CyberheistNews vol 2, #9



CyberheistPoll Survey Results:



We asked: "When making resource allocation decisions for security programs,

do you have a methodology that helps you prioritize your investments

based on greatest risk to the organization’s overall business strategy?"

Your answers were split in three ways:


- Yes 34.6%


- No 34.6%


- Somewhat, but immature 30.8%







The problem with not having that methodology in place, is that without

prioritizing the greatest risk, your organization isn't really spending

its security budget in the most effective way. Just keep in mind that

more than half of security breaches are caused by end-users being social

engineered. And remember that a security culture requires leadership from

the top down. You have to get your management to set the proper example.

How? Read this article:




comment-a-security-culture-requires-leadership-from-the-top-down/">http://www.infosecurity-magazine.com/view/24078/

comment-a-security-culture-requires-leadership-from-the-top-down/








KnowBe4




Quotes of the Week









"Innovation distinguishes between a leader and a follower." - Steve Jobs, born this week in 1955.







"The function of leadership is to produce more leaders, not more

followers."
- Ralph Nader







"Talent hits a target no one else can hit; Genius hits a target no

one else can see."
- Arthur Schopenhauer







Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/





Stop Phishing Security Breaches







Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch (spear-) phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.





IT Security specialists call it your ‘phishing attack surface‘. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. It’s often a surprise how many addresses are actually out there.





Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.





Sign Up For Your Free Email Exposure Check Now


http://www.knowbe4.com/20120228-Primary/







KnowBe4






What's Hot At RSA 2012







This week, the security industry gathers in San Francisco for the

yearly RSA show, including a large exhibition hall where new products

are being announced this week. NetworkWorld has the best roundup of

new, hot stuff at RSA:


http://www.networkworld.com/slideshow/33484?





KnowBe4






Smartphone Hacking Linked To Rise In Identity Fraud





This is something you might want to send to your users as a reminder,

since it's got some TV footage that makes the point for you. Nearly 12

million Americans were victims of identity theft in 2011, an increase

of 13 percent over 2010, according to a recent report released by the

research firm Javelin Strategy & Research:


http://www.kfoxtv.com/news/news/smartphone-hacking-linked-rise-identity-fraud/nK6MS/









KnowBe4






7 Levels of Hackers





Eric Chabrow over at the Government Info Security blog found an

interesting post by Stuart Coulson, who is a director of a hosting

provider in the U.K. Coulson wrote a somewhat longish post where he

identifies seven levels of hackers, the higher the number, the greater

the threat they pose. Eric summarized the levels, and provided a link

to the original longer article. Here they are:





1) Script Kiddies: Essentially bored teens with some programming skills

who hack for fun and recognition. They're thrill seekers.







2) The Hacking Group: A loose collection of script kiddies who wield

more power as a collective than as individuals, and can cause serious

disruption to business. Think LulzSec, known for attacks last year on

Sony, CIA and the U.S. Senate, among others.







3) Hacktivists: Collectives that often act with a political or social

motivation. Anonymous is the best known hacktivist group that has been

credited - or blamed - with attacks against child-porn sites, Koch

Industries, Bank of America, NATO and various government websites.







4) Black Hat Professionals: Using their expert coding skills and

determination, these hackers generally neither destroy nor seek

publicity but figure out new ways to infiltrate impenetrable targets,

developing avenues of attacks that could prove costly for governments

and businesses.







5) Organized Criminal Gangs: Led by professional criminals, these serious

hackers function within a sophisticated structure, guided by strict

rules to ensure their crimes go undetected by law enforcement.







6) Nation States: With massive computing power at their disposal, they

target critical infrastructure, military, utilities or financial sectors.







7) The Automated Tool: Fundamentally, it's a piece of software that acts

like a worm virus and tries to affect as much as possible to give itself

the largest possible framework. "A well-crafted tool could be utilized

by any one of the other six criminal types," Coulson says.







Good data! Here is the link:


http://www.govinfosecurity.com/blogs.php?postID=1206&





KnowBe4






200,000 Windows PCs Vulnerable To pcAnywhere Hijacking



As many as 200,000 systems connected to the Internet could be hijacked

by hackers exploiting bugs in Symantec's pcAnywhere, including up to

5,000 point-of-sale programs that collect credit card data, a researcher

said. Read More:




Researcher_200_000_Windows_PCs_vulnerable_to_pcAnywhere_hijacking?">http://www.computerworld.com/s/article/9224481/

Researcher_200_000_Windows_PCs_vulnerable_to_pcAnywhere_hijacking?






KnowBe4










Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





The 'Pale Blue Dot' - a photograph of planet Earth taken in 1990 by the

Voyager 1 spacecraft from a distance of about 3.7 billion miles:


http://www.flixxy.com/pale-blue-dot.htm





Expert showmanship in the preparation of a banana pastry:


http://www.flixxy.com/banana-pancake-man-koh-tao-thailand.htm





Flame Glove. Homemade and dangerous but very cool!:


http://youtu.be/C4KuDBkWw2o





The Diet Coke And Mentos Engine...


http://www.flixxy.com/diet-coke-and-mentos-engine.htm


10 Questions for Kevin Mitnick. Interesting reading!


http://www.time.com/time/magazine/article/0,9171,2089344,00.html?xid=tweetbut



Animated illustration of a talk by Sir Ken Robinson, world-renowned education

and creativity expert:


http://www.flixxy.com/changing-education.htm





Cirque Du Soleil steals the 84th Academy Awards with their movie-themed dance performance:


http://www.flixxy.com/cirque-du-soleil-oscars-2012-performance.htm





World's First Helicopters - The Good, The Bad & The Dangerous! Archival footage of the World's first helicopters from 1921 to 1950:


http://www.flixxy.com/worlds-first-helicopters.htm





The world's premier large scale R/C airplanes flying at the IMAA (International Miniature Aircraft Association) Air Show in Montlucon-Gueret, France:


http://www.flixxy.com/international-miniature-aircraft-association-rc-air-show-2011.htm





Last but not least, this is a compilation of the best of 2011 Urban Art.

it's a 6 meg PowerPoint with lots of cool pictures, and the download is

worth the wait!


https://s3.amazonaws.com/knowbe4.cdn/Urban+Art+-+Best+of+2011.pps




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews