Subscribe to our Newsletter!

Subscribe to Blog

Follow Me

KnowBe4 Security Awareness Training Blog

Current Articles | RSS Feed RSS Feed

CyberheistNews vol 3,


CyberheistNews Vol 3, #7

Editor's Corner


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu Sjouwerman"]cybercrime[/caption]

New CyberSec Executive Order: Impact On IT?

Last Tuesday, the White House issued the long awaited CyberSec Executive Order,

which makes an attempt to outline policies that will protect US organizations

against cyber-attacks and espionage. The EO stays away from even hinting at

changes to privacy laws and regulations, which makes the anti-CISPA people

happy. The Cyber Intelligence Sharing and Protection Act died in the Senate

in any case.

So in short, what's in it?

The National Institute of Standards and Technology (NIST) will offer to work

with a mix of industry and other parties to establish guidance on how to

secure critical infrastructure components. Note that there are already many

security frameworks that government agencies have to comply with, like FISMA,

NIST 800-53, FERC, NERC, etc. The main thrust of the EO is that nobody is

-required- to do anything. In the case NIST creates any useful guidance,

it's up to you if you want to follow it or not. It will take an act of

Congress to give this EO actual teeth in the form of compliance demands.

The upshot at the moment? Critical infrastructure companies are allowed

business as usual, hence zero impact. It's positive though that the White

House puts cybersecurity front and center, and raises awareness for this

issue. That just might make it easier for you to get more budget and give

IT security high priority within your own organization. And remember that

your employees are the weak link in IT Security, so today mandatory

security awareness training for everyone is a must:

Quote of the Week

"In the business world an executive knows something about everything, a

technician knows everything about something and the switchboard operator

knows everything."
- Harold Coffin

Please tell your friends about CyberheistNews! They can subscribe here:


Arm Your Users Against Social Engineering

Phishing Security Test

Your end-users are the weak link in your network security. Traditional

once-a-year Security Awareness Training doesn't hack it anymore. Today,

your employees are frequently exposed to advanced social engineering

attacks. Your users need to be trained by an expert like Kevin Mitnick,

and after the training stay on their toes with you sending them

'set-it-and-forget-it' simulated phishing attacks. Both the attacker

and the user are human. You need a 'human firewall'

Find out how affordable this is for your organization now! Click on the orange "Get A Quote" button on this page:


5 Myths About Awareness

Lance Spitzner of SANS Securing the Human program outlines five common

misconceptions about security awareness programs, this is an interesting

and quite instructive read:



Four CIA Secrets That Can Boost Your Career

J.C. Carleson is a former undercover CIA officer. She spent nine years

conducting clandestine operations around the globe before trading the real

world of espionage for writing about espionage.

"If only Hollywood’s depiction of life as a CIA officer were true, I’d have

a faster car, a better wardrobe, and a tool shed full of state-of-the-art

gadgets left over from my years working for the clandestine service. There

is nary a biometric device in my garage, however, and my career keepsakes

are far more bureaucrat than they are Bond.

"The truth is, spies rely on psychology far more than they do on technology.

Instead of gizmos or gadgets, CIA officers use behavioral techniques to

elicit secrets from people and organizations — techniques that are broadly

applicable enough to be used in even the least cloak-and-dagger of settings.

I wrote my book, “Work Like a Spy: Business Tips from a Former CIA Officer,”

with the intention of identifying and explaining spy tradecraft in such a

way that it can be used in any workplace. Here are four examples of lessons

from the clandestine world that corporate America can use". Here they are:


Serious Data Breaches Take Months To Spot, Analysis Finds

John Dunn at TechWorld reported: "More than six out of ten organizations hit

by data breaches take longer than three months to notice what has happened

with a few not uncovering attacks for years, a comprehensive analysis of

global incidents by security firm Trustwave has found.

During 2012, this meant that the average time to discover a data breach for

the 450 attacks looked at was 210 days, 35 more than for 2011, the company

reported in its 2013 Global Security Report (publicly released on 20 February).

Incredibly, 14 percent of attacks aren't detected for up to two years, with one

in twenty taking even longer than that. Almost half - 45 percent - of breaches

happened in retailers with cardholder data the main target. The food and

beverage sector accounted for another 24 percent, hospitality 9 percent,

and financial services 7 percent.

Questions arise from this; how are attackers getting into organizations so

easily and why do IT staff not notice until long after the event?"

This is a good article to check out:


Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Motorcycle Ridge Riding. This video will give you a physical reaction!:

Master speed-painter D. Westry shows off his creative skills during the

"Anderson's Viewers Got Talent" competition. Surprising End!:

A scary demo of software capable of tracking people's movements and

predicting future behavior by mining data from social networking websites:

Kaiser the Bengal cat performs amazing tricks:

A Detroit musician living in poverty didn't know that in South Africa, he

was more popular than the Beatles:

Girl meets boy in the office and they find a new way of expressing their

affection in this endearing short film. CUTE:

The million dollar 650 horsepower Ferrari Enzo is not usually driven as a

rally car ...

A 9-ton meteorite streaked across the sky over the Ural mountains in Russia

and exploded at 25 miles above the ground: