Security Awareness News

What's in the news about security awareness? Take a look at some of the headline stories and hot topics that we've gathered. If you want to know more about a story, just click on the title and a new window will take you to the story's source.

Date	Topic	Source	Description
Feb. 14, 2013	Default passwords vulnerability exploited resulting in fake Emergency Alert System warning of zombie attacks	Reuters	Broadcasters were sent an urgent message by the FCC instructing them to change the default passwords on all Emergency Alert System equipment after hackers posted a zombie attack alert warning. Although no damage resulted from the hack, future attacks could prevent stations sending out real emergency alerts.
Jan. 18, 2013	Global Security Study recommends investing in information security training and awareness to address vulnerabilities	Deloitte Touche Tohmatsu Limited (DTTL)	The 2013 Technology, Media and Telecommunications Global Security Study by Deloitte "identified lack of employee awareness and third-party risks as top security vulnerabilities, suggests that TMT organizations should consider investing in information security training and awareness for their employees to help mitigate risks from new technologies."
Jan. 15, 2013	Phishing 59% higher in 2012 compared to 2011	Speaking of Security: The Official RSA Blog and Podcast	The number of phishing attacks in 2012 increased by 59%, according to the official blog of security company RSA. The projected impact of these phishing attacks was $1.5 billion dollars in fraud damages.
Dec. 07, 2012	Data breaches frequent in healthcare organizations	The Data Breach Press by ID Experts	The Third Annual Benchmark Study on Patient Privacy & Data Security by the Ponemon Institute found that not only did 94% of healthcare organizations experience at least one data breach in the last two years, 45% had more than five.
Oct. 1, 2012	White House victim of spear phishing attack	CNET News	A White House official confirmed that in September there was a successful spear phishing attack targeting the White House. Although an unclassified computer network was accessed, no classified networks were breached and no damage was done, according to the official.
Sep. 16, 2012	Security Mentor champions the National Cyber Security Awareness Month	StaySafeOnline.org	Every October is National Cyber Security Awareness Month (NCSAM). All around the world events are put on to help increase cyber security awareness. Visit the StaySafeOnline.org website (http://www.staysafeonline.org) to find events or learn how you can become involved.
Sep. 9, 2012	SMS phishing attacks rise 913%	Cloudmark	Did you receive the following SMS message? "Fwd: Good Afternoon. Attention Required" If you did you aren't alone. In the first week of September (2012), SMS phishing attacks were up 913% with 500 unique attacks. The goal -- innovative new ploys to get people to reveal their sensitive bank and credit card information.
Sep. 5, 2012	One-third have lost or had their stolen mobile phones stolen	PEW Internet	Nearly a third of all mobile users had their device lost or stolen. And 15% had their private data accessed. The study further found that loss or theft was highest among younger users (18-24 years old), but otherwise results were fairly consistent across different types of mobile users.
Aug. 21, 2012	Passwords have never been weaker according to Ars Technica article	Ars Technica	In depth article describing why passwords are weaker today than ever before. Topics discussed include the proliferation of reused, easily broken passwords, password exposure due to website breaches, how some web sites are inadequately protecting user's passwords, and the success of password crackers.
Aug. 7, 2012	19% Increase in Data Breaches Reports GAO	Federal Times	The Government Accountability Office (GAO) reported to the United States Senate that federal data breaches of personally identifiable information increased almost 20% in 2011.
Mar. 20, 2012	Negligent insiders responsible for 39% of data breaches	Symantec	Negligent insiders were responsible for 39% of all data breaches according to businesses interviewed in the "2011 Cost of Data Breach Study: United States" Symantec-sponsored report by the Ponemon Institute.
Feb. 16, 2012	Identity theft and phishing lead IRS tax scams for 2012	United States Internal Revenue Service	Each year the U.S. Internal Revenue Service issues a list of the top tax scams for the year called the "Dirty Dozen". For 2012, identity theft is the top scam, followed by phishing. In 2011, the IRS stopped more than $1.4 billion dollars from being stolen by identity thieves. The IRS reminds tax payers that it "does not initiate contact with taxpayers by email or request personal or financial information".
Feb. 13, 2012	PHI data breaches increased 97% in 2011; security awareness best vaccination according to Redspin	Redspin	Data breaches of protected health information (PHI) increased 97% in 2011 and have reached epidemic portions according to Redspin, a provider of penetration testing services and IT security audits. In their Breach Report 2011, Redspin examined 385 breached of PHI affecting 19 million records. The ending conclusion of the report: "Lastly, there is no better vaccination against a data breach than improving the security awareness of healthcare workers."
Jan. 18, 2012	Dr. Hugh Thompson discusses why the need for security awareness is bigger than ever.	Help Net Security	Dr. Hugh Thompson, Program Committee Chair for RSA Conferences and Chief Security Strategist, spoke in a Help Net Security podcast about why the need for security awareness is now bigger than ever. Dr. Thompson states "security is coming more and more down to the little decisions that every single employee makes every single day". He goes on to discuss the importance of security awareness training actively engaging users and the burden on information security professionals for education.
Dec. 29, 2011	Smartphone users aren't worried about cyber-crime, and fail to use security software and data protection according to McAfee and NCSA.	eWeek.com	Seventy percent of smartphone users incorrectly think that their phones are safe from cyber attacks, moreover 70% never installed any security software or data protection, this according to a consumer-oriented report from the National Cyber-Security Alliance and McAfee.

Date

Topic

Source

Description

Feb. 14, 2013

Default passwords vulnerability exploited resulting in fake Emergency Alert System warning of zombie attacks

Reuters

Broadcasters were sent an urgent message by the FCC instructing them to change the default passwords on all Emergency Alert System equipment after hackers posted a zombie attack alert warning. Although no damage resulted from the hack, future attacks could prevent stations sending out real emergency alerts.

Jan. 18, 2013

Global Security Study recommends investing in information security training and awareness to address vulnerabilities

Deloitte Touche Tohmatsu Limited (DTTL)

The 2013 Technology, Media and Telecommunications Global Security Study by Deloitte "identified lack of employee awareness and third-party risks as top security vulnerabilities, suggests that TMT organizations should consider investing in information security training and awareness for their employees to help mitigate risks from new technologies."

Jan. 15, 2013

Phishing 59% higher in 2012 compared to 2011

Speaking of Security: The Official RSA Blog and Podcast

The number of phishing attacks in 2012 increased by 59%, according to the official blog of security company RSA. The projected impact of these phishing attacks was $1.5 billion dollars in fraud damages.

Dec. 07, 2012

Data breaches frequent in healthcare organizations

The Data Breach Press by ID Experts

The Third Annual Benchmark Study on Patient Privacy & Data Security by the Ponemon Institute found that not only did 94% of healthcare organizations experience at least one data breach in the last two years, 45% had more than five.

Oct. 1, 2012

White House victim of spear phishing attack

CNET News

A White House official confirmed that in September there was a successful spear phishing attack targeting the White House. Although an unclassified computer network was accessed, no classified networks were breached and no damage was done, according to the official.

Sep. 16, 2012

Security Mentor champions the National Cyber Security Awareness Month

StaySafeOnline.org

Every October is National Cyber Security Awareness Month (NCSAM). All around the world events are put on to help increase cyber security awareness. Visit the StaySafeOnline.org website (http://www.staysafeonline.org) to find events or learn how you can become involved.

Sep. 9, 2012

SMS phishing attacks rise 913%

Cloudmark

Did you receive the following SMS message? "Fwd: Good Afternoon. Attention Required" If you did you aren't alone. In the first week of September (2012), SMS phishing attacks were up 913% with 500 unique attacks. The goal -- innovative new ploys to get people to reveal their sensitive bank and credit card information.

Sep. 5, 2012

One-third have lost or had their stolen mobile phones stolen

PEW Internet

Nearly a third of all mobile users had their device lost or stolen. And 15% had their private data accessed. The study further found that loss or theft was highest among younger users (18-24 years old), but otherwise results were fairly consistent across different types of mobile users.

Aug. 21, 2012

Passwords have never been weaker according to Ars Technica article

Ars Technica

In depth article describing why passwords are weaker today than ever before. Topics discussed include the proliferation of reused, easily broken passwords, password exposure due to website breaches, how some web sites are inadequately protecting user's passwords, and the success of password crackers.

Aug. 7, 2012

19% Increase in Data Breaches Reports GAO

Federal Times

The Government Accountability Office (GAO) reported to the United States Senate that federal data breaches of personally identifiable information increased almost 20% in 2011.

Mar. 20, 2012

Negligent insiders responsible for 39% of data breaches

Symantec

Negligent insiders were responsible for 39% of all data breaches according to businesses interviewed in the "2011 Cost of Data Breach Study: United States" Symantec-sponsored report by the Ponemon Institute.

Feb. 16, 2012

Identity theft and phishing lead IRS tax scams for 2012

United States Internal Revenue Service

Each year the U.S. Internal Revenue Service issues a list of the top tax scams for the year called the "Dirty Dozen". For 2012, identity theft is the top scam, followed by phishing. In 2011, the IRS stopped more than $1.4 billion dollars from being stolen by identity thieves. The IRS reminds tax payers that it "does not initiate contact with taxpayers by email or request personal or financial information".

Feb. 13, 2012

PHI data breaches increased 97% in 2011; security awareness best vaccination according to Redspin

Redspin

Data breaches of protected health information (PHI) increased 97% in 2011 and have reached epidemic portions according to Redspin, a provider of penetration testing services and IT security audits. In their Breach Report 2011, Redspin examined 385 breached of PHI affecting 19 million records. The ending conclusion of the report: "Lastly, there is no better vaccination against a data breach than improving the security awareness of healthcare workers."

Jan. 18, 2012

Dr. Hugh Thompson discusses why the need for security awareness is bigger than ever.

Help Net Security

Dr. Hugh Thompson, Program Committee Chair for RSA Conferences and Chief Security Strategist, spoke in a Help Net Security podcast about why the need for security awareness is now bigger than ever. Dr. Thompson states "security is coming more and more down to the little decisions that every single employee makes every single day". He goes on to discuss the importance of security awareness training actively engaging users and the burden on information security professionals for education.

Dec. 29, 2011

Smartphone users aren't worried about cyber-crime, and fail to use security software and data protection according to McAfee and NCSA.

eWeek.com

Seventy percent of smartphone users incorrectly think that their phones are safe from cyber attacks, moreover 70% never installed any security software or data protection, this according to a consumer-oriented report from the National Cyber-Security Alliance and McAfee.