blog-slider.jpg

KnowBe4

Security Awareness Training Blog


Keeping You Informed. Keeping You Aware.

Many of us will be at the RSA Conference in SanFran this week. Here are some quick tips!

Many of us will be at the RSA Conference in SanFran this week. Here are some quick tips!

Lance Spitzner said:

  1. Eat breakfast, it may be the last meal you get that day.
  2. Schedule the most important meetings in the morning.
  3. RSA gives you a back-pack. Don't use it at the con, there will be 35,000+ back-packs just like yours.
  4. Comfortable shoes

Here are a few more:

  1. Bring your own reusable water bottle and stay hydrated
  2. Comfortable clothes with those shoes!
  3. Extra pair of socks in your ruck
  4. Power down your phone and bring a burner instead with a cheap SIM card from the airport.
Best-Funded US Cyber Security Startups By State [InfoGraphic]

Best-Funded US Cyber Security Startups By State [InfoGraphic]

We were just made aware of this very interesting map created by CBInsights. It lists the most well-funded cyber security companies in each US State as of Feb 2, 2018. To our pleasant surprise, KnowBe4 is the best-funded startup in Florida! Here is the map. Click on the picture (or here) for a larger version.

The Malicious Use of Artificial Intelligence in Cyber Security

The Malicious Use of Artificial Intelligence in Cyber Security

Kevin Townsend wrote a great article about AI in SecurityWeek, looking at the current state of affairs and the expected near future, based on a recent important scientific paper titled: "The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation.

Accenture Cyber Security Survey: 18% of Health Employees Would Sell Confidential Data

Accenture Cyber Security Survey: 18% of Health Employees Would Sell Confidential Data

Those who said they were willing to sell the data would do so for as little as between $500 and $1,000.

Alexandia Wilson at HealthLeadersMedia had some disconcerting news. "Patients trust their healthcare providers to keep their data safe, but according to a new survey, that trust might sometimes be misplaced.

The Accenture survey found that nearly one in five health employees (18%) said they would be willing to sell confidential data to unauthorized parties. In fact, the respondents who said they were willing to sell the data would do so for as little as between $500 and $1,000.

Insider Trading Can Pose Cyber Security Risks Says SEC Chair Clayton

Insider Trading Can Pose Cyber Security Risks Says SEC Chair Clayton

Securities and Exchange Commission Chair Jay Clayton warned today insider trading by executives from undisclosed hacks and weak protections can pose cyber security risks to the reputation of a company.
 

Clayton’s warning came with the unveiling of new SEC cyber guidance approved by the Commission Tuesday.

“Companies are well served by considering the ramifications of directors, officers, and other corporate insiders trading in advance of disclosures regarding cyber incidents that prove to be material,” said the Commission in the guidance.

The Commission cautioned firms that failure to disclose cybersecurity risks or incidents adequately could put them in danger of running afoul of anti-fraud laws.

Global Cyber Security Risk Perception: Highest Management Priorities

Global Cyber Security Risk Perception: Highest Management Priorities

Few organizations are highly confident in their ability to manage the risk of a cyber-attack, despite viewing cybersecurity as a top risk management priority, according to a survey conducted by Marsh and Microsoft.

In the global survey of more than 1,300 senior executives, two-thirds ranked cybersecurity among their organizations’ top five risk management priorities – approximately double the response to a similar question Marsh asked in 2016.

WHAT IS “REASONABLE CYBER SECURITY” AND HOW DO COURTS VIEW IT?

WHAT IS “REASONABLE CYBER SECURITY” AND HOW DO COURTS VIEW IT?

Shawn Tuma is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas.

In two very short videos during SecureWorld interviews, he explains what the courts view as “Reasonable Cybersecurity” and what your organization needs to have in place. Take 3 minutes and watch these two videos. You are going to be glad you did, because they have fantastic ammo to get budget.

UK Warns Critical Industries to Boost Cyber Security or Face Hefty Fines

UK Warns Critical Industries to Boost Cyber Security or Face Hefty Fines

The UK government has warned that Britain's most critical industries must boost their cybersecurity or face potentially hefty fines under the EU's Networks and Information Systems Directive (NISD).
 

The warning comes less than four months before the deadline for the NISD, adopted by the EU on July 6, 2016, to be transposed into EU member states' national laws (May 9, 2018, which aligns with the date for GDPR enforcement).

Microsoft Wakes Up To The Fact That Cyber Security Risk Is A Business Risk [VIDEO]

Microsoft Wakes Up To The Fact That Cyber Security Risk Is A Business Risk [VIDEO]

The 800-pound Redmond Gorilla asks: "Should your security focus be on systems or people?"

They wrote: "In the latest Modern Workplace episode, “Cyber Intelligence—The Human Element,” we look at how organizations not only need to look at their systems but also have to address the security threats that stem from the behavior of their own employees, who oftentimes are the source of cyber-attacks.

Survey of 2600 IT Pros:

Survey of 2600 IT Pros: "Password Procedures Still Are A Cyber Security Fail"

 

After the NIST passwords bombshell, we surveyed 2,600 IT professionals to find out how they were managing passwords. The answers show that IT Pros are generally receptive to the proposed pass phrase concept suggested by NIST.

NIST Special Publication 800-63B, “Digital Identity Guidelines,” states: “Many attacks associated with the use of passwords are not affected by password complexity and length. Keystroke logging, phishing, and social engineering attacks are equally effective on lengthy, complex passwords as simple ones. This means that password complexity has failed in practice." Verizon's latest Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords, supporting the NIST conclusion.

Subscribe To Our Blog

Phish Your Users

Recent Posts




Get the latest about social engineering

Subscribe to CyberheistNews