CyberheistNews Vol 3, 43



CyberheistNews Vol 3, # 43
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 3, 43

Editor's Corner

KnowBe4

Half Of Federal Security Breaches Caused By Employees

This week, MeriTalk, a public-private partnership focused on improving the outcomes of government IT, announced the results of a new report. The study compares what cyber security professionals report about their agency's security with what end-users actually experience. The report concludes that agencies often fail to take the user experience into account when deploying cyber security solutions. And because of that, end users circumvent security measures and open their agency network up to data breaches and other attacks.

Most federal agencies constantly battle international cyber attacks, denial-of-service attacks, hackers, and data theft. However, only around 30% of Federal cyber security professionals feel completely prepared for these threats.

As a result of the numerous cyber threats, cyber security professionals are focused on keeping data secure but fail to prioritize the user experience. As security measures become less user-friendly, they also become less effective. Cyber security professionals estimate that almost half (49 percent) of all agency security breaches are caused by a lack of user compliance.

The most challenging end user applications to secure are email, external websites, and using the internet at their agency work stations, the same tools that practically all users rely on to get their job done.

The activities that cyber security professionals say are the most likely to cause a security breach are the same activities where end-users run into the most frustrating security measures. The top areas for cyber security professionals' concern and end-users' frustration are surfing the internet, downloading files, accessing networks, and transferring files.

End-users say cyber security measures hinder their productivity and as a result admit to breaking protocol. Sixty-six percent of users believe the security protocols at their agency are burdensome and time-consuming, and 31% of users say they use some kind of security work around at least once a week.

Despite frustrations, end users and cyber security professionals agree that cyber security should be a top priority for Federal agencies. Ninety-five percent of cyber security professionals and end users agree that the deployment of cyber security measures is an absolute necessity to protect agencies from cyber threats such as data loss, data theft, and denial-of-service attacks. Almost all (98 percent) say keeping agency networks and data secure is everyone's responsibility. A great way to start would be to give all employees effective security awareness training so that they better understand why these cyber security measures are necessary.

To download the full study go to:
http://www.meritalk.com/cybersecurityexperience

Quote of the Week

"There is a fine line between free speech and hate speech. Free speech encourages debate whereas hate speech incites violence." - Newton Lee

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here


You can read CyberheistNews online at our Blog!:
http://blog.knowbe4.com/bid/342455/CyberheistNews-Vol-3-42

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

Train Employees to Handle Sensitive Information Securely

You need to be compliant, but employees usually have little or no training when it comes to identifying sensitive information, leaving regulated data vulnerable.

KnowBe4 has a brand new 15-minute module of the Kevin Mitnick Security Awareness Training series. It specializes in making sure your employees understand the importance of safely handling sensitive information, like Personally Identifiable Information (PII), Personal Health Information (PHI), Credit Card data (PCI DSS), including your organization's proprietary information and are able to apply this knowledge in their day-to-day job for compliance with regulations. Learn more here, and ask for a quote. You will be surprised how affordable it is!
http://info.knowbe4.com/handling-sensitive-information-securely-13-10-22

KnowBe4

The Surprising Truth About Medical ID Thieves

The Government Health IT site had some very interesting new data: "Medical identity theft is up nearly 20 percent in the past year, according to a new study, making it the fastest-growing form of fraud in the United States.

The 2013 Survey on Medical Identity Theft, in fact, found that that an estimated 1.84 million people are victims of medical identity theft, costing victims an estimated $12.3 billion. While the extent of medical identity theft is surprising, even more alarming is its major cause: medical identity theft tends to run in families.

According to Larry Ponemon, chairman and founder of the Ponemon Institute, the research shows that almost 60 percent of the medical identity theft reported in the Ponemon study was due to misuse of medical credentials among family members.

In the Ponemon report, 36 percent of respondents paid an average of $18,860 in out-of-pocket expenses. Among other things, the medical identity thief may leave a string of unpaid medical bills that affect the victim's financial well-being. Also, corrupt medical records can and do lead to mistreatment, misdiagnosis, delay in treatment, or being prescribed the wrong pharmaceuticals.

In fact, 15 percent of the medical identity theft victims surveyed in the Ponemon study experienced a misdiagnosis as a result of the fraud, 12 percent were mistreated as a result of false information in their medical records, 14 percent experience a delay in treatment, and 11 percent were prescribed the wrong pharmaceuticals.

A recent paper by the Medical Identity Fraud Alliance cites the lack of awareness among professionals and consumers about the crime and its potential dangers. Few people think of themselves as having a medical identity and thus the idea of someone stealing their medical identity is not even on their radar screen, the report explained. KnowBe4's new module "Handling Sensitive Information Securely" would certainly be a good first step.
http://info.knowbe4.com/handling-sensitive-information-securely-13-10-22-adv

The article ended with: "Without extreme vigilance, the increased use of electronic health records under the broad umbrella of health reform, including the Affordable Care Act and the HITECH Act, will make it easier than ever to steal medical records. Medical identity fraud is a societal issue that must be addressed at all levels, from individuals to providers to health plans. But the efforts of the Medical Identity Fraud Alliance and the healthcare ecosystem as a whole can help to prevent these dangerous crimes." More at:
http://www.govhealthit.com/news/surprising-truth-about-medical-id-thieves-EHR-ACA-privacy-security

KnowBe4

PR Newswire Customer Credentials Stolen

Send this to the people in your PR and Marketing departments. They need to change their PR Newswire password immediately.

Press release distribution service PR newswire has acknowledged that criminal hackers compromised a customer database containing access credentials and contact data. PR Newswire said that the database held about 10,000 records. The company is urging affected customers to change their passwords. The stolen database was discovered on the same server where stolen Adobe source code was found several weeks ago, indicating that the thefts might be connected. The same group is believed to have broken into systems at Lexis-Nexis, Kroll Background America, and Dun and Bradstreet. More at:
http://krebsonsecurity.com/2013/10/breach-at-pr-newswire-tied-to-adobe-hack/

KnowBe4

What will the cybersecurity landscape look like in 2020?

Project 2020 is an initiative of the International Cyber Security Protection Alliance (ICSPA). Its aim is to anticipate the future of cybercrime, enabling governments, businesses and citizens to prepare themselves for the challenges and opportunities of the coming decade. Here is a short list of the expected cyber threats in 2020:

 

• A market for scramblers of mood recognition, remote presence and Near Field Communication technologies
• Highly distributed denial of service attacks using Cloud processing
• A move from device-based to Cloud-based botnets, hijacking distributed processing power
• A mature illicit market for virtual items, both stolen and counterfeit
• Distributed bulletproof and criminal processing
• Physical attacks against data centers and Internet exchanges
• Electronic attacks on critical infrastructure, including power supply, transport and data services
• Micro-criminality, including theft and fraudulent generation of micro payments
• Bio-hacks for multi-factor authentication components
• Cyber-enabled violence against individuals, and malware for humans
• Cyber gang wars
• Advanced criminal intelligence gathering, including exploitation of big and intelligent data
• High impact, targeted identity theft and avatar hijack
• Sophisticated reputation manipulation
• Misuse of augmented reality for attacks and frauds based on social engineering
• Interference with, and criminal misuse of, unmanned vehicles and robotic devices
• Hacks against connected devices with direct physical impact (car-to-car communications, heads-up display and other wearable technology, etc.)

Some of this sounds like sci-fi but then some of it sounds all too true. You wonder who will have jurisdiction in some of these fields. Interesting reading! :
https://www.icspa.org/uploads/media/ICSPA_Project_2020_%E2%80%93_Scenarios_for_the_Future_of_Cybercrime.pdf

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Absolutely stunning views of Germany from above. What a beautiful country!
http://www.flixxy.com/germany-from-above-1080p-hd.htm

UCSD students test fire 3D-printed metal rocket engine:
http://www.gizmag.com/3d-printed-rocket-seds/29306/?

Brothers Aryeh and Gil Gat sing Simon and Garfunkel's 'The Sound of Silence' on the Israeli TV show 'Rising Star'. They are both Rabbis!:
http://www.flixxy.com/the-amazing-rabbis-singing-simon-and-garfunkel.htm

'I'm Debbie, I love cats and I just want a soulmate!' First-time e-harmony video bio attempt. Even if this is faked by an actress, it's very entertaining:
http://www.flixxy.com/eharmony-video-bio.htm

A peek at the early days of the Quantum Artificial Intelligence Lab - a partnership between NASA, Google, and a 512-qubit D-Wave Two quantum computer.
http://www.flixxy.com/google-and-nasa-quantum-computer.htm

Aeromobil - the coolest flying car yet - has completed its first successful flight:
http://www.flixxy.com/aeromobil-flying-car.htm

An F-106 enters an uncontrolled flat spin, the pilot ejects, but then the airplane recovers and safely lands - without the pilot - on a wheat field. Unbelievable but true:
http://www.flixxy.com/cornfield-bomber.htm

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews