CyberheistNews Vol 1, #27
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]My New Book Is Out!
Hi All, I'm very excited to announce my new book: CYBERHEIST.
Why I wrote it? To increase executive level awareness that the bad guys
have moved from simple identity theft to full fledged robbery of corporate
bank accounts (non-profits are targets too), using phishing and scam
tactics that are called 'social engineering'.
Most business owners, C-level executives and people in HR functions simply
do not know this yet, but cyberheists are happening right now as we speak.
Organized cyber crime has developed into a very well funded, sophisticated and technically skilled operation, and their results are very damaging.
Unfortunately, management still has a false sense of security. With the
rapid proliferation of social media and mobile computing, -people- are
now the new security perimeter!
The threat is there, and getting worse. Just have a look at this Google
map overlaid with cases, and that is only the tip of the iceberg, there
are many hundreds more unreported cyberheist cases. You can zoom in and see
the cyberheists in your state and how much money was stolen:
http://www.knowbe4.com/resources/cyberheist-map/
So, do you need some ammo to get more budget for your IT security? You
need state-of-the-art endpoint protection, and I strongly recommend VIPRE
Antivirus for that, but you need to combine it with end-user Internet
Security Awareness Training (ISAT) to be as safe as possible.
Please either forward this link to management and tell them to buy a copy
of the Cyberheist book, or better yet, if you really want to make sure
they get the message, get a copy yourself and give it to them. It's
enlightening, and written for both IT and non-IT people. Everything is
explained in normal terms to make sure we don't put anyone to sleep.
Do me a big favor and tell all your friends? Thanks so much in advance!
Cyberheist is available in paperback and also in a Kindle version. Oh, and
check out the reviews at Amazon.com!
http://www.amazon.com/Cyberheist-financial-American-businesses-meltdown/dp/0983400008/
PS: It might say 'Out of Print', and that is when they run out of stock,
but another 500 have been sent to Amazon, so you can order and they will
ship it the moment they have this new stock.
Quotes of the Week
"A fool thinks himself to be wise, but a wise man knows himself to be a
fool." -- William Shakespeare.
"Although a soldier by profession, I have never felt any sort of fondness for war, and I have never advocated it, except as a means of peace." -- Ulysses S. Grant.
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Need more IT security budget? Give This Book To Your Boss
"The book is well crafted and an intoxicating read - I couldn't put it down." - Paul Wright"Anyone who uses a computer connected to the Internet needs to know this information to protect themselves." - H. Heller
"As both an IT Pro and a businessman, I highly recommend this book for anyone concerned about online threats." - C. Contor
"Stu Sjouwerman informs in a way that managers can understand, and "techies" can relate to. He goes in detail about the oft-overlooked (and in my opinion THE most dangerous) part of online security: The Human Element." - Robert Folden
"If you fall victim to a cyberheist after reading Sjouwerman's book, shame on you." -- Dirk A. D. Smith
Buy and Read Cyberheist!
http://www.cyberheist.com/
Cybercrime Statistics Expose Five Industries Most Susceptible to
Phishing Attacks
Reuters News Agency reported this week: "Internet Security Awareness Training
(ISAT) firm KnowBe4 has released new cybercrime statistics that identify
the nation's most Phish-prone industry sectors, which are those most
susceptible to cybercrime ploys. The top five industries vulnerable to
cybercrime include travel, education, financial services, government
services and IT services. These findings are based on a recent phishing
experiment KnowBe4 conducted among small and medium enterprises (SMEs)
featured in the latest Inc. 500 and Inc. 5000 listings.
"Any business that provides access to email or access to its networks via
the Internet is only as safe from cybercrime to the degree that its
employees are trained to avoid phishing emails and other cyberheist schemes.
The more employees within an organization that use email or go online,
the greater the risk of exposure to cybercrime," said KnowBe4 founder
and CEO Stu Sjouwerman (pronounced "shower-man").
"KnowBe4 conducted a comprehensive data analysis of its FAIL500 study results,
which included categorizing the companies into 25 industry sectors. The
findings revealed that some industries are particularly vulnerable to
cybercrime." Industries with the highest Phish-prone percentages are:
Travel - 25%
Education - 22.92%
Financial Services - 22.69%
Government Services - 21.23%
IT Services - 20.44%
More at:
http://www.reuters.com/article/2011/05/23/idUS112731+23-May-2011+PRN20110523
How To Stop Your Executives From Being Harpooned
Last year, a senior executive in charge of customer satisfaction at his
company opened an email with the subject "customer complaint" that appeared
to be sent from the Better Business Bureau. He followed a link to see details
of the complaint. "If he had stopped to examine the URL carefully, he would
have seen that it was a trap" -- known as a whaling attack and based on
spear-phishing techniques -- intended to gather information about the
company, says Jonathan Gossels, president of SystemExperts, a security
consulting firm. "But during a busy work day, that hardly happens." The
story is at NetworkWorld:
http://www.networkworld.com/news/2011/052311-how-to-stop-your-executives.html?
Phishing Your Own Employees is a Must
Following is an excerpt from SC Magazine: For IT Security Professionals. It
highlights the importance of educating organizational employees against the
tactics Cybercriminals will use to hack your company network to access
valuable company information and your bank accounts.
If you are going to effectively fight this prevalent form of cybercrime
(phishing), you are going to have to have an educated workforce. Since
most colleges don't teach social engineering defense skills, it falls on
the savvy employer to provide education for their employees. I have long
advocated phishing your own employees
While it is not that easy to set up an in-house simulated phishing attack
on your employees as the author of the article suggests, you can use an
existing resource set up exactly for that purpose. KnowBe4 provides a
free and safe online way to simulate a phishing attack on as many of
your employees as you want. Go to this link to check it out:
http://www.knowbe4.com/phishing-security-test/
Average Cost Of Cyberattack: $188,242
In 2010, 74% of small and medium businesses reported they were targeted
for cybercrimes, according to Symantec's 2010 Global SMB Information
survey. The average cost of such attacks was $188,242. Of the more than
2,000 small businesses surveyed around the country, 42% lost confidential
or private data and 40% experienced direct financial costs as a result.
Read more:
http://smallbusiness.foxbusiness.com/technology-web/2011/05/18/cyber-security-roundtable/#ixzz1NJ2gTsP7
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
SUPER FAVE It's a bird... It's a plane... It's a -- remote controlled flying
superhero. Want to build your own? Detailed plans and instructions available:
http://www.flixxy.com/remote-controlled-flying-superhero.htm
The world's largest and most powerful helicopter can even carry a large
passenger plane:
http://www.flixxy.com/helicopter-carries-a-plane.htm
This is just fun. Airport shenanigans: Riding a bicycle in an airport:
http://www.flixxy.com/airport-bicycle.htm
Video Classic: IBM PC inventor explains how Control + Alt + Delete was born:
http://www.geek.com/articles/geek-cetera/ibm-pc-inventor-explains-how-control-alt-delete-was-born-20110416/
