Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Complex regulations and sophisticated cyber attacks inflate non-compliance costs

The cost of non-compliance has significantly increased over the past few years, and the issue could grow more serious. 90 percent of organizations believe that compliance with the GDPR would be difficult to achieve, according to a new study conducted by the Ponemon Institute.

GDPR is considered by respondents to be the most challenging among other data compliance regulations such as Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA) and Federal Information Security Management Act (FISMA).

Non-compliance costs 2.71 times the cost of maintaining or meeting compliance requirements.

Here are some highlights:

W-2 Phishing Scams Likely to Resurface After the New Year

W-2 phishing season is just a few weeks away.  For the past several tax seasons, cyber criminals have duped hundreds of payroll departments into providing W-2 information on their employees, which results in the filing of fraudulent tax returns and other identity theft issues. 

These attacks are incredibly disruptive to employees, extremely expensive for employers and are completely avoidable with some training. 

How One of Australia's Richest Men Lost $1 Million in Email Scam

The multi-millionaire founder of Twynam Agricultural Group Pty Ltd. lost $1 million in an email fraud, a London court heard Thursday. The British man who facilitated the theft says he’s a victim too.

John Kahlbetzer, who is on the Forbes list of the 50 richest Australians, lost the money when fraudsters tricked the administrator of his personal finances into transferring it to them, his court papers say.

Fraudsters emailed Christine Campbell, pretending to be the 87-year-old and asking her to pay $1 million to an account held by a British man, David Aldridge, which she did. Kahlbetzer is suing Aldridge to recover the funds, but Aldridge says he was being “unwittingly used” and was himself the victim of a fraud involving a woman he met online and believed he was in a loving relationship with.

Trojan Phishing Attacks By North Korean Hackers Are Attempting To Steal Bitcoin

Researchers at Secureworks report Trojan malware is being distributed in phishing emails using the lure of a fake job ad.

A prolific cyber criminal gang with links to North Korea is targeting employees at cryptocurrency firms in a bid to steal bitcoin.

Email Security Gap Analysis Shows 10% Miss Rate

Aggregated results show over 10% average rates at which enterprise email security systems miss spam, phishing and malware attachments.

Here is a summary of findings of email security systems to user mailboxes at companies tested in Cyren’s Email Security Gap Analysis program during the months of September and October 2017.

The Gap Analysis Overview Cyren examined 11.7 million emails forwarded to Cyren: 

  • Email volume analyzed: 11.7 million
  • Test period: September – October 2017
  • Average miss rate: 10.5%

Live Webinar: Counter the careless click, tools to help you train your users

Cybercriminals are successfully and consistently exploiting human nature to accomplish their goals. Employee training is tied as the third-most-effective method (higher than antivirus) of decreasing the cost of a data breach.*

Cyberheists Linked to Russian Hackers Targets Banks From Moscow to Utah

A previously unknown ring of Russian-speaking hackers has stolen as much as $10 million from U.S. and Russian banks in the last 18 months, according to a Moscow-based cyber-security firm Group-IB that runs the largest computer forensics laboratory in eastern Europe.

KnowBe4 Fresh Content Update & New Features Summary

A lot of new modules have been added to the KnowBe4 ModStore:

  1. 2018 GDPR is available as a new course in 8 languages right now, and 15 more languages will be available by January 1st.
  2. 2018 Ransomware, this is a refresh from the ground up and replaces the 2016 version.
  3. 2018 Mobile Device Security, this is also a refresh and replaces the earlier version.
  4. We have added 10 modules that came from the acquisition: FISMA, Intro To Phishing, LinkedIn Security, Monitoring Facebook Services, Protect Your Kids Online, Public WiFi safety, Ransomware Attacks, Traveling Abroad, Twitter Security and USB Safety.

Basic training in avoiding phishing is no longer sufficient has forums and one of their posts really got our attention. It was an official notification from the legal department of Boise Cascade Company in Utah about a phishing attack. Click on the picture for the PDF in the DOJ.NH.GOV site: 

Subscribe To Our Blog

Phish Your Users

Recent Posts

Get the latest about social engineering

Subscribe to CyberheistNews