blog-slider.jpg

KnowBe4

Security Awareness Training Blog


Keeping You Informed. Keeping You Aware.

mm-022018-1.jpg

Global Cyber Security Risk Perception: Highest Management Priorities

Few organizations are highly confident in their ability to manage the risk of a cyber-attack, despite viewing cybersecurity as a top risk management priority, according to a survey conducted by Marsh and Microsoft.

In the global survey of more than 1,300 senior executives, two-thirds ranked cybersecurity among their organizations’ top five risk management priorities – approximately double the response to a similar question Marsh asked in 2016.

ShawnTuma.png

WHAT IS “REASONABLE CYBER SECURITY” AND HOW DO COURTS VIEW IT?

Shawn Tuma is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas.

In two very short videos during SecureWorld interviews, he explains what the courts view as “Reasonable Cybersecurity” and what your organization needs to have in place. Take 3 minutes and watch these two videos. You are going to be glad you did, because they have fantastic ammo to get budget.

British-businesses-could-face-huge-fines-if-they-dont-shape-up-on-cyber-security

UK Warns Critical Industries to Boost Cyber Security or Face Hefty Fines

The UK government has warned that Britain's most critical industries must boost their cybersecurity or face potentially hefty fines under the EU's Networks and Information Systems Directive (NISD).
 

The warning comes less than four months before the deadline for the NISD, adopted by the EU on July 6, 2016, to be transposed into EU member states' national laws (May 9, 2018, which aligns with the date for GDPR enforcement).

Modern_WorkPlace.jpg

Microsoft Wakes Up To The Fact That Cyber Security Risk Is A Business Risk [VIDEO]

The 800-pound Redmond Gorilla asks: "Should your security focus be on systems or people?"

They wrote: "In the latest Modern Workplace episode, “Cyber Intelligence—The Human Element,” we look at how organizations not only need to look at their systems but also have to address the security threats that stem from the behavior of their own employees, who oftentimes are the source of cyber-attacks.

Password_Policy_Sufficient

Survey of 2600 IT Pros: "Password Procedures Still Are A Cyber Security Fail"

 

After the NIST passwords bombshell, we surveyed 2,600 IT professionals to find out how they were managing passwords. The answers show that IT Pros are generally receptive to the proposed pass phrase concept suggested by NIST.

NIST Special Publication 800-63B, “Digital Identity Guidelines,” states: “Many attacks associated with the use of passwords are not affected by password complexity and length. Keystroke logging, phishing, and social engineering attacks are equally effective on lengthy, complex passwords as simple ones. This means that password complexity has failed in practice." Verizon's latest Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords, supporting the NIST conclusion.

Graig_Reeds_Headshot.jpg

The Cyber Security Of Our Electricity Grid

Guest Blogger Craig Reeds commented on the safety of our Electricity Grid.

"Over the last couple of years, there has been a lot of discussion about the security of the electric grid. We hear stories about the power grid attack in the Ukraine and other possible dangers.

Here in the United States, things are not as insecure as they are in Europe. This is because we have NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) plan which is a set of requirements designed to secure the assets required for operating North America's bulk electric system, or Power Grid.

Tripwire-Black-Hat-USA-2017-Survey-768x582

Tripwire Black Hat Survey: "68% of Pros Felt Cyber Security Lacking After WannaCry & Petya Attacks"

 

Over two-thirds of Infosec Pros who were asked at Black Hat if they felt their organizations had made the necessary cyber security improvements since the WannaCry and Petya attacks earlier this year were negative according to new research by Tripwire.

Subscribe To Our Blog

Phish Your Users

Recent Posts




Get the latest about social engineering

Subscribe to CyberheistNews