relaxing days off, trips to the beach and…cybersecurity. Although many of us go on vacations during the hottest months of the year, cyber vigilance can’t take a break. In this inaugural Research Roundup, we showcase some of the top cyber research that’s caught our eye this summer.
Censys Research Report: Internet-Connected Industrial Control Systems
In this first look at a more comprehensive report being released later this year, Censys offers a glimpse of the vulnerabilities of the industrial control systems (ICSs) that underpin the infrastructures of cities and towns large and small. The scariest part? Many of the ICSs studied are hosted in a way that makes it impossible to notify owners that they’ve been compromised. READ MORE
The Nation’s Best Hackers Found Vulnerabilities in Voting Machines — But No Time To Fix Them
Every year in DEF CON’s Voting Village, hackers are invited to expose security gaps in voting machines. However, as the conference takes place in August, it’s usually too late in the U.S. election cycle for any of their recommendations to be implemented so no fixes are made. READ MORE
Phishing Frenzy
Abnormal Security’s H2 2024 threat report details how threat actors are becoming increasingly sophisticated in their phishing attacks. Poorly written, typo-laden emails are being replaced with QR codes, social engineering and convincing impersonations, leading to a higher likelihood of falling victim to organization/vendor email compromise. READ MORE
It Is Not Only About Having Good Attitudes: Factor Exploration of the Attitudes Toward Security Recommendations
We all know that exercise and eating well are good for our health. But knowing something and actually doing it are two very different things. In this paper published by the Journal of Cybersecurity, researchers explore a similar theme: why people who know they should follow cybersecurity practices don’t always do it. READ MORE
The Octopus Method: Innovative Use of Natural Defense Mechanisms in Mobile Device Security
As if octopuses (Octopi? Octopodes?) weren’t cool enough, this research paper by Özgecan Siyez of Gazi University explores how the fascinating self-defense tactics employed by this amazing animal can be adapted to secure mobile devices. READ MORE
“Your Data is Stolen and Encrypted”: The Ransomware Victim Experience
We know the basics of a ransomware attack: an organization is targeted, threat actors demand payment in exchange for not causing harm, the organization pays (or doesn’t) and the threat actors go away (or don’t). However, unless you’ve been the victim of a ransomware attack, it’s hard to understand the long-term effects of this crime. This report by the Royal United Services Institute (RUSI) shares data and real-life stories from ransomware victims. READ MORE
Exploring Factors Influencing Adoption and Usage of Privacy-Enhancing Tools Among Smartphone Users
For her master’s thesis at Purdue University, Renusree Varma Mudduluru surveyed 342 participants to gain an understanding of what (if any) privacy-enhancing steps they’re taking to secure their devices. This comprehensive study aims to “contribute significantly to digital forensics, cybersecurity and privacy. It will help create more user-centric privacy tools and policies and educate users about the importance of digital privacy.” READ MORE
State of Information Security Australia
This report from ISMS.online covers such topics as the Australian risk landscape, organizational preparedness, the pace of regulatory change and, in a striking example of candor, the amounts that organizations have been fined for poor cybersecurity practices. READ MORE
- Visit the ISC2 Research section for more reports
- ISC2 research into the real-world impact of AI on cybersecurity professionals
- The latest ISC2 data on women in the cybersecurity profession : Inclusion, advancement and pay equity are key elements to attract and retain women in the sector