CyberheistNews Vol 2, #33
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]Security Is Not Only Training, It's Culture
We all went to school, but how would you do if you were asked to
retake your finals? Neither would I. Education fades unless it
is regularly reinforced. And even the reinforcement is liable to
go 'on autopilot' and lose its effect. Security needs to become an
ingrained habit to truly work, and that means it needs to be part
of your company culture.
Some organizations have a strong security culture, others not so much.
Those are the ones you will find in the story below: 'The Worst
Security Snafus Of 2012 - So Far'. If the company as a group does
not care much about security, that reflects in everyone's behavior
including IT's approach to security and compliance, whether they
like it or not. IT in those cases often does not get the budget
to do it right.
Ideally, you need a security culture driven from the top down which
makes sure that institutional security knowledge gets documented,
retained, drilled into new employees during their onboarding, and
from there on kept alive by training, events, reminders and regular
security audits that will have repercussions if someone fails.
Only then the general consensus and necessity level will be high
enough to make your organization a hard target that is too expensive
to attack.
Quotes of the Week
"Impossible is not a fact. It's an opinion." - Muhammad Ali
"The imagination of nature is far, far greater than the imagination
of man." - Richard Feynman
"The greatest dangers to liberty lurk in insidious encroachment by
men of zeal, well-meaning but without understanding." - Brandeis
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Released! Kevin Mitnick Security Awareness Training
Traditional once-a-year Security Awareness Training doesn’t hack it
anymore. Today, employees are frequently exposed to sophisticated
phishing attacks, and your users are now the weak link in your
network security. They need to be trained by an expert, and after
the training stay on their toes, keeping security top of mind.
Click on the orange 'Get A Quote' button and find out how affordable
this is!
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Busy? Just take 90 seconds and watch this brand new video about the
new Kevin Mitnick Security Awareness Training . You'll be glad you did:
http://www.knowbe4.com/video-kevin-mitnick-security-awareness-training/
Cybercrime Black Market Almost As Big As Illegal Drugs Industry Now
The School of Technology and Design at Rasmussen College researched
and compiled information from all over the Net for a new infographic
(link below)
Fifteen percent of online people experienced a “real-world” crime in 2011,
compared with 44 percent who were affected by cybercrime. It has become
a business like any other organized crime is a business. Rasmussen claims
personally identifiable information earned hackers around $388 billion
last year, which is on par with how much money is made from trafficking
and selling illegal drugs — a $411 billion industry in 2011 - and a lot
less risky. However, note that they add "value of time lost" as $274
billion.
Even if the numbers are wildly exaggerated and it's only half as bad,
it still means almost 200 billion. They identity some specifically risky
behaviors, and 6 common mistakes to avoid. Check out the infographic,
which is interesting but read the comments which point out some omissions:
http://venturebeat.com/2012/07/12/cyber-crime-rasmussen/
The Worst Security Snafus Of 2012 - So Far
NetworkWorld has the list of shame for the first six months of the year.
Could things really be this bad? From the embarrassing hack of a
conversation between the FBI and Scotland Yard to a plethora of
data breaches, security snafus have ruled the first half of 2012.
Here's a look at some of the worst snafus month-by-month. Look,
learn, and don't let this happen to you:
http://www.pcworld.com/article/259258/a_look_at_the_worst_security_snafus_of_2012_so_far.html
Bank Sues Customer Over ACH/Wire Fraud
Tracy Kitten at BankInfo Security reported on this: “In another legal
wrangling over liability linked to ACH and wire fraud, a bank is
taking action against a former commercial customer, claiming the
customer, not the bank, is liable for losses and damages, as well as
legal costs. In March, BancorpSouth, a $14.3 billion bank in Mississippi,
filed a counterclaim against Choice Escrow and Land Title LLC, a
family-owned business based in Missouri. This week, Choice Escrow
co-owner Jim Payne is being questioned in a deposition tied to the
counterclaim. BankInfo Security has the whole story and background.
http://www.bankinfosecurity.com/bank-sues-customer-over-achwire-fraud-a-4945?
System Admin Ben Free Needed To Delete A BotNet From 532 Workstations and 32 Servers. He Did It In 10 Minutes.
An end-user clicked on a phishing link and a worm infected his whole
network. How did he get rid of it?
1) Found out what the name was of the executable.
2) Created a Policy and instructed it to: (a) Delete executable (b) Block it from running.
3) Assigned the policy to the infected servers and workstations.
Voila!
10 minutes later the malware was deleted and blocked from even starting up. The product he uses to do that? InstantRevert!
Real-time compliance brought to you by KnowBe4. Learn more about it here:
http://www.knowbe4.com/products/instantrevert/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Super FAVE. Yes, I know, It's a Red Bull ad, but wow it's good. Felix
Baumgartner could become the first person to break the speed of sound
with his own body, protected only by a space suit:
http://www.flixxy.com/supersonic-freefall-from-the-edge-of-space.htm
More space: The "Sentinel" mission plans to place an asteroid-hunting
space telescope into orbit around the Sun in search of asteroids that
could impact Earth:
http://www.flixxy.com/sentinel-asteroid-hunting-space-telescope.htm
Next time you redecorate your living room, try this new invention:
The room is continually redecorated using two projectors and
state-of-the-art software. Interesting!:
http://www.flixxy.com/digital-redecorating.htm
Want to know what it's like to crash-land a sailplane - for real? This is
an "almost perfect" emergency landing, until an unnoticed mailbox
catches the right wing of the sailplane:
http://www.flixxy.com/an-almost-perfect-emergency-landing-in-a-sailplane.htm
The world's highest hydraulic boat lift can haul 1,900 tons in 90
seconds and uses no electricity - just water and gravity!:
http://www.flixxy.com/ultra-energy-efficient-boat-lift.htm
I have discovered a website that shows you your influence in social
media. Name of the site is KLOUT and it's quite interesting. Check
it out, or forward this link to marketing.
http://klout.com/?i=1009527&v;=dashboard_opt_in&n;=gn
How to explain the "Higgs Boson" to a seven-year-old:
http://www.flixxy.com/higgs-boson-how-to-explain-it-to-a-seven-year-old.htm
Another Russian flashmob near the Red Square in Moscow to the music of
"Puttin' on the Ritz". PS: It was COLD out there:
http://www.flixxy.com/russian-flashmob.htm
Tree relocation made easy, using an ingenious truck-mounted tree spade:
http://www.flixxy.com/tree-relocation-made-easy.htm
Technology and art collide as 16 quadcopters give a light and sound show:
http://www.geek.com/articles/geek-cetera/technology-and-art-collide-as-16- quadcopters-give-a-light-and-sound-show-20120628/
Gwapo's Professional DDOS Service. The sad truth is that this is a real
service. This is just one ad in a series for this criminal company:
http://www.youtube.com/watch?v=c9MuuW0HfSA
Last but not least: 10 Brainteasers to Test Your Mental Sharpness:
to-test-your-mental-sharpness/">http://www.forbes.com/sites/work-in-progress/2012/05/15/10-brainteasers-
to-test-your-mental-sharpness/
