CyberheistNews Vol 7 #28 New. Your Complimentary Customized Automated Security Awareness Program: ASAP!



CyberheistNews | KnowBe4

CyberheistNews Vol 7 #28
New. Your Complimentary Customized Automated Security Awareness Program: ASAP!

Many IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization. We’ve taken away all the guesswork with our new, no-charge Automated Security Awareness Program (ASAP).

ASAP is a revolutionary tool for IT professionals, which allows you to create a customized security awareness program for your organization that will help you to implement all the steps needed to create a fully mature training program in just a few minutes!

The program is complete with actionable tasks, helpful tips, courseware suggestions and a management calendar. Your custom program can then be fully managed from within the KnowBe4 console. You also have the ability to export the full program as a detailed or executive summary version in PDF format, use it for compliance requirements, and reporting to management.

The process of creating the program is simple enough, answer between 15-25 questions about your goals and organization, and a program will be scheduled for you automatically. The program tasks will be based on best-practices how to achieve your security awareness goals. You have an easy calendar view to plan and deploy your security awareness program.

Here's how it works:
  • 15-25 questions depending upon answers
  • Suggested training materials based on answers
  • Choose and change your program start date and tasks
  • Calendar and list view of tasks
  • Dashboard with program status, % complete, tasks overdue, etc.
  • Detailed and summary exportable PDF versions of your program
  • Fully mature awareness program ready in 10 minutes
Find out what YOUR program will look like. There is no cost... Start ASAP!
https://info.knowbe4.com/asap-chn

PS: If you’re a current KnowBe4 customer, just login to your console, click on ASAP at the top right and get started.
Second Quarter 2017 Top-Clicked Phishing Tests [INFOGRAPHIC]

KnowBe4 customers run millions of phishing tests per year, and we report quarterly on the latest top-clicked phishing email subjects so our customers know what the highest-risk phishing templates are. That way they can keep up with current threats and inoculate their last line of defense, their users, against the most prevalent social engineering attacks.

This InfoGraphic shows the most frequently clicked phishing emails from Q2 2017 in 3 separate categories: subjects related to social media, general emails and 'In The Wild' attacks that we received from our customers by employees clicking the Phish Alert Button on real phishing emails and sending the email to us for analysis.

While the results show that users click most frequently on business-related subject lines (“Security Alert” is the highest ranked at 21 percent), they still click with alarming frequency on subject lines completely unrelated to work topics. Blog post with InfoGraphic here:
https://blog.knowbe4.com/second-quarter-2017-top-clicked-phishing-tests-infographic

Fortune Magazine wrote: "Beware of These Top 10 Phishing Emails. Would You Fall for Them?"

Robert Hackett at Fortune Magazine looked at KnowBe4's numbers and wrote: "One hazard of being a cybersecurity reporter is that attackers send phishing emails to my inbox on a daily basis. If you don't believe me, ask the security team at Time Inc., Fortune's parent company."

"Truth is, anyone online can be a target for hackers, spies, and cybercriminals. You might not think you're that interesting, but the funny thing about networks is that even if you are boring (surely, you mustn't be, given that you're a Fortune reader), hackers may still aim to A) profit from your misfortune, and B) use you as stepping stone to get at someone else."

Excellent article with a video at the top. Send this to your C-Level team that holds the budget purse strings. KnowBe4's Q2 Phishing report is featured:
http://fortune.com/2017/07/13/email-security-phishing/
Going to Black Hat in Las Vegas Next Week?

Get your Complimentary Book Signed by Kevin Mitnick at KnowBe4’s Booth #1848

Stop by KnowBe4’s Booth #1848 for Kevin Mitnick’s Book Signing! Meet the ‘World’s Most Famous Hacker’ and get a signed copy of his new book: Wednesday, July 26, 5-7pm while they last!

We will also have cool swag at the show. See us to get your light-up "Axe To Grind With Ransomware!" and watch a demo of the innovative KnowBe4 Security Awareness Training Platform to train and phish your users. Plus, be entered to win a 500-dollar cash prize.

Drop by KnowBe4’s Black Hat Booth #1848
Cyber Security Pros Work Weekends and Still Feel Unprepared

Recent surveys by Farsight and Anomali find that 57% of InfoSec pros work weekends, and nearly a third of survey respondents noted they work on average 10-hour days, but also, one in three state they lack effective intelligence to detect and action cyber threats.

The Farsight survey queried 360 IT cyber security professionals, and found 97% indicated they still find their jobs rewarding and that 85% plan to remain working in security, however 24 percent believe they are at least one year behind the average threat actor, with half of this sample admitting they are trailing by two to five years.

Among other findings are that 17 percent of respondents haven't invested in any threat detection tools such as SIEM, paid or open threat feeds, or User and Entity Behavior Analytics (UEBA). Two-thirds of respondents maintain fewer than 200 days of log data online for analysis and forensics, despite hackers often lurking undetected for this length of time.

The study shows that 80 percent of security professionals don't consult historical logs on a daily basis to investigate past exposure to threats. Plus only 13 percent compare historical logs with threat feeds or indicators of compromise daily.

The conclusion is clear, there is a massive information security overload: too much noise, not enough signal.

Since a significant amount of this noise is created by end-users, it's a good idea to get these employees stepped through new-school security awareness training so they are not causing malware infections on their workstation.

Let's stay safe out there.

Warm Regards,
Stu Sjouwerman
Founder and CEOKnowBe4, Inc.

Quotes of the Week
"If you light a lamp for someone else it will also brighten your path." - Buddha

"There are two ways of spreading light: to be the candle or the mirror that reflects it." - Edith Wharton



Thanks for reading CyberheistNews
Security News
America Isn’t Ready for a ‘Cyber 9/11’

The Wall Street Journal is calling for a Department of Cybersecurity, and explain the risks and need for increased budget and organization to prevent a Cyber 9/11. I suggest you send this link to your C-level execs as part of your budget discussions.

They said: "Cyberattacks have become capable of much more than stealing consumer information or embarrassing business executives and politicians. Whether conducted by lone wolves or nation-states, they can compromise the safety of medical, food and water systems, disrupt transportation, or even destabilize nuclear plants. Such attacks can undermine democratic institutions or encourage violence by spreading false information. The cyber threat has become existential." Link: (paywall)
https://www.wsj.com/article_email/america-isnt-ready-for-a-cyber-9-11-1499811450-lMyQjAxMTE3NDExMjcxNTI5Wj/
Business Braces for More Ransomware Assaults

Baseline Mag has a great slide show with the results of an ISACA survey (Information Systems Audit and Control Association), a nonprofit group for IT and information systems professionals.

More than four out of five survey respondents expect an upsurge in attacks, and most of them said they are at least somewhat prepared. Still, about one-fourth admit that they aren't ready, and fully half have not trained their employees to deal with ransomware. That's risky, warns ISACA CEO Matt Loeb, who says, "WannaCry, Petya, Cryptolocker … ransomware will continue to be news and become the norm. What's needed is protection before an attack—not just a swift recovery afterwards."

Besides educating employees, enterprises should be more aggressive in applying software patches, which Loeb sees as critical to protecting an organization from the crippling consequences of an attack. The majority of organizations in the study have not yet experienced a ransomware attack, and only a very small minority of respondents said their organization would pay the ransom if it were hit.

Still, complacency is dangerous. "Don't assume your enterprise 'might' be a victim of ransomware," Loeb stresses. "Assume it will. Every organization needs to focus on being prepared for the next ransomware attack, through training, frequent software updates or hiring highly skilled staff." The survey included 448 respondents. About half the participating organizations have fewer than 1,500 employees, 23 percent have 1,500 to 9,999, and 28 percent have 10,000 or more workers.

They represent a wide range of industries, with financial/banking firms and technology services/consulting firms leading the way. The survey group covers the globe. Here is the slide show. Good budget ammo:
http://www.baselinemag.com/security/slideshows/business-braces-for-more-ransomware-assaults.html
The Hackers Smell Blood Now, Not Silicon

Steve Morgan wrote an excellent post with the Top 5 cybersecurity facts, figures and statistics for 2017. These predictions and observations provide a 30,000-foot view of the cybersecurity industry. The comment about hackers smelling blood caught my eye...

"These top level numbers summarize the cybersecurity industry over the past year and indicate what's in store for the next five years.

1. Cyber crime damage costs to hit 6 trillion dollars annually by 2021. It all begins and ends with cyber crime. Without it, there's nothing to cyber-defend. The cybersecurity community and major media have largely concurred on the prediction that cyber crime damages will cost the world 6 trillion dollars annually by 2021, up from 3 trillion dollars just a year ago. "Cyber theft is the fastest growing crime in the United States by far," according to U.S. President Donald Trump.

2. Cybersecurity spending to exceed 1 trillion dollars from 2017 to 2021. The rising tide of cyber crime has pushed cybersecurity spending on products and services to more than 80 billion dollars in 2016, according to Gartner. It's not clear if that includes an accounting of IoT device protection and total consumer spending on security. Global spending on cybersecurity products and services are predicted to exceed 1 trillion dollars over the next five years, from 2017 to 2021.

3. Cyber crime will more than triple the number of unfilled cybersecurity jobs, which is predicted to reach 3.5 million by 2021. Every IT position is also a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure and people. The cybersecurity workforce shortage is even worse than what the jobs numbers suggest. As a result, the cybersecurity unemployment rate has dropped to zero percent.

4. Human attack surface to reach 4 billion people by 2020. As the world goes digital, humans have moved ahead of machines as the top target for cyber criminals. Microsoft estimates that by 2020 4 billion people will be online — twice the number that are online now. The hackers smell blood now, not silicon.

5. Global ransomware damage costs are predicted to exceed 5 billion dollars in 2017. That's up from 325 million dollars in 2015—a 15X increase in two years, and expected to worsen. Ransomware attacks on healthcare organizations—the No. 1 cyber-attacked industry—will quadruple by 2020.

What does it all mean? Last year, Ginni Rometty, IBM's chairman, president and CEO, said, "Cyber crime is the greatest threat to every company in the world." And she was right. During the next five years, cyber crime might become the greatest threat to every person, place and thing in the world.

Here is a link to the post, which is riddled with links to all the sources, this is a great resource!
http://www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics-for-2017.html
BT and KPMG Warn Businesses Against Cyber Security Traps

The UK has completely woken up to the threat of cyber security. This article shows BT and KPMG warning about the risks and provide practical advice. Here is one point that they stressed:

"Furthermore, everyone in the organisation, from the board down, must take responsibility for maintaining high standards of cyber hygiene, while businesses must invest in training and raise awareness amongst staff. This can help turn employees from the weakest point in any security chain into every company’s greatest asset in the fight to protect data."

We could not agree more. Here is the whole article:
http://www.mondovisione.com/media-and-resources/news/bt-and-kpmg-warn-businesses-against-cyber-security-traps-investing-in-it-secur/
Can You Be Spoofed? Find out for a Chance to Win.

Did you know that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain? Now they can launch a "CEO fraud" spear phishing attack on your organization.

KnowBe4 can help you find out if this is the case with our complimentary Domain Spoof Test and enter you to win an awesome Stormtrooper Helmet Prop Replica at the same time.

Also, EVERYONE in the US/Canada will receive a real Kevin Mitnick collectible stainless steel lock-pick business card!

To enter just go here fill out the form, it's quick, easy and often a shocking discovery. Yep, it’s that easy.
https://info.knowbe4.com/dst-sweepstakes-062017
Interesting News Items This Week

LeakerLocker ransomware threatens to dox Android users as extortion:
https://www.grahamcluley.com/leakerlocker-ransomware-threatens-to-dox-android-users-as-extortion/

Almost 12,000 Records Compromised in Two New Ransomware Attacks:
http://www.hipaajournal.com/almost-12000-records-compromised-ransomware-attacks-8878/

Data Breach hits California Association of Realtors:
https://www.scmagazine.com/data-breach-hits-california-association-of-realtors/article/673795/

New Ransomware Threatens to Send Your Internet History & Private Pics to All Your Friends:
http://thehackernews.com/2017/07/leakerlocker-android-ransomware.html

Magala trojan hijacks Internet Explorer, then commits click fraud:
https://www.scmagazine.com/magala-trojan-hijacks-internet-explorer-then-commits-click-fraud/article/674602/

Verizon Data of at Least Six Million Users (but probably 14) Leaked Online:
https://www.infosecurity-magazine.com/news/verizon-data-six-million-users/

Enterprises face 3,680 potential phishing emails each week:
https://www.helpnetsecurity.com/2017/07/13/potential-phishing-emails/

How Vulnerable Are We to Phishing? Our Sysadmin Wanted to Find Out:
http://www.coastdigital.co.uk/2017/07/12/vulnerable-phishing-sysadmin-wanted-find/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | Google | YouTube
Copyright © 2014-2017 KnowBe4, Inc. All rights reserved.



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews