CyberheistNews Vol 3, #3
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu Sjouwerman"]
[/caption]Upper Management Often Ignores IT Security Policy
Over the years I have had a nagging suspicion that only today was confirmed.
I ran into a study done last year done by a company called Cryptzone who
interviewed 300 IT Security professionals at a trade show. The result are
not pretty. Almost half of upper management think they can sidestep security
policies and believe that "the rules don't apply to them" when it comes to
complying with IT security policies and procedures.
A whopping 42% admitted that upper management are regularly ignoring policies
and procedures and fail to perceive that perhaps instead they should have
been setting an example to employees. Worse, 52% of those surveyed agreed
with the statement that upper management have access to the most sensitive
information yet have the least understanding of security.
This shows where the problem starts in many cases: To be successful, IT
Security must be driven from the top down, and given air-cover from the
Chairman and CEO level to be truly effective. As long as that does not happen,
you will continue to read about databreaches in tomorrow's newspaper. In the
coming issues I will suggest some strategies to help you convince upper
management. You can see the whole survey and the results. Ouch:
http://www.cryptzone.com/_download/articles/Cryptzone_Study_Perceptions_Security_Awareness.pdf
Facebook Graph Search Is Social Engineering Bonanza
Zuck has come out with something new, and you always need to watch it
when that happens. It’s a combination of big data and social networking
so that people can easily find new friends, dates, customers or business
partners. In short, it’s more or less a search engine that allows you
to track down Facebook users that meet the criteria you specify. With
all that personally relevant data at hand, this new Graph Search function
is a bonanza for social engineers that now can manipulate you even easier
and/or send spear-phishing attacks. This data can be used in a variety
of scams. They are currently beta testing and are planning to release it
this summer. The only thing I can say is that it is more important than
ever to THINK BEFORE YOU CLICK, and get some very good security awareness
training. Read the story below about the types of Facebook hacks you
(and your employees) need to watch out for.
Quotes of the Week
"You cannot escape the responsibility of tomorrow by evading it today." - Abraham Lincoln
"'Java' stands for 'Just Another Vulnerability Announcement'" - someone on the Internet
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/cyberheist-news/
NEW: Kevin Mitnick Security Awareness Training
Your end-users are the weak link in your network security. Traditional
once-a-year Security Awareness Training doesn't hack it anymore. Today,
your employees are frequently exposed to advanced phishing attacks.
Your users need to be trained by an expert like Kevin Mitnick, and
after the training stay on their toes.
Find out how affordable this is for your organization now! Click on the orange "Get A Quote" button on this page:
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Facebook Scams You (And Your Employees) Need To Watch Out For.
Facebook is loved far and wide by scammers. It's a great pool of an
almost unlimited amount of victims, most of whom are gullible enough
to fall for the most simple scams. Shooting fish in a barrel! Better
yet, a bunch of these Facebook users are "endorsing" the scam giving
it even more credibility. Incredible isn't it?
Most people think of Facebook as this secure, walled garden where
nothing bad can happen because Zuck is watching out for you. Think
again. There are several different categories of scams out there
lying in wait. Many of these are recycled with small updates on a
regular basis. Here are the different scam flavors:
- Account related scams
- Free stuff from third parties
- Benefit from (fake) news
- Curiosity Traps
Now, Zeljika Zorz over at net-security.org has done a great write-up
of many of these and I will link to her article at the end. Here are
a few that I am quoting:
"Facebook changes its look and functionalities often, but a lot of users
dislike any kind of change. This normal human tendency is often misused
by scammers who offer bogus Facebook Timeline deactivation options.
"An even greater number of scams targets those who aren't satisfied with
features offered by the social network and are tricked into believing
that there are ways to add functionalities such as the ability to view
who checks out their profile more often, view who has deleted or unfollowed
them, to see how many hours they spent on Facebook, to post again their
first post, to add a Dislike button, to change their Facebook color theme,
and even to add a Facebook security app to guard their accounts or to
try a Facebook 2013 Demo app.
"Next we have the scams that profess that Facebook is giving out something
for free: an official Facebook T-shirt or mug to celebrate the social
network's birthday, the random $50,000 reward, free Facebook Credits,
or even a free mobile recharge.
"Lastly, there are scams that try to scare users into doing something
because Facebook is closing all accounts, will close theirs because
of overpopulation, will start charging users, or the Facebook Security
Team will suspend their page.
"It's also good to know that Facebook-themed scams - and especially
phishing attempts and malware-infection attempts - can often come
in the form of fake Facebook notification emails - password change
notifications, account cancellation (or deactivation) warnings,
offensive comment notices, friend requests, and so on." More:
http://www.net-security.org/secworld.php?id=14252
Healthcare Security Awareness Training
I was interviewed in 'For The Record Magazine', a leading publication for
Healthcare. The article was about the risks of Bring Your Own Device (BYOD)
in healthcare environments and how to mitigate these risks. One of the areas
that is very important in a BYOD healthcare environment is security awareness
training, the article explains. Here is a link to For The Record Magazine
http://www.csoonline.com/article/725585/12-security-resolutions-for-2013?
The article is called "Left To Their Own Device" and is on page 14.
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Super Fave: 21 extraordinary dancers deliver a visual spectacle that
is at once intricate and stirring:
http://www.flixxy.com/thousand-hands-guan-yin-dance.htm
Winter is a time for fun and adventure. Watch these amazing clips:
http://www.flixxy.com/best-of-winter-2012.htm
Four seasons of travel on Norway’s northernmost railway, filmed by the
Norwegian Broadcasting Corporation and edited into a 3 minute video:
http://www.flixxy.com/a-journey-through-seasons-norway.htm
11 Famous Business Cards That Became Legendary. Check out the last one!
My business partner Kevin's:
http://www.bitrebels.com/design/10-famous-business-cards/
This is the best ever, how a 13 year old tried to hack a Steam account,
and got social engineered himself:
http://gadgetzz.com/2011/08/15/this-is-the-best-ever-how-a-13-year-old-tried-to-hack-a-steam-account-and-got-hacked/
The Akamai Real-time Internet 'Weather Report' with an option to see
Attack Traffic. Check the Attack box - again Real-time! Interesting.
http://www.akamai.com/html/technology/dataviz1.html
Dear Abby passed away this week at 94. Here are 13 of her best zingers,
hilarious:
http://theweek.com/article/index/238998/13-of-dear-abbys-best-zingers
Funny courtship dances of our feathered friends - put to the theme
music of "Zorba The Greek.":
http://www.flixxy.com/funny-courtship-dances-of-our-feathered-friends.htm
The World's tightest parking spot - impossible to get in and out of. But
nothing is impossible in Sao Paulo, Brazil!:
http://www.flixxy.com/parking-impossible.htm
Gaytor, the wire haired fox terrier, enjoys skyping other dogs:
http://www.flixxy.com/dogs-communicate-with-skype.htm
