2020 Cyber Threat Intelligence Estimate (CTIE)
This report offers insight into critical threat activities, threat actors and topics crucial to breach prevention, plus recommendations you should consider when making decisions about your cybersecurity programs and investments, as well as risk management.

Get a Visual Perspective with Charts and Graphs
A Robust Report at Your Fingertips.
Inspired by national intelligence estimates (analytical reports produced by the intelligence community of the United States for Congress), our report addresses evolving technology, threat actor updates and regulatory changes to keep you abreast of the latest global threat trends. Dig into the 2020 CTIE for:
- Vertical industry breach highlights
- Attack tools, techniques and procedures
- Hybrid threat actors
- Specific data breaches
- Dark Web practices, data and what changed
- COVID-19 effects and insights
By applying the best-practice recommendations provided by our CTIE report, decision-makers and influencers can strengthen their cybersecurity strategies and operations. For organizations that collect and analyze their threat intelligence, the information assembled here can validate and augment their findings.
*This report includes contributions from Carbon Black, Digital Shadows, Optiv’s Global Threat Intelligence Center (gTIC), Palo Alto Networks’ global threat intelligence team, SailPoint, Unit 42 and VMware.
What's in the CTIE
-
The COVID-19 Effect
on Cybersecurity
-
Data Gathering
and Analysis
-
Vertical Industry
Breach Highlights
-
Attack Tools, Techniques
and Procedures
The COVID-19 Effect on Cybersecurity
The COVID-19 pandemic has had and will continue to have, profound, long-lasting effects on organizations and people. Remote access and worker support have created new and novel vulnerabilities. This massive attack surface expansion maintained business continuity but came with security and risk concerns. The CTIE offers specific insights and guidance.
- Opportunistic Coronavirus-themed websites – How many were suspicious or malicious?
- Types of COVID-19 related risks – Operational, transactional, compliance/regulatory and third-party vendors
- Most affected industries – Impacts on organizations most crucial to the pandemic response
- Rectifying pandemic-caused vulnerabilities – Identifying and suggesting optimal threat strategies
Data Gathering and Analysis
Experts from contributing partners collected cyber-activity statistics from thousands of clients. The resulting report clearly articulates key activities, events and trends.
- Threat trends – Compares previous years to surface patterns in average threats per day and identifies which time periods had more activity
- Phishing and brand misuse, infrastructure and data leakage incidents – How growing brands lead to expanding attack surfaces, an increase in brand impersonation and types of data leakage
Vertical Industry Breach Highlights
Content The CTIE examines the industries with the most incidents and explores the specific details.
- Increase in risky use of Secure Shell (SSH), remote desktop protocol (RDP) and Transport Layer Security (TLS) and how to thwart these attacks.
- How Zero Trust is a best practice for cloud operations.
- The decrease in IoT device security and proposed steps to address it.
- How healthcare, financial, retail/hospitality, manufacturing and energy/utilities were affected by breaches in 2019.
- The financial fallout and resulting new security recommendations.
Attack Tools, Techniques and Procedures
Content The correlation and analysis of TTPs helps analysts diagnose the “who” and “why” behind cyber attacks. Important TTPs involve cryptomining, IoT attack methods, cyber espionage and malware. The report discusses:
- Cryptomining – Where are they hiding, and how it works
- Active public mining pools – Frequently used locations, ports and implemented tools
- Security Actions – Protection recommendations
Listen and Learn: 5 CTIE Podcasts
Optiv and select partners discuss what happened and what might happen, offering recommendations for improving your cybersecurity programs.
Critical CTIE Data Around the Who, What, Where and How
Optiv’s CTO, Todd Weber, discusses the company’s 2020 Cyber Threat Intelligence Estimate report, which provides an expert data-provisioned summary of today’s key threat activities, threat actors and topics crucial to current data breach prevention.
Verticals Most Impacted in the COVID-19 Era
Optiv and Digital Shadows’ Threat Researcher Kacey Clark discuss COVID-19 and the impact it has had to date on the Technology and Financial Services industries, as revealed in this year’s Optiv CTIE.
Compliance and Incident Response: Relieving New Pressure
Optiv and VMware Carbon Black Head Cybersecurity Strategist Tom Kellerman discuss the pressures of compliance and incident response in today’s cyber world, as revealed in this year’s Optiv CTIE.Your IoT is Too Open
Optiv and Palo Alto Networks’ Unit 42 Deputy Director of Threat Intelligence Jen Miller-Osborn discuss the outlook of securing IoT as supported by the 2020 Optiv Cyber Threat Intelligence Estimate.Remote Work, Identity Changes and Security Concerns
Optiv and SailPoint Senior Security Strategist Mike Kiser discuss the profound changes in worker and user identities in today’s pandemic era. The podcast addresses the blending of identities and work from home advances and how cybersecurity is impacted.Get answers to who, what, where, when, how and what if.
Here’s a comprehensive view of the cyber-threat landscape to help you mitigate risk and strengthen defenses.