Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

2016 Exceeds All Records in Numbers of Phishing Attacks

Year over year sustained growth in phishing campaigns produces yet another record number of attacks

The Anti-Phishing Working Group (APWG) observed that 2016 ended as the worst year for phishing in history. According to the APWG’s new Phishing Activity Trends Report, the total number of phishing attacks in 2016 was 1,220,523. This number represents the highest ever recorded, and fully a 65 percent increase over 2015.

Cisco: "Spam makes major comeback. Users are your last line of defense".

Whoa Nellie. Just when you thought that spam was on its way out, Cisco’s 2017 Annual Cybersecurity Report shows the opposite. Spam is making a surprising comeback as a threat to your network, and has become an important carrier of attacks like spear phishing, ransomware and bots.

This is Cisco's 10th annual report, they use their own routers to measure the spam volume and it shows that now 65% of all corporate email is spam. The new numbers show a tsunami in 2016.  In 2010, Cisco recorded around 5K spam messages being sent per second. Over the next 5 years that number was roughly 1.5K, spiking to about 2K for a short while in 2014, but in 2016 it moves up to more than 3K per second. 

New York DFS Cybersecurity Regulation FAQ And Security Awareness Training

In New York, a new cybersecurity regulatory regime will go into effect March 1st 2017. The proposed cybersecurity regulation, known as 23 NYCRR 500, has grabbed the attention of companies doing business in New York, and others who might be anticipating cybersecurity requirements in their own jurisdictions and/or industries.

Bad News: Your Antivirus Detection Rates Have Dramatically Declined In 12 Months

We all had the nagging suspicion that antivirus is not cutting it anymore, but the following numbers confirm your intuition. I have not seen more powerful ammo for IT security budget to transform your employees into an effective "last line of defense": a human firewall.

Download This Hacked App And Die - Literally.

In the WSJ of Dec 22, 2016 there is an article that hides the real headline. It talks about the research done by CrowdStrike which shows that the DNC hack was done by a hacker group known as Fancy Bear. This group works for the Russian military intelligence agency, known as the GRU, and was one of two Russian hacker outfits that stole emails from the DNC earlier this year.

The GRU was involved in the recent war in the Ukraine, and used Fancy Bear for a particulary devious hack. 

KnowBe4 Selected as SC Media 2017 Professional Award Finalist

KnowBe4, the world's most popular platform for new-school security awareness training was named a finalist in the SC Awards 2017 for exemplary professional leadership in cybersecurity.

KnowBe4 was acknowledged as Best IT Security-related Training Program in the Professional Award category of the SC Awards. Winners will be announced at the SC Awards 2017 ceremony to be held February 14, 2017 in San Francisco.

KnowBe4 Ranked Number 50 Fastest Growing Company in North America on Deloitte’s 2016 Technology Fast 500™

Some very good news!

Tampa Bay, FL November 16, 2016KnowBe4, provider of the world’s most popular platform for security awareness training and simulated phishing attacks, today announced it ranked #50 on Deloitte’s Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America. KnowBe4 grew 2,164 percent during this period.

Overall, 2016 Technology Fast 500™ companies achieved revenue growth ranging from 121 percent to 66,661 percent from 2012 to 2015, with median growth of 290 percent.

Yahoo Hack Triggers 'Material Adverse Change' Clause

The Wall Street Journal reported that Verizon's lawyers are looking at using the "material adverse clause' to renegotiate the terms of the $4.8 billion deal they struck on July. 

Verizon’s general counsel, Craig Silliman, said “we have a reasonable basis to believe right now that the impact is material.”

Would you say that losing your whole customer database is an adverse change? I would! Especially after you promise in your merger agreement that no security breach had taken place—and that no breaches will have occurred by the deal’s closing.  Yeah, right.

October Is The Time To Kill Old-School Security Awareness Training

CSO had an excellent article that states the case that you need to get rid of old-school awareness training which you do for compliance reasons only. Their photo illustration was funny as heck - I have it here:

Frederick Scholl said: "October is National Cyber Security Awareness Month. I am hoping you will join me in a national program to kill cybersecurity awareness training programs. I don’t know who came up with the concept of “security awareness training”, but it has reached the end of its utility and should be replaced with something else.

Funny Phishing Story: Your Online Order Receipt

A customer sent us this:

Hi, I wanted to share with you a funny story….


My boss calls me into her office, very serious like.  She sits me down and asks “Did you use the company credit card without authorization?” I am very confused, although I have access, I would not order anything without asking.  I am the only IT person at our workplace, so given the item “ordered”, she came to me.  So I said “No….what is it that you have a receipt for?”  ….and she shows me this…I nearly busted out laughing, but thought better of it and explained that this was a phishing message designed to get you freaked out and click.  Thankfully she came to me without clicking it, so the training is working, but gosh, some of these really come back to me haha!



Name withheld to protect the innocent

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews