CyberheistNews Vol 2, #31
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]Released! Kevin Mitnick Security Awareness Training
I am super excited to officially announce we have released the new
Security Awareness Training that Kevin and I have worked so hard
on the last 8 months. Both of us were mentioned in a Wall Street
Journal article last year, we got to discuss the problem of social
engineering, and we decided to team up and build a new training from
the ground up. It's here now, and it's got some unique features!
Kevin: "The threat posed by malware should not be underestimated,
particularly considering that employees have consistently proven to be
the weak link in companies’ Internet security efforts,” noted Mitnick.
"In most cases, their involvement is unintentional – they unknowingly
allow access to corporate networks simply because they don’t know what
to watch out for. That’s why our Internet security awareness training
is designed to ensure they understand the mechanisms of spam, phishing,
spear-phishing, malware and social engineering, and are able to apply
this knowledge on the job. This allows organizations to create a ‘human
firewall’ that actively works to prevent network security breaches."
Check it out over here, and have a look at the unique new job-aid we
have for your employees: 'Social Engineering Red Flags'. I recommend
you click on the orange 'Get A Quote' button and find out how affordable
this is!
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
I Was Interviewed On TV Thursday
Cyber threats reported by U.S. energy companies, public water districts
and other infrastructure facilities surged last year, a new government
report shows. The Department of Homeland Security's Industrial Control
Systems Cyber Emergency Response Team said that it received 198 reports
of suspected cyber incidents, or security threats, in 2011, more than
four times(!) the 2010 level. BayNews9 wanted an expert to comment on
this and asked me to come over. I was able to explain why it's urgent to
give employees security awareness training. Here is the 9-minute segment:
http://www.youtube.com/watch?v=74bofWwWjM4
Quotes of the Week
"Top of your ToDo list: Don't ignore your dreams; don't work too much;
say what you think; cultivate friendships; be happy." - Paul Graham
"We act as though comfort and luxury were the chief requirements of life,
when all that we need to make us happy is something to be enthusiastic
about." - Einstein
"Keep away from people who try to belittle your ambitions. Small people
always do that, but the really great make you feel that you, too, can
become great." - Mark Twain
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Released! Kevin Mitnick Security Awareness Training
Traditional once-a-year Security Awareness Training doesn’t hack it
anymore. Today, employees are frequently exposed to sophisticated
phishing attacks, and your users are now the weak link in your
network security. They need to be trained by an expert, and after
the training stay on their toes, keeping security top of mind.
Click on the orange 'Get A Quote' button and find out how affordable
this is!
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Busy? Just take 90 seconds and watch this brand new video about the
new Kevin Mitnick Security Awareness Training . You'll be glad you did:
http://www.knowbe4.com/video-kevin-mitnick-security-awareness-training/
Cybercriminals Sniff Out Vulnerable Firms
I could have written this headline myself. But I didn't, it was Sarah
Needleman at the Wall Street Journal. And she's right, that is exactly
what is happening.
She started out with: "With cybercriminals a greater threat to small
businesses than ever before, more entrepreneurs like Lloyd Keilson are
left asking themselves who is to blame for hacking attacks that drain
their business accounts. In May, Lifestyle Forms & Displays Inc., a
mannequin maker and importer led by the 65-year-old Mr. Keilson, had
$1.2 million wiped out of its bank accounts in just hours through online
transactions. The theft from the Brooklyn, N.Y., company, which has
about 100 employees, wasn't an isolated incident."
Nope, it sure ain't. The bad buys scan websites all day, every day
with fully automated tools very similar to Nessus and Qualys and
look for holes. Once found, they have automated tools to see if the
holes can be exploited. Only then a human criminal get involved,
who, again, has a whole lot of automated tools at their disposal.
In parallel with that, one in every roughly 300 emails is a phishing
attack. Compare that to about 100 emails sent and received per day by
the average corporate user. Can you say: "shooting phish in a barrel"?
"Small businesses feel like they're immune from cybercrime, and they're
wrong. They are absolutely on the list of potential targets of
cybercriminals," said Larry Ponemon, chairman of the Ponemon Institute,
a privacy think tank in Traverse City, Mich.
To see the graph with this article that illustrates the company sizes
that get attacked most. Note that cybercrime is moving from large to
small companies. Click here:
http://blog.knowbe4.com/cybercriminals-sniff-out-vulnerable-firms/
Read the WSJ article, it has some good suggestions at the end. This is
also a good one to forward to C-level Executives:
http://online.wsj.com/article/SB10001424052702303933404577504790964060610.html
Why BYOD Is Scary
Bring Your Own Device is a battle for IT. The problem is on the one
hand security, and on the other hand usability - which has the
winning hand at the moment.
End-users including myself do not particularly like the hassle of
authentication. They are OK with security as long as it is not in
their way. Of course the problem with BYOD is that it provides
less security, not more. A lost device that has access to company
data is an instant security issue. Also, employees get social
engineered via these devices. Mobile malware is skyrocketing.
BYOD for the average user means freedom from the rules that IT
has for the network. They can work when and where they want. Now,
security is always a matter of making it harder for an attacker
to break in, and drive up their cost. But BYOD is making it (a lot)
easier instead. You don't want to know how many iPhones get stolen
in the New York subway every day. If this is a topic that relates
to your own environment, Roger Grimes has a really good story
for you in InfoWorld this week:
http://www.infoworld.com/d/security/why-byod-scares-me-196875
Court Ruling Could Be Boon to Cyberheist Victims
Brian Krebs reported some very good news. A decision handed down by
a federal appeals court this week may make it easier for small
businesses owners victimized by cyberheists to successfully recover
stolen funds by suing their bank. The U.S. Federal Court of Appeals
for the First Circuit has reversed a decision from Aug. 2011, which
held that Ocean Bank (now People's United) was not at fault for a
$588,000 cyberheist in 2009 against one of its customers -- Patco
Construction Co. The appeals court sent specific aspects of the
earlier decision back to the lower court for review, but it
encouraged both parties to settle the matter out of court.
Here is his full post, this is recommended reading:
http://krebsonsecurity.com/2012/07/court-ruling-could-be-boon-to-cyberheist-victims/
Released! Kevin Mitnick Security Awareness Training
Traditional once-a-year Security Awareness Training doesn’t hack it
anymore. Today, employees are frequently exposed to sophisticated
phishing attacks, and your users are now the weak link in your
network security. They need to be trained by an expert, and after
the training stay on their toes, keeping security top of mind.
Click on the orange 'Get A Quote' button and find out how affordable
this is!
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Busy? Just take 90 seconds and watch this brand new video about the
new Kevin Mitnick Security Awareness Training . You'll be glad you did:
http://www.knowbe4.com/video-kevin-mitnick-security-awareness-training/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Watch this brand new video about the new Kevin Mitnick Security Awareness Training . You'll be glad you did:
http://www.knowbe4.com/video-kevin-mitnick-security-awareness-training/
Super Fave: In an ancient Chinese temple, two female martial artists face
off in a battle for the power outlet. LOL
http://www.flixxy.com/ultrabook-house-of-flying-laptops-intel.htm
After 20 years, filmmaker and cartoonist Jeremiah McDonald reunites with his
12-year-old self for a little Q&A;:
http://www.flixxy.com/a-conversation-with-my-12-year-old-self.htm
And here is THIS week's 5-minute vacation: Greece. A stunningly beautiful
time lapse of Athens, Meteora, Zagori, Zakynthos, Olympia, Dimitsana,
Argos, Nafplio, Epidavros and Santorini:
http://www.flixxy.com/greece-time-lapse-alt.htm
Top Gear’s James May drives and flies the Aerocar, a roadable aircraft,
designed and built in the 1950s:
http://www.flixxy.com/1956-aerocar-drive-and-fly-by-top-gear-james-may.htm
On the Effectiveness of Aluminum Foil Helmets. An Empirical Study:
http://berkeley.intel-research.net/arahimi/helmet/
Alex Chadwick plays 100 famous guitar riffs in one take, giving you a
chronological history of rock n' roll:
http://www.flixxy.com/a-brief-history-history-of-rock-n-roll.htm
Cool off and relax with "Water Time" by Luc Bergeron:
http://www.flixxy.com/summer-water-fun-2012.htm
Over the course of 11 months, a Triumph Spitfire sports car enthusiast from
the UK took over 3,000 pictures while working on rebuilding its engine:
http://www.flixxy.com/rebuilding-a-triumph-spitfire-engine-stop-motion.htm
The "Vallès Symphony Orchestra", "Chamber Song Choir", "Friends of The Opera"
and the "Choral Belles Arts" showed up at the town square of Sabadell for an
uplifting performance of the "Ode to Joy" by Ludwig van Beethoven:
http://www.flixxy.com/symphony-orchestra-flash-mob-sabadell-spain.htm
Here is an explanation of RAID (Redundant Array of Independent Disks)
that even the janitor could understand:
http://www.ghen.be/raid.jpg:
The loft cube is designed for people on the move. When they change locations
they can take their home with them:
http://www.flixxy.com/the-loft-cube.htm
Last but not least. Who knew that a Ford Fiesta could be this much fun:
http://www.youtube.com/watch?v=LuDN2bCIyus&feature;=player_detailpage
