Security Awareness Training Blog

    CyberheistNews #6

    CyberheistNews Vol 1, #6

    "Houston, we have a network breach"



    These are the last words anyone wants to hear, in any organization, from the top execs to the system and/or
    network administrator, because that is where the nightmare starts. Once you have been through it, you never
    want to experience it again. The time, lost production and direct cost to the organization are often staggering.

    I recently posted a new page about the Return On Investment (ROI) of Security Awareness Training. One paragraph goes into the direct loss of productivity and revenue, and I wanted to share this with you.

    A Real Life Example

    In an earlier company I had a client, let’s call them Acme, Inc. They have a small network of 20 workstations, an Exchange server, a SQL server and a separate dedicated server that runs their website, all connected via broadband. The whole thing is a relatively small network, and no one in the company was IT trained, one person was wearing a (very) part time administrator hat. Their business was focused on providing a subscription to their specialized database.

    Last year, Acme found out that their webserver was compromised. Suddenly all kinds of much higher traffic was going to countries they did not do any business with. Turned out their server was hosting an illegal music download service. We went over and had a look, and sure enough the logs showed what was going on. Turns out that one of the workstations was infected with nasty malware, after the user clicked on a phishing email, and from there the hackers penetrated the whole network. Some of the workstations and all servers were compromised. The bad guys completely owned the network. So here was what was needed to disinfect the network, and these are only the headlines:

    - Select, order, configure and install a good quality firewall – 10 hrs

    - Build a new webserver from scratch, load with their backups, and bring it near-line -20 hrs

    - Scanning all workstations and servers with several anti-malware tools, we discovered rootkits -25 hrs

    - Wipe and rebuild Windows on all workstations to make sure no rootkits were left – 15 hrs

    - Install and configure high-quality anti-malware software on all servers and workstations – 10 hrs

    - Bring new webserver online and debug initial problems – 10 hrs

    - Debug various things that broke during this rebuild, bring printers back online, install drivers, etc – 20 hrs

     
    The whole thing took 110 billable hours (and then some non-billable!) to completely repair all the damage. The normal rates of $90 we charged made this cost $9,900 for just that one network breach. But now add the cost of downtime. Their webserver, whichwas their main source of income, was off-line for a whole day, at a cost of about $6,600 in lost revenue. Their employees each lost at least one working day of time over that week, due to this incident, so that is 20 man-days at an average of $120 per day, for a total productivity loss of $2,400.


    So the Direct loss of productivity and revenue was $18,900 consisting of:

    - repair cost by outside consultants: $9,900
    - lost revenues: $6,600
    - lost production time: $2,400

    And all that because one employee clicked on a phishing link and got infected with the Zeus malware. You can now calculate the cost of doing the whole disinfection with in-house IT staff as well, and the number might be a bit lower, but not by much.


    And you have not looked yet at the loss of reputation!! Read more about that here:http://www.knowbe4.com/resources/roi-calculation/


    And this is where you start your free Phishing Security Test: http://www.knowbe4.com/phishing-security-test/


    Quotes of the Week


    "A creative man is motivated by the desire to achieve, not by the desire to

    beat others."     - Ayn Rand



    "It is wonderful how much may be done if we are always doing." - Thomas Jefferson



    "Either you run the day or the day runs you." - Jim Rohn


    Please tell your friends about CyberheistNews! They can subscribe here:


    http://www.knowbe4.com/about-us/cyberheist-news/


    Selected Dataloss Incidents This Week

     

    Not many people are aware of the excellent work that the people at the www.datalossdb.org do. They gather all cyber security events and put these in a database, free for everyone to query. Here are some selected incidents of last week. There are a lot more, varying from records dumped instead of shredded to stolen laptops with confidential information.

    Do yourself a favor, and take a minute to review this 'Defense-In-Depthpage. It clearly shows and explains the six areas you need to defend, and how it all -starts- with Policies, Procedures & Awareness.


    Selected Incidents:


    Reported Date: 2011-07-16


    Summary: Customers' names, work and home addresses, and types of DNA testing kit ordered exposed online


    Organizations: Medvet Laboratories


    http://datalossdb.org/incidents/4449



    Reported Date: 2011-07-16


    Summary: Planning applicants' personal information, including birth certificates, bank account details and drivers' licenses, posted online

    Organizations: Meath Council


    http://datalossdb.org/incidents/4453



    Reported Date: 2011-07-11


    Summary: 90,000 military email addresses, encrypted passwords and an assortment of data related to other companies and government networks including source code


    Organizations: Booz Allen Hamilton


    http://datalossdb.org/incidents/4370










    Reported Date: 2011-07-11


    Summary: 2,551 names, postal and e-mail addresses, phone numbers, and work locations acquired and posted by hackers

    Organizations: Monsanto Company


    http://datalossdb.org/incidents/4388



    Reported Date: 2011-07-11


    Summary: 11 admins' e-mail addresses and plain text passwords, 784 users' e-mail addresses and plain text passwords
    and more than two dozen resellers' names, e-mail addresses and plain text passwords acquired and posted by hacker

    Organizations: Toshiba Corporation


    http://datalossdb.org/incidents/4384



    Reported Date: 2011-07-11


    Summary: Health and dental plan members' names, addresses and social security numbers on compromised server


    Organizations: AssureCare, Lansing Community College


    http://datalossdb.org/incidents/4415

    KnowBe4


    Banking Trojan hits Android phones

    A banking Trojan that has plagued Symbian, BlackBerry and Windows Phone  users has now made its way to Android devices. The Zitmo Trojan, which has been used by the ZeuS criminal gang to steal banking information, was confirmed to be on Android devices by security firm Fortinet last week. In a blog post on the company's website, senior antivirus analyst Axelle Apvrille said that the Trojan poses as a banking activation application and then once installed sniffs out SMS sent from the bank to the user. It then combs through the SMS to pull out the mobile transaction authentication number (mTAN) that is used as a one-time password to complete mobile banking transactions. More at Networkworld:

    http://www.networkworld.com/article/2179236/malware-cybercrime/banking-trojan-hits-android-phones.html

    KnowBe4



    FTC: "Yes" To Facebook Activity Inclusion in Background Checks

    The U.S. Federal Trade Commission has just given a company called SIC (Social Intelligence Corp) the OK to include Facebook profile activity in its background checks when screening employees. This is definitely a reason to check your Facebook privacy settings. According to the FTC, Social Intelligence Corp, has been given the legal thumbs up to archive
    seven years’ worth of your Facebook posts. These archives will be used by SIC as part of their background checking service for job applicants. Wow. This is something to share with your friends and co-workers:

    inclusion-in-background-checks/3973">http://www.zdnet.com/blog/feeds/ftc-says-yes-to-facebook-activity-

    inclusion-in-background-checks/3973


    KnowBe4


    Cyberheist 'FAVE' LINKS:


    * This Week's Links We Like. Tips, Hints And Fun Stuff.

    This is a Photography-themed Rube Goldberg Machine. The time they must have put into this is enormous. Enjoy the clip!

    https://www.youtube.com/watch?v=qKpxd8hzOcQ

    Watch a Freightliner semi truck race up Mt. Washington. Insane:

    http://www.flixxy.com/freightliner-semi-truck-races-up-mt-washington.htm

    How One Man Flies Like a Bird:


    http://mashable.com/2011/07/13/yven-rossy-jet-wing/


    This Freaky Optical Illusion Turns People Into Horrible Monsters:

    http://gizmodo.com/5819584/this-weird-optical-illusion-turns-beautiful-girls-into-horrible-monsters

     

    Return To KnowBe4 Security Blog

    Topics: Security Awareness Training, Cybercrime

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews