CyberheistPoll Survey Results:
We asked: "When making resource allocation decisions for security programs,
do you have a methodology that helps you prioritize your investments
based on greatest risk to the organization’s overall business strategy?"
Your answers were split in three ways:
- Yes 34.6%
- No 34.6%
- Somewhat, but immature 30.8%
The problem with not having that methodology in place, is that without
prioritizing the greatest risk, your organization isn't really spending
its security budget in the most effective way. Just keep in mind that
more than half of security breaches are caused by end-users being social
engineered. And remember that a security culture requires leadership from
the top down. You have to get your management to set the proper example.
How? Read this article:
comment-a-security-culture-requires-leadership-from-the-top-down/">http://www.infosecurity-magazine.com/view/24078/
comment-a-security-culture-requires-leadership-from-the-top-down/
Quotes of the Week
"Innovation distinguishes between a leader and a follower." - Steve Jobs, born this week in 1955.
"The function of leadership is to produce more leaders, not more
followers." - Ralph Nader
"Talent hits a target no one else can hit; Genius hits a target no
one else can see." - Arthur Schopenhauer
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Stop Phishing Security Breaches
Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch (spear-) phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.
IT Security specialists call it your ‘phishing attack surface‘. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. It’s often a surprise how many addresses are actually out there.
Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now
http://www.knowbe4.com/20120228-Primary/
What's Hot At RSA 2012
This week, the security industry gathers in San Francisco for the
yearly RSA show, including a large exhibition hall where new products
are being announced this week. NetworkWorld has the best roundup of
new, hot stuff at RSA:
http://www.networkworld.com/slideshow/33484?
Smartphone Hacking Linked To Rise In Identity Fraud
This is something you might want to send to your users as a reminder,
since it's got some TV footage that makes the point for you. Nearly 12
million Americans were victims of identity theft in 2011, an increase
of 13 percent over 2010, according to a recent report released by the
research firm Javelin Strategy & Research:
http://www.kfoxtv.com/news/news/smartphone-hacking-linked-rise-identity-fraud/nK6MS/
7 Levels of Hackers
Eric Chabrow over at the Government Info Security blog found an
interesting post by Stuart Coulson, who is a director of a hosting
provider in the U.K. Coulson wrote a somewhat longish post where he
identifies seven levels of hackers, the higher the number, the greater
the threat they pose. Eric summarized the levels, and provided a link
to the original longer article. Here they are:
1) Script Kiddies: Essentially bored teens with some programming skills
who hack for fun and recognition. They're thrill seekers.
2) The Hacking Group: A loose collection of script kiddies who wield
more power as a collective than as individuals, and can cause serious
disruption to business. Think LulzSec, known for attacks last year on
Sony, CIA and the U.S. Senate, among others.
3) Hacktivists: Collectives that often act with a political or social
motivation. Anonymous is the best known hacktivist group that has been
credited - or blamed - with attacks against child-porn sites, Koch
Industries, Bank of America, NATO and various government websites.
4) Black Hat Professionals: Using their expert coding skills and
determination, these hackers generally neither destroy nor seek
publicity but figure out new ways to infiltrate impenetrable targets,
developing avenues of attacks that could prove costly for governments
and businesses.
5) Organized Criminal Gangs: Led by professional criminals, these serious
hackers function within a sophisticated structure, guided by strict
rules to ensure their crimes go undetected by law enforcement.
6) Nation States: With massive computing power at their disposal, they
target critical infrastructure, military, utilities or financial sectors.
7) The Automated Tool: Fundamentally, it's a piece of software that acts
like a worm virus and tries to affect as much as possible to give itself
the largest possible framework. "A well-crafted tool could be utilized
by any one of the other six criminal types," Coulson says.
Good data! Here is the link:
http://www.govinfosecurity.com/blogs.php?postID=1206&
200,000 Windows PCs Vulnerable To pcAnywhere Hijacking
As many as 200,000 systems connected to the Internet could be hijacked
by hackers exploiting bugs in Symantec's pcAnywhere, including up to
5,000 point-of-sale programs that collect credit card data, a researcher
said. Read More:
Researcher_200_000_Windows_PCs_vulnerable_to_pcAnywhere_hijacking?">http://www.computerworld.com/s/article/9224481/
Researcher_200_000_Windows_PCs_vulnerable_to_pcAnywhere_hijacking?
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
The 'Pale Blue Dot' - a photograph of planet Earth taken in 1990 by the
Voyager 1 spacecraft from a distance of about 3.7 billion miles:
http://www.flixxy.com/pale-blue-dot.htm
Expert showmanship in the preparation of a banana pastry:
http://www.flixxy.com/banana-pancake-man-koh-tao-thailand.htm
Flame Glove. Homemade and dangerous but very cool!:
http://youtu.be/C4KuDBkWw2o
The Diet Coke And Mentos Engine...
http://www.flixxy.com/diet-coke-and-mentos-engine.htm
10 Questions for Kevin Mitnick. Interesting reading!
http://www.time.com/time/magazine/article/0,9171,2089344,00.html?xid=tweetbut
Animated illustration of a talk by Sir Ken Robinson, world-renowned education
and creativity expert:
http://www.flixxy.com/changing-education.htm
Cirque Du Soleil steals the 84th Academy Awards with their movie-themed dance performance:
http://www.flixxy.com/cirque-du-soleil-oscars-2012-performance.htm
World's First Helicopters - The Good, The Bad & The Dangerous! Archival footage of the World's first helicopters from 1921 to 1950:
http://www.flixxy.com/worlds-first-helicopters.htm
The world's premier large scale R/C airplanes flying at the IMAA (International Miniature Aircraft Association) Air Show in Montlucon-Gueret, France:
http://www.flixxy.com/international-miniature-aircraft-association-rc-air-show-2011.htm
Last but not least, this is a compilation of the best of 2011 Urban Art.
it's a 6 meg PowerPoint with lots of cool pictures, and the download is
worth the wait!
https://s3.amazonaws.com/knowbe4.cdn/Urban+Art+-+Best+of+2011.pps