Whoa Nellie. Just when you thought that spam was on its way out, Cisco’s 2017 Annual Cybersecurity Report shows the opposite. Spam is making a surprising comeback as a threat to your network, and has become an important carrier of attacks like spear phishing, ransomware and bots.
This is Cisco's 10th annual report, they use their own routers to measure the spam volume and it shows that now 65% of all corporate email is spam. The new numbers show a tsunami in 2016. In 2010, Cisco recorded around 5K spam messages being sent per second. Over the next 5 years that number was roughly 1.5K, spiking to about 2K for a short while in 2014, but in 2016 it moves up to more than 3K per second.
In New York, a new cybersecurity regulatory regime will go into effect March 1st 2017. The proposed cybersecurity regulation, known as 23 NYCRR 500, has grabbed the attention of companies doing business in New York, and others who might be anticipating cybersecurity requirements in their own jurisdictions and/or industries.
We all had the nagging suspicion that antivirus is not cutting it anymore, but the following numbers confirm your intuition. I have not seen more powerful ammo for IT security budget to transform your employees into an effective "last line of defense": a human firewall.
In the WSJ of Dec 22, 2016 there is an article that hides the real headline. It talks about the research done by CrowdStrike which shows that the DNC hack was done by a hacker group known as Fancy Bear. This group works for the Russian military intelligence agency, known as the GRU, and was one of two Russian hacker outfits that stole emails from the DNC earlier this year.
The GRU was involved in the recent war in the Ukraine, and used Fancy Bear for a particulary devious hack.
KnowBe4, the world's most popular platform for new-school security awareness training was named a finalist in the SC Awards 2017 for exemplary professional leadership in cybersecurity.
KnowBe4 was acknowledged as Best IT Security-related Training Program in the Professional Award category of the SC Awards. Winners will be announced at the SC Awards 2017 ceremony to be held February 14, 2017 in San Francisco.
Some very good news!
Tampa Bay, FL — November 16, 2016 — KnowBe4, provider of the world’s most popular platform for security awareness training and simulated phishing attacks, today announced it ranked #50 on Deloitte’s Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America. KnowBe4 grew 2,164 percent during this period.
Overall, 2016 Technology Fast 500™ companies achieved revenue growth ranging from 121 percent to 66,661 percent from 2012 to 2015, with median growth of 290 percent.
The Wall Street Journal reported that Verizon's lawyers are looking at using the "material adverse clause' to renegotiate the terms of the $4.8 billion deal they struck on July.
Verizon’s general counsel, Craig Silliman, said “we have a reasonable basis to believe right now that the impact is material.”
Would you say that losing your whole customer database is an adverse change? I would! Especially after you promise in your merger agreement that no security breach had taken place—and that no breaches will have occurred by the deal’s closing. Yeah, right.
CSO had an excellent article that states the case that you need to get rid of old-school awareness training which you do for compliance reasons only. Their photo illustration was funny as heck - I have it here:
Frederick Scholl said: "October is National Cyber Security Awareness Month. I am hoping you will join me in a national program to kill cybersecurity awareness training programs. I don’t know who came up with the concept of “security awareness training”, but it has reached the end of its utility and should be replaced with something else.
A customer sent us this:
Hi, I wanted to share with you a funny story….
My boss calls me into her office, very serious like. She sits me down and asks “Did you use the company credit card without authorization?” I am very confused, although I have access, I would not order anything without asking. I am the only IT person at our workplace, so given the item “ordered”, she came to me. So I said “No….what is it that you have a receipt for?” ….and she shows me this…I nearly busted out laughing, but thought better of it and explained that this was a phishing message designed to get you freaked out and click. Thankfully she came to me without clicking it, so the training is working, but gosh, some of these really come back to me haha!
Name withheld to protect the innocent