As a CEO with VC investors, I follow what happens in the venture capital space and what things VCs are interested in regarding their investment strategies. I was happily surprised to see Andreessen Horowitz, of the world's preeminent VC's to come out with a slide deck and 20-minute video presentation that essentially is pure security awareness training.
Martin Casado, one of their general partners explained in a new blog post that the new attack surface is your life, and gave examples of several recent social engineering attacks and how they played out.
'En masse, attackers are moving from these traditional targets of companies and systems and actually are focusing on you.'
He said: "From business email compromise to SIM ports, cyberattacks have shifted from networks to you. And it’s been an incredibly profitable pivot, with cyberhackers like GandCrab claiming earnings of $2.5M per week. How can you protect yourself when the new attack surface is your life and phishing attacks are more sophisticated than ever?"
"In the never-ending game of cybersecurity cat-and-mouse, what trends are in the good guys’ favor? And how might both software and hardware work together to protect you and your company? En masse, attackers are moving from these traditional targets of companies and systems and actually are focusing on you."
He's got a great deck that you can use as budget ammo, and I'm showing one of the slides that shows how many more phishing attacks are launched today compared to the last few years:
In their related post 16 Tips to Secure Your Data (and Your Life) they forgot to mention you need to train your users, but we won't be too upset with them, these are excellent tips !! :-D
It's 20 minutes, just like a TED presentation and here are the show notes.
- Attacks have shifted from your company’s network to you [0:55]
- How much it costs to break into a device [2:55]
- How much it costs to hack you [3:58]
- Business email compromise (BEC) is a $26B business [4:58]
- Why BEC victims tend to be small to medium-sized businesses [5:40]
- Phishing sites have replaced malware sites as the point of access [6:38]
- Breaking down SIM port attacks (e.g. SIM swapping/jacking) [7:45]
- One of the largest tech breaches started with photos from a company BBQ [11:00]
- Enterprise-grade security as consumer products [12:4017]
- Products and services which help secure against attacks [13:30]
- Hardware keys for 2FA [15:23]
- How to set up a detection trap [16:25]
- Physical security improvements are also being consumerized [18:20]
Like I said, great budget ammo here and really interesting for a break. This is a great presentation, warmly recommended!
https://a16z.com/2020/02/20/the-new-attack-surface-is-your-life/?
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!
