Security Awareness News

What's in the news about security awareness? Take a look at some of the headline stories and hot topics that we've gathered. If you want to know more about a story, just click on the title and a new window will take you to the story's source.

Date	Title	Source	Description
January 18, 2012	Dr. Hugh Thompson discusses why the need for security awareness is bigger than ever.	Help Net Security	Dr. Hugh Thompson, Program Committee Chair for RSA Conferences and Chief Security Strategist, spoke in a Help Net Security podcast about why the need for security awareness is now bigger than ever. Dr. Thompson states "security is coming more and more down to the little decisions that every single employee makes every single day". He goes on to discuss the importance of security awareness training actively engaging users and the burden on information security professionals for education.
December 29, 2012	Smartphone users aren't worried about cyber-crime, and fail to use security software and data protection according to McAfee and NCSA.	eWeek.com	Seventy percent of smartphone users incorrectly think that their phones are safe from cyber attacks, moreover 70% never installed any security software or data protection, this according to a consumer-oriented report from the National Cyber-Security Alliance and McAfee.
December 15, 2011	Recycled smartphones are dumpster diver's goldmine	Dark Reading	Refurbished smartphones leak customer data despite previous owners' attempts to wipe them clean, even if factory reset has been performed. Device destruction may be the only complete consistent solution.
November 3, 2011	Training and awareness essential defense against foreign economic collection and espionage	Office of the National Counterintelligence Executive (ONCIX)	The Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011, prepared by the Office of the National Counterintelligence Executive (ONCIX), recommends training and awareness as a key measure to counter economic espionage in cyberspace: "Expanding our national education and awareness campaign aimed at individuals and corporations is an essential defensive strategy for countering threats from cyber-enabled economic collection and espionage."
October 5, 2011	Why the quality of security education matters	Infosecurity magazine	Quality matters in security education: best-in-class security awareness programs reduce the average propensity for insecure behavior down to 12%, while in "lagging" organizations it's as high as 40% (Infosecurity magazine, Sep/Oct 2011)
September 30, 2011	Defense contractor SAIC reported 5 million unencrypted healthcare records stolen from an employee's parked car	SC Magazine Australian Edition	Defense contractor Science Applications International Corp. (SAIC) reported that backup tapes containing the health records of 5 million TRICARE beneficiaries were stolen from an employee's parked car. The data breach includes Social Security numbers, addresses, clinical notes, and prescriptions. According to the SC Magazine article, SAIC said the data was unencrypted because it lacked the capability to meet US Government encryption standards.
September 19, 2011	Clickjacking scam on Facebook gets clicks through fake news story on Lady Gaga's death	nakedsecurity by Sophos	A new scam hit Facebook users with a breaking news story claiming that Lady Gaga had died. But according to security provider Sophos, this is just another clickjacking attack. Click on the message link and you end up on a fake BBC website. Click the site's video, and now you have "liked" the story on your Facebook page. Users who think they have fallen for a clickjacking attack are advised to immediately scan their computer for malware, and also to remove the message and likes from their Facebook page.
September 8, 2011	October is National Cyber Security Awareness Month	StaySafeOnline.org	October is National Cyber Security Awareness Month (NCSAM). This is a great time to get the message out about the importance of security awareness. Visit the National Cyber Security Alliance (NCSA) to see a calendar of the events scheduled across the United States, including the NCSA Launch Event in Michigan. Speakers include Secretary of Homeland Security Janet Napolitano, White House Cybersecurity Coordinator and Special Assistant to the President Howard Schmidt, Michigan Governor Rick Snyder, and Congressman John Dingell.
September 01, 2011	Student security awareness contest video winners now available on YouTube and Facebook	EDUCASE	EDUCASE, a nonprofit association dedicated to advancing higher education, together with Internet2, CyberWatch and the National Cyber Security Alliance (NCSA) held its sixth annual security awareness video contest in 2011. Videos of contest winners are now available on YouTube and Facebook.
August 31, 2011	Phishing attacks reach new record in July 2011	RSA Online Fraud Reports	The number of phishing attacks per month reached a new record high of 25,191 in July 2011, according to the RSA Monthly Online Fraud Report -- August 2011.
August 31, 2011	IT security incidents caused by well-meaning insiders is second greatest concern to companies	Symantec Official Blog	Symantec released findings from the 2011 State of Security Survey compiled from 3,300 responses from 36 countries. While cyber attacks by hackers remain the greatest concern, the second greatest concern is "IT Security incidents caused by well-meaning insiders".
August 29, 2011	Surge in vishing (telephone phishing) calls in Oregon	Oregon Department of Justice	Oregon has seen a surge in complaints about telephone callers pretending to be from Wells Fargo Bank. Calls tell consumers that they need to provide their debit card number to unlock their debit cards. Consumers are reminded to "never respond to phone calls or emails soliciting personal information" and to make sure they have up to date anti-virus software.
August 02, 2011	Security awareness training best practices not being met	SC Magazine UK	Seventy-seven percent of companies failed to perform quarterly security awareness training according to a survey by Venafi, an Enterprise Key and Certificate Management solution provider (EKCM), and Echelon One, an IT security research provider.
July 19, 2011	Search patterns are indicative of computers infected with malware	Google Online Security Blog	Google discovered unusual patterns of activity when examining search traffic and determined computers exhibiting this behavior were infected with malware. For users conducting these searches, they will see a the following notice displayed at the top of their search results page: "Your computer appears to be infected"

Date

Title

Source

Description

January 18, 2012

Dr. Hugh Thompson discusses why the need for security awareness is bigger than ever.

Help Net Security

Dr. Hugh Thompson, Program Committee Chair for RSA Conferences and Chief Security Strategist, spoke in a Help Net Security podcast about why the need for security awareness is now bigger than ever. Dr. Thompson states "security is coming more and more down to the little decisions that every single employee makes every single day". He goes on to discuss the importance of security awareness training actively engaging users and the burden on information security professionals for education.

December 29, 2012

Smartphone users aren't worried about cyber-crime, and fail to use security software and data protection according to McAfee and NCSA.

eWeek.com

Seventy percent of smartphone users incorrectly think that their phones are safe from cyber attacks, moreover 70% never installed any security software or data protection, this according to a consumer-oriented report from the National Cyber-Security Alliance and McAfee.

December 15, 2011

Recycled smartphones are dumpster diver's goldmine

Dark Reading

Refurbished smartphones leak customer data despite previous owners' attempts to wipe them clean, even if factory reset has been performed. Device destruction may be the only complete consistent solution.

November 3, 2011

Training and awareness essential defense against foreign economic collection and espionage

Office of the National Counterintelligence Executive (ONCIX)

The Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011, prepared by the Office of the National Counterintelligence Executive (ONCIX), recommends training and awareness as a key measure to counter economic espionage in cyberspace: "Expanding our national education and awareness campaign aimed at individuals and corporations is an essential defensive strategy for countering threats from cyber-enabled economic collection and espionage."

October 5, 2011

Why the quality of security education matters

Infosecurity magazine

Quality matters in security education: best-in-class security awareness programs reduce the average propensity for insecure behavior down to 12%, while in "lagging" organizations it's as high as 40% (Infosecurity magazine, Sep/Oct 2011)

September 30, 2011

Defense contractor SAIC reported 5 million unencrypted healthcare records stolen from an employee's parked car

SC Magazine Australian Edition

Defense contractor Science Applications International Corp. (SAIC) reported that backup tapes containing the health records of 5 million TRICARE beneficiaries were stolen from an employee's parked car. The data breach includes Social Security numbers, addresses, clinical notes, and prescriptions. According to the SC Magazine article, SAIC said the data was unencrypted because it lacked the capability to meet US Government encryption standards.

September 19, 2011

Clickjacking scam on Facebook gets clicks through fake news story on Lady Gaga's death

nakedsecurity by Sophos

A new scam hit Facebook users with a breaking news story claiming that Lady Gaga had died. But according to security provider Sophos, this is just another clickjacking attack. Click on the message link and you end up on a fake BBC website. Click the site's video, and now you have "liked" the story on your Facebook page. Users who think they have fallen for a clickjacking attack are advised to immediately scan their computer for malware, and also to remove the message and likes from their Facebook page.

September 8, 2011

October is National Cyber Security Awareness Month

StaySafeOnline.org

October is National Cyber Security Awareness Month (NCSAM). This is a great time to get the message out about the importance of security awareness. Visit the National Cyber Security Alliance (NCSA) to see a calendar of the events scheduled across the United States, including the NCSA Launch Event in Michigan. Speakers include Secretary of Homeland Security Janet Napolitano, White House Cybersecurity Coordinator and Special Assistant to the President Howard Schmidt, Michigan Governor Rick Snyder, and Congressman John Dingell.

September 01, 2011

Student security awareness contest video winners now available on YouTube and Facebook

EDUCASE

EDUCASE, a nonprofit association dedicated to advancing higher education, together with Internet2, CyberWatch and the National Cyber Security Alliance (NCSA) held its sixth annual security awareness video contest in 2011. Videos of contest winners are now available on YouTube and Facebook.

August 31, 2011

Phishing attacks reach new record in July 2011

RSA Online Fraud Reports

The number of phishing attacks per month reached a new record high of 25,191 in July 2011, according to the RSA Monthly Online Fraud Report -- August 2011.

August 31, 2011

IT security incidents caused by well-meaning insiders is second greatest concern to companies

Symantec Official Blog

Symantec released findings from the 2011 State of Security Survey compiled from 3,300 responses from 36 countries. While cyber attacks by hackers remain the greatest concern, the second greatest concern is "IT Security incidents caused by well-meaning insiders".

August 29, 2011

Surge in vishing (telephone phishing) calls in Oregon

Oregon Department of Justice

Oregon has seen a surge in complaints about telephone callers pretending to be from Wells Fargo Bank. Calls tell consumers that they need to provide their debit card number to unlock their debit cards. Consumers are reminded to "never respond to phone calls or emails soliciting personal information" and to make sure they have up to date anti-virus software.

August 02, 2011

Security awareness training best practices not being met

SC Magazine UK

Seventy-seven percent of companies failed to perform quarterly security awareness training according to a survey by Venafi, an Enterprise Key and Certificate Management solution provider (EKCM), and Echelon One, an IT security research provider.

July 19, 2011

Search patterns are indicative of computers infected with malware

Google Online Security Blog

Google discovered unusual patterns of activity when examining search traffic and determined computers exhibiting this behavior were infected with malware. For users conducting these searches, they will see a the following notice displayed at the top of their search results page: "Your computer appears to be infected"