Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

The Hard Evidence That Phishing Training and Testing Really Works Great

Security awareness training (SAT) and simulated phishing works to significantly reduce cybersecurity risk. We have the data, customer testimonials and government recommendations to prove ...
Continue Reading

KnowBe4 Free Tools Now Available On CISA’s Website

We are big fans of the U.S. Cybersecurity Infrastructure Security Agency (CISA), whose informal slogan of “An organization so committed to security that it’s in our name twice” is a ...
Continue Reading

Black Basta Ransomware Uses Phishing Flood to Compromise Orgs

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack.
Continue Reading

Google’s Multi-Party Approval Process Is Great, but Not Unphishable

Like most observers, I celebrated Google’s recent announcement on April 9th about new multi-party approvals for a handful or so of common actions accomplished by super admins in Google ...
Continue Reading

Is RogerLovesTaco$24 a Strong Password?

Is "RogerLovesTaco$24" a strong password? No! Everyone has a ton of passwords. They should be strong and unique for every site and service you use. Everyone knows this.
Continue Reading

The Art of Huh?

One of the best things you can teach yourself, your family, and your organization is how to recognize the common signs of phishing and how to mitigate and appropriately report it.
Continue Reading

Next Week is World Password Day!

May 2nd is World Password Day. Despite the computer industry telling us for decades that our passwords will soon be gone, we now have more than ever!
Continue Reading

You Really Are Being Surveilled All the Time

“If the product is free, you are the product!” No truer words have ever been spoken. But in today’s internet-connected, ad-everywhere world, even if you are paying for the product or ...
Continue Reading

Critical Improvements To The Seven Most Common Pieces of Cybersecurity Advice

I have been in the cybersecurity industry for over 35 years and I am the author of 14 books and over 1,400 articles on cybersecurity.
Continue Reading

Social Engineering The #1 Root Cause Behind Most Cyber Crimes In FBI Report

The following paragraphs were cited directly from my recent article highlighting social engineering. "Social engineering and phishing are involved in 70% to 90% of all successful ...
Continue Reading

CISA Recommends Continuous Cybersecurity Training

In an age when 70% - 90% of successful data breaches involve social engineering (which gets past all other defenses), sufficient training is needed to best reduce human-side cybersecurity ...
Continue Reading

If Social Engineering Accounts for up to 90% of Attacks, Why Is It Ignored?

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close.
Continue Reading

How Much Will AI Help Cybercriminals?

Do not forget, AI-enabled technologies, like KnowBe4’s Artificial Intelligence Defense Agents (AIDA), will make defenses increasingly better.
Continue Reading

Three Essential Truths Every CISO Should Know To Guide Their Career

According to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities.
Continue Reading

Phishers Abusing Legitimate but Neglected Domains To Pass DMARC Checks

A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC well enough to understand what it does ...
Continue Reading

Game-Changer: Biometric-Stealing Malware

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the ...
Continue Reading

Credential Theft Is Mostly Due To Phishing

According to IBM X-Force’s latest Threat Intelligence Index, 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid ...
Continue Reading

Anyone Can Be Scammed and Phished, With Examples

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe ...
Continue Reading

Hard Lessons From Romance Scams

Seeing as this week is Valentine’s Day, I should have written something about rom coms, true love, and trusting your heart more. But this is not one of those posts. This post is about ...
Continue Reading

Calculating Materiality for SEC Rule 1.05

The U.S. Securities and Exchange Commission (SEC), through a new requirement of Item 1.05 of the 8-K, requires that all regulated companies report significant cybersecurity breaches ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews