For security, your session has timed out. Please sign in again.

Your session will expire in approximately 5 minutes. Click "Continue" to keep your account active or "Close" to end your session now.

Choose your preferred training language

Home >

Security Awareness News

What's in the news about security awareness? Take a look at some of the headline stories and hot topics that we've gathered. If you want to know more about a story, just click on the title and a new window will take you to the story's source.

Date Topic Source Description
February 13, 2019 SMBs spending a day each week dealing with cybersecurity issues Small businesses in the UK are impacted by security events online every single day. And yet, much more can be done to proactively address cyber problems. Security awareness training can’t be a tick-box activity for SMBs. It needs to be continual so cybersecurity stays top-of-mind and user error is minimized.
February 8, 2019 7 reasons why cybersecurity awareness training for finance staff is important Accountancy Age Why is cybersecurity training so important – especially for finance staff? It is everyone’s duty and responsibility to keep themselves and their devices safe from cyberattacks – but recent attacks have focused on staff that run the accounts. Here are seven great points to consider about cybersecurity training for finance staff – from phishing scams to data breaches to password checks.
January 28, 2019 Security Pros Are Looking for Some Serious Respect Dice News Security pros need to build trusted relationships with business executives to show the value of security. Executive cyber awareness requires an understanding the business and the respect of those same executives. This article shows how to get to the next level of executive buy-in for security.
January 21, 2019 10 takeaways on training employees to strengthen cybersecurity New Orleans City Business 2018 study by the Ponemon Institute reports that 27 percent of data breaches are caused by workforce error and negligent employees. Here are ten item that are proven to help, like training all employees, start from day one on the job and train employees to deal with incidents. Training must also adapt to new laws, and the ever-changing cyberthreat environment.
January 20, 2019 Corporate Best Practices in Security Awareness and Training Programs Government Technology Magazine Lear Corporation is a leading global supplier of automotive seating systems and electrical systems. And Lear executives, staff and contractors also understand the importance of cybersecurity. CISO Earl Duby shows us how that works so well at Lear. As a Security Mentor customer, they show how a well-run security awareness program can produce global security results that change culture for the better.
January 16, 2019 As States Lag on Cyber Training, Agencies Are Fertile Phishing Grounds (Stateline) Unlike lots of companies, many states don’t require training for every staffer, although nearly every state offers it, according to the National Conference of State Legislatures (NCSL). Here are the reasons that are given as well as the clear problems that must be addressed. Put simply, state governments must do better and provide mandatory security awareness training.
January 10, 2019 How to Buy a Security Awareness Training Program Security Boulevard Building a successful security awareness training programs require discipline and an effective repeatable process. This article walks you through the steps from getting the management buy-in and budget to the testing of employees with phishing simulations programs.
December 14, 2018 Facebook reveals bug exposed 6.8 million users' photos CNN Millions of personal photos were vulnerable to hackers as a result of a Facebook bug. Photos that users started to upload to Facebook but did not post could have been accessed, along with images posted to Facebook Stories.

Facebook said they were investigating the details, so they waited to inform the public.
December 12, 2018 The Marriott data breach exposes a wider, potentially more nefarious cyberthreat Washington Post Marriott’s data breach, which happened over 4 years, is different than others.

A huge data breach at a global hotel chain can release passport numbers, birth dates, cellphone numbers, hotel arrival and departure dates — a mountain of personal information that is less useful to common cybercriminals than it might be to a nation-state interested in monitoring certain individuals it deems “of interest.”
December 11, 2018 #2018InReview Security Culture InfoSecurity Magazine This was a year when the “people problems” with enterprise security received much more attention. Some new developments included:
  • Greater availability of information on how to measure and demonstrate cultural change in organizations;
  • More discussion and higher focus on the relevance and meaningfulness of different metrics;
  • Improved reporting tools available from security awareness training vendors and other providers;
  • Training content based on employees’ skills and knowledge.
December 6, 2018 55% of Companies Don't Offer Mandatory Security Awareness Training Dark Reading A new survey found that just 45% of organizations provide employees mandatory, formal cybersecurity training; another 10% give optional training. One-fourth of respondents are not aware of cyberthreats such as phishing, and many 69% use work devices for non-work purposes, such as holiday shopping.
November 16, 2018 How to effectively build a security awareness program for your organization Software Development Times A panel at the North American Infosecurity Conference discussed key success factors in security awareness for enterprises. Key points discussed included role based responses and training on phishing and other commonly experienced problems in enterprises.

The discussion also highlighted differences within corporate and university needs.
November 15, 2018 Survey Reveals Employees Are Unaware of Travel-Related Cybersecurity Threats; Lack Security Awareness Training Business Wire The Ponemon Institute reported that the negligent actions of employees caused 64 percent of all insider threat incidents in the past 12 months – even without malicious intent. Employees put corporate data at risk when traveling, and they are unaware of steps that could help them reduce risk to corporate data.
November 13, 2018 Why Australian enterprises are prime targets for malware attacks IT (Australia) Only a small percentage (about 14%) of Australian companies provide continued security awareness training for staff. Training that is offered is often boring and not relevant. These trends weaken enterprises and allow more cyberthreats to lead to security incidents. What is needed is better engagement with employees – with a focus on practical targeted training that changes behaviors.
November 7, 2018 Remember: It’s not all about the 1s and 0s CSO Magazine Computers can be stolen. Unauthorized people can get into workplaces. Employees can leave, taking proprietary software. These are just a few of the physical aspects of the security culture inside organizations. A good security awareness training can help.
October 29, 2018 Getting Buy-in for your security awareness program Security Boulevard There are several strategies that can show the value of security awareness programs. From showing staff incidents that have happened (like ransomware attacks) to demonstrating social engineering techniques. Also, there is an emotional side to security training, so making the training fun can also help.
October 17, 2018 9 in 10 Orgs Don't Have Desired Security Culture InfoSec Magazine In a recent survey by ISACA and CMMI Institute, approximately 90% of organizations identified a gap between their existing security culture and the cybersecurity culture that they hope to have one day.

The biggest gaps were in the ability to mitigate both internal and external cyberthreats. Many companies are not effectively getting the message out to all employees that their roles are vital to protecting information.
October 4, 2018 October is National Cybersecurity Awareness Month: How secure are you? The University of Kansas (KU Online) Nearly 7 million records are stolen every day, but your actions can help protect sensitive data. There are many steps you can take, including:
  • Use complex passwords.
  • Don’t reuse passwords on multiple websites, and don’t share your passwords.
  • Use two-factor or multifactor authentication.
  • Make sure when surfing the web that you are on a secure site (look for https://, a lock icon or the word “secure” in your browser search bar).
  • Consider encrypting your computer’s hard drive.
September 30, 2018 Public Libraries Hosting Cyber Security Programs Big Island Now (ISC)2 is partnering with public libraries in Hawaii to teach “safe and secure” cyber awareness training programs to citizens. “Educating our community about cyber security issues and how to protect themselves in our technology-driven world is vital,” said State Librarian Stacey Aldrich.

The one hour program covers malware protection, passwords, wifi usage, online shopping and banking, scams, safe email habits, phishing, data backup and social media.
September 25, 2018 6 exciting activity ideas for Cybersecurity Awareness Month Have a quiz night, go on a data hunt or offer a fake phishing attack via email. These are just three of six good ideas to consider for National Cyber Security Awareness Month. The most important thing is to help your staff improve their understanding and take action.
September 10, 2018 Rating themselves, more infosec pros think their security posture is improving IT World Canada In a wide-ranging survey on cybersecurity, some interesting results were found. “Five percent more organizations plan to step-up security awareness training in the coming year than did last year, and the number of those that intend to skip training initiatives decreased by half from 2017. …” The findings also highlighted the reality that everyone needs to improve and grow in their knowledge and skills.
August 27, 2018 The Importance of Cyber Security Awareness Training Legal Talk Network (podcast) There are many essential aspects to security awareness programs, but the most important thing is that you have one. Almost 80% of law firms since 2011 have experienced some type of data breach, so it is imperative to highlight the importance of this topic to teams. This podcast covers numerous issues from passwords to phishing to lunch discussions with law firm teams.
August 23, 2018 6 Reasons Security Awareness Programs Go Wrong Dark Reading Getting too technical with management, not getting middle management buy-in and not applying security to personal lives are three of the six reasons that security awareness programs fail, according to this article. Some good tips on pitfalls with enterprise cyber programs, including not properly preparing for the rollout.
August 21, 2018 How to gauge the effectiveness of security awareness programs Dark Reading Ira Winkler clarified his recent article in Dark Reading, reinforcing his belief that security awareness programs are important and helpful. He emphasizes the role of governance and following through on specific role-based process for employees.
August 13, 2018 Butlins Breach Information Security Following news of the Butlins data breach, experts commented on what might have helped avoid the bad situation. Several experts thought an effective security awareness training program may have prevented the breach.
July 31, 2018 End user security awareness training is a must have End users are a weak point in enterprise security. End users are especially vulnerable to security attacks because they think they know enough about the internet to not fall for phishing or password tricks, and that the cyberattacks they see in the news couldn't possibly happen to them.

The best training is not by IT staff and includes gamification and intriguing, interactive content.
July 29, 2018 The Fundamental STRENGTH in Effective Security Awareness Programs Government Technology Magazine Ira Winkler recently published an article in Dark Reading that highlights several flaws in many security awareness programs. While these concerns are real, they can be addressed in effective security awareness training programs. When the right security awareness program is deployed, such as Security Mentor’s game-based, brief frequent, focused awareness program, the results are a positive security culture change and a more secure overall security posture.
July 13, 2018 How to test and measure the effectiveness of your security awareness program Security Boulevard There are many ways to measure a security awareness program’s effectiveness. One popular way is how many people click on phishing links, but you can also measure lost and stolen devices, number of infected computers, awareness surveys, number of updated devices and many other items.
July 6, 2018 Generation Gap: Does Your Security Awareness Program Bridge the Divide? Security Intelligence Security awareness programs are not “one size fits all”. There are steps that can be taken to improve outcomes from different generations. For example, boomers tend to be more skeptical and millennials tend to be more trusting online. Different scenarios need to be considered.
July 4, 2018 Why is security awareness training important? CIO Magazine (UK) The UK National Cyber Security Center reports that cyberattacks are on the rise – even against small and medium-size businesses. Attacks include phishing attempts via email, ransomware, and point of sale malware attacks. Human error causes many cyber weaknesses, but may be the easiest item to address. Also, training on passwords and 2-factor authentication can yield positive results and reduce risk.
July 2, 2018 How to Design Cybersecurity Training for Your Employees Total Security Daily Advisor The common perception is that hackers are your biggest cyberthreat. But your employees are your greatest concern. The good news is that, starting with orientation and going through different business roles, your staff can help lower risk. From policies to procedures to practical steps with PCs, your business can protect data in engaging and effective ways with the right security awareness training that changes behavior and solidifies your security culture.
June 27, 2018 Boards focus on security awareness post Wannacry Beta News After the Wannacry attack last year, boards of global corporations have realized the need for greater security awareness for the enterprise. Management is reporting that they are becoming better at stopping ransomware and being prepared to address cyber incidents that do arise.
June 8, 2018 Perils of Healthcare Phishing and What You Can Do About It 2018 Verizon Data Breach Investigations Report found that phishing and financial pretexting represented 93 percent of all breaches investigated by Verizon, with email being the main entry point (96%). What can be done about it in context of hospitals and health data? How can you better train your staff?
May 29, 2018 How the right training program could prevent the next data breach HRDrive The metrics show that a good end user security awareness training program is like money in the bank. It can stop breaches. A recent report by Willis Towers Watson estimates that 66% of cyber breaches are caused by employee negligence or malfeasance. External threats came in a distant second at 18%, with extortion at only 2%.
May 25, 2018 What are the consequence of neglecting security awareness training? Security Intelligence How effective is your security awareness training? Many organizations underestimate the importance of good end user behaviors, so it worth the effort to put a formal program in place and constantly improve.
May 17, 2018 Vendor Risk Management for Law Firms: 7 Steps to Success There are seven important steps to success for law firms to effective lower risk as they management vendors. One of the important steps is to ensure that everyone is trained in security awareness. In order to meet regulatory requirements as well as best practices, your plan must be comprehensive and updated on a regular basis.
April 12, 2018 How effective is security awareness training for threat prevention? Security Intelligence Opinions vary on the right percentage of risk reduction provided by security awareness training. However, one thing is certain: A strong program is a must. NIST and other organizations provide solid guidance which can help any organization become more security – starting with their end user behaviors.
April 9, 2018 Don't skimp on IT security training: 27% of employees fall prey to phishing attacks TechRepublic Hackers have learned that social engineering is likely the best way to get to your company’s sensitive data. Numerous reports show statistics proving this, with one recent report showing 27% of employees, on average, falling for phishing attacks. The good news is that tools can help you overcome these challenges, such as a good phishing simulation tool.
April 3, 2018 Security Awareness Training is Useless Unless It Changes Behaviors ZDNet A good security culture starts with end user behaviors. Is your culture improving? Are user behaviors changing?

If your security awareness program isn’t measured, with meaningful results, it is a waste of time. Just checking the box for compliance isn’t enough. Are you actually seeing a change in the actions of employees? The right program can help immensely.
March 27, 2018 Cyber-security in 2018: the big five IT-Online (Australia) As data breaches skyrocket, there are some hot cybersecurity themes in 2018 that require a closer look. One of the top of these is security awareness training.

With 9 out of 10 data breaches starting with phishing attacks, you can empower staff with awareness training to become more vigilant against targeted cyberattacks, along with better tools to report suspicious emails and efficient systems for incident responders.
March 20, 2018 How to Improve Employee IT Security Awareness HR Technologist HR Organizations play a key role in improving security awareness amongst employees. HR leaders can ensure employees understand and put into practice the details or policy, ensure compliance with legal provisions and have a good grasp of threats to IT services. Most of all, staff need to know what to do to take action.
March 7, 2018 Hackers Look to Step Up Their Game During March Madness Every March, the bad actors come out and use this time of year to trick people all over the USA. As they are filling out their brackets, fraudulent websites and links can lead you to download malware or give away your credentials to a dangerous website. Here are some tips on what you can do.
March 1, 2018 Cybersecurity: What Does It Mean to Be Completely Prepared? Many organizations focus on external cybersecurity threats, but they neglect internal cyber threats. Does your business have the right policies? Do you train staff well on IT security?

One challenge is making the entire training process easy to understand while at the same time not too painful. A comprehensive cybersecurity governance framework customized to the risks and threats facing a business are essential to address both internal and external threats.
February 26, 2018 Clarksville Police Department Scam of the Day for February 26th, 2018 Watch out for these email scams that have been seen via Craigslist ads. From fake customer service lines to offers that change, these actions happen every day – all over America.
February 26, 2018 Old School Email Scams Help Crooks Become Cryptomillionaires Online scammers are using old tricks and new destinations for their fraud. Their aim: To get unsuspecting victims to send their funds to rogue cryptocurrency addresses.

How do they do this? This article explains several ways, with examples like the ‘Bee Token ICO scam’ and other tricks.
February 4, 2018 Winter Olympics Online: Tips for Work Networks and Home Safety Government Technology Magazine Watching the Olympics on a computer at home or work can have impacts beyond what you expect. From bandwidth issues to links that can take you places you don’t want to go, watch out for these cyber tricks and challenges during the Winter Olympics in 2018.
January 23, 2018 Are bad analogies killing your security training program? CSO Magazine The key to good analogies is to know your audience and speak in their language. Many security professionals speak in technical jargon which is hard for many end users to understand. Here are some tips on how to use good analogies, but not take them too far.
January 21, 2018 Let’s Not Be Our Own Worst Enemy Security Boulevard It’s funny how technology professionals can be the worst critics of security awareness training programs. The old “been there, done that, got the T-shirt” motto seems to apply to technology professionals when they discuss security awareness programs. This is not a good trend and sets a bad example. Here’s why.
January 10, 2018 4 steps to launch a security awareness training program CSO Magazine Building a successful security awareness training program includes these four steps: 1) Assessing your needs and developing content. 2) Schedule and deliver training. 3) Test your training effectiveness. 4) Track staff and take appropriate action.

Here are the details on each phase.
January 3, 2018 Gamification - the safe road to cybersecurity awareness and training Enterprise Innovation Magazine Game-based training can help enterprises understand the key cybersecurity challenges and opportunities. These interviews with top global leaders point out trends in gamification and raising overall cybersecurity awareness of staff.
December 20, 2017 Why Phishing Alone is Not Enough Awareness Training Infosecurity Magazine Phishing simulations are great, but not nearly enough. While phishing simulations are often perceived by the targeted staff as a form of entrapment, with negative consequences if an employee falls for the trap, holistic security training offers engaging, interactive content offered in brief, frequent and focused lessons that teach staff things they don’t already know.
December 20, 2017 Creating a culture of security: Part 2 CSO Magazine online There are practical steps that security leaders can take in creating a culture of security awareness with their staff. In part, this article describes some steps that can help with people, process and technology.
December 19, 2017 78 Percent of U.S. Healthcare Providers Were Hit by Email Cyber Attacks in 2017 The vast majority of healthcare organizations received some unwanted email that caused harm in 2017. By training staff in security procedures and following these helpful steps, such as analyzing inbound attachments, healthcare organizations can lower their cyber risk.
December 8, 2017 Training Employees to Avoid Healthcare Data Security Threats Healthcare employees need ongoing, effective cybersecurity training to avoid potential data security threats. Here are seven steps and ways to make that happen and ensure that you are also HIPAA-compliant.
November 22, 2017 Getting Personal About Cybersecurity Inside Higher Ed Representatives from the University of Massachusetts at Amherst shared how they leveraged students’ love of social media and personalized content like pet pictures to help train them on good cyber hygiene. Training needs to be different – even fun to capture attention.
November 21, 2017 Microsoft warns: Bogus Apple, Windows tech support sites open your phone app ZDNet The FTC has caught tech-support scammers conning innocent users into providing system access and demanding money to repair problems. Watch out for boxes popping-up asking you to call phone numbers to help resolve Apple or Windows PC problems.
November 17, 2017 National Cyber Security Awareness Month Does Not Stop in October Tap Into Franklin Township A nice recap of the National October Cybersecurity Awareness Month Themes and top messages and audiences. These tips apply year-round, so let’s not forget them.
November 9, 2017 This phishing attack pretends to be from someone you trust ZDNet An invoice that appears to be from a trusted partner. But is it? Watch-out for these tricks that bad guys use to scam you. Phishing is getting more sophisticated and everyone needs to be alert.
October 19, 2017 Your Security Awareness Program Stinks. Here’s Something You Can Do About It Security Intelligence If you think your security awareness training is boring a waste of your time, you are not alone. Training is not good, just because it comes from the security team. Some potential answers include brining in engaging training from the outside that changes the culture and is more effective with examples that relate to all aspects of life.
October 10, 2017 Awareness training is key to reducing security risk CSO Online Enterprises already use firewalls and other cybersecurity tools to stop hackers, but end user security awareness training is a key element of any successful cybersecurity defense strategy. Organizations must influence employee attitudes as well as intentions and measure the effectiveness of training with staff. Efforts must be made to address more than just phishing and changing passwords, and include the latest techniques used by hackers to commit cybercrime.
October 6, 2017 Cyber security awareness month: Training doesn’t always have to be serious IT World Canada Humor can go a long way towards making security awareness training more effective. There are many ways to make training memorable, and engaging, fun training can certainly make a positive difference and a lasting impression.
September 29, 2017 Small Business Security (Pt. 1): Employee Security Awareness Business to In order to have good cyber hygiene and protect the business from online threats, every small business needs to train staff regarding threats and potential fraud and scams. If businesses fail to plan, they will certainly fail, and this article contains a checklist of things to look out for and implement regarding online activity.
September 29, 2017 Campaign Advice for CISOs for Cybersecurity Awareness Month IT World Canada Security leaders to grab the attention of all staff and make October 2017 a month where cyber risk is reduced. Cyber awareness training can be tough to measure, but it is like health and safety. Everyone can play a vital role and be involved and dedicated to improve protections for the good of the company and to help individuals.
September 22, 2017 Cybersecurity awareness and training is everyone's business The Hampton Roads Business Journal There are many types of business fraud and online theft that companies must address, but keeping information safe is everyone responsibility. Security awareness and training is one of the 22 categories in the National Institute of Standards and Technology’s Cybersecurity Framework, and effective training that supports a safe online culture will offer year-round activities to keep cybersecurity top of mind for everyone.
August 23, 2017 How small businesses should invest in cyber security The Daily Telegraph (UK) Even small businesses need to invest in security for their staff. The average cost of a small business data breach is over $4,000, but there are steps you can take, including building a culture of security awareness with items such as instilling a sense of responsibility in your staff around passwords, software updates and navigating the internet with the right habits and an understanding of online risks.
August 17, 2017 Protecting Against Spam and Phishing Attacks With a Layered Approach to Email Security Security Intelligence Website Protecting organizations from unwanted emails require a layered approach that starts with SPAM control and monitoring. Other layers include: email scanning from external sources, perimeter protection, internal network solutions and end devices protections. Finally, end users must be trained and tested on phishing attacks.
August 2, 2017 Increased cyber awareness must lead to equivalent action CSO Magazine Australia Recent online attacks from the WannaCry ransomware and Petya (or sometimes called NotPetya) malware must lead to employee actions and changes in behavior. Every global organization needs an effective security awareness training program which is one critical component of business due diligence.
July 19, 2017 Training helps keep Show Me State workers aware of cyberthreats American City & County Missouri has moved to engaging, interactive online security lessons for their staff, and the results have been outstanding. Mike Roling, the State CISO, said “Our end users have become the best detection system that we have in our security stack. As we have been making them more aware, they are uncovering more,” Roling says. “Our end users are not afraid to let us know about concerns they are finding. Security Mentor has really brought down any communication barrier there may have been in the past.”
July 13, 2017 Three core elements of a security awareness training program Both annual training and monthly refreshers are important elements in end user security awareness training programs. In addition, employees should be tested to see if they are putting their learning into practice, according to one cybe3 expert.
July 10, 2017 Creating the Right Perception for Security Awareness Training Infosecurity Magazine Security awareness training should be a positive experience and not a penalty in order to be effective. While just-in-time training can sometimes help, fear should be an appetizer and not the main course in order positively impact the culture in the long-term.
June 22, 2017 7 elements of a successful security awareness program CSO Magazine Australia Here is a good checklist of important steps to making Security Awareness Training (SAT) successful. It starts with executive buy-in and partnering with relevant content. You can also incentivize and measure your success with metrics to help.
June 14, 2017 Internal Audit’s Critical Role in Cybersecurity Accounting Most organizations have security policies, procedures and plans, but are managers following through on their promises? Internal audit must help bring all sides together to ensure communication, coordination and collaboration to all levels of management.
June 2, 2017 The Trouble if Security Awareness Training Is Mainly a Penalty Government Technology Magazine Security awareness training (SAT) should be positive, proactive and include all employees. By offering game-based learning techniques that teach people things they don’t already know, a positive security culture will develop. However, some organizations are using traditional “just in-time training” techniques to punish employees and force those who make online mistakes to take security training. This is a troubling trend which undermines the benefits of SAT and hurts an organization’s culture of security.
June 1, 2017 Three cybersecurity answers bankers and directors should know Cincinnati Business Courier Business leaders need to become much more familiar with cyber risks in their organizations. What are the means and methods used by attackers and what can be done to mitigate cyber attacks? In the article is a checklist of things you need to know along with list of recommended actions. Included on the list is cyber education for staff regarding technology resources.
May 29, 2017 Stop making these silly mistakes when it comes to cyber security SecurityBrief Australia From email to social media to passwords, the story provides a list of mistakes to watch out for and actions to take to protect yourself in cyberspace.
May 26, 2017 Security Awareness: Three Lessons From Health Campaigns Security Intelligence Three lessons taken health campaigns that apply to security awareness are discussed in this article. 1. Organizations should stop looking at cybersecurity awareness “like a set of quarterly sales figures to achieve, or worse, a short-term initiative to reprogram their employees.” Security awareness is about changing culture, which in the long-term changes behavior. 2. Behavioral health campaigns have been teaching people for years the importance of washing their hands in order to prevent the spread of germs. Likewise, employees need regular reminders about security hygiene. 3. Peer pressure is effective at changing behavior long-term.
May 23, 2017 Companies Believe Coffee Shops Present Biggest Threat To Be Hacked International Business Times In a recent survey, 93% of companies in the US. UK, Germany and France are worried about mobile security, with many more companies saying they are “very concerned” in 2017 as compared to 2016. On the top of the list is WiFi security in coffee shops and other public places like airports. The report also noted that “much of the protection comes from companies educating their workforce about threats and providing them the necessary tools to combat them.”
May 3, 2017 Google Docs phishing scam spreads widely, reportedly shut down quickly Silicon Beat More and more cyberattacks are going after the weakest link – organization employees. “That phenomenon was showcased May 3 in a widespread phishing attack that saw Google users hit with fake prompts to open a Google Docs document purportedly shared by someone they knew.” “That access can give attackers data for stealing identities, then plundering bank accounts or committing other financial crimes.”
March 21, 2017 Security Awareness Training: Doing It Right Nemertes Research A Virginia-based government cyber security contracting firm recently fell victim to a phishing email attack. According to Nemertes Research CEO, Johna Johnson, “If it can happen to a cybersecurity company, it can happen to yours. Since the weakest link in infosec security is almost always the human link, the best defense against attack is a security-aware culture that permeates the entire organization. Security awareness training is the key to creating that culture, and spreading the security team’s culture outward to every member of the organization.”
March 15, 2017 Becky Bace's passing hits cybersecurity community hard SC Media “The security industry today is mourning the death of security expert, mentor and Infidel President/CEO Rebecca “Becky” Bace, who passed away Tuesday.” Security Mentor doesn’t usually don’t add personal comments to the security awareness news stories, but today is an exception. We lost a dear friend and trusted advisor when Becky passed. Becky’s expert knowledge, visionary outlook, and generosity touched many in the security community, including us. We pay tribute to the lasting impact that her life has had and will continue to have on cyber security.
March 15, 2017 Many smartphone owners don’t take steps to secure their devices PewResearchCenter A Pew Research Center report found smartphone owners aren’t taking the most basic steps for security. Twenty-eight percent (28%) of users don’t use a screen lock; and 40% only update their phone when convenient and 10% never update their phones. Many of these users also performed sensitive activities while using their phones connected to public WiFi potentially putting information at risk.
March 6, 2017 Fraudsters Step Up Their Game During March Madness Like tax season and other seasonal events, hackers are using March Madness to steal your confidential information.Like tax season and other seasonal events, hackers are using March Madness to steal your confidential information. Like tax season and other seasonal events, hackers are using March Madness to steal your confidential information. Like tax season and other seasonal events, hackers are using March Madness to steal your confidential information.A surge in cyber attacks will occur as the hype promoting March Madness rises and the number of people participating in NCAA brackets and betting pools increases, matched by an even larger number of new financial scams and phishing attacks. Cyber security experts discuss the importance of security awareness training in protecting against these attacks. Tips are provided on what March Madness fans should look out for and how to protect themselves.
March 6, 2017 5 things to know about cyber security in healthcare — and what CEOs (aren't) doing about it Becker’s ASC Review CEOs, although concerned about cyber security aren’t taking actions according to PwC's 20th Annual Global CEO Survey. According to the survey, “Sixty-one percent of healthcare CEOs ranked cyber security as the No. 2 risk to stakeholder trust, but just 48 percent of healthcare CEOs are taking action to resolve cyber security issues.”
February 21, 2017 Security Awareness Training is Essential for Small Businesses Entrepreneur Magazine Ponemon Institute research found that human error is responsible for approximately 80 percent of all business data leaks. Careless employee mistakes can result in big problems. That is why it is imperative for owners of small business to teach security awareness.
February 9, 2017 Gartner and industry experts on the booming market for security awareness training CSO Magazine Online The security awareness market was estimated to be $1 billion in 2014 by Andrew Walls, Research Vice President at Gartner. A new report from Gartner Cybersecurity Ventures predicts the market can be worth $10 billion by 2027. Lawrence Pingree, Research Vice President at Gartner, explains that “Training employees on security will immediately bolster the cyber defenses of most companies.” If done right, security awareness training can provide excellent ROI for large enterprises. Robert Herjavec, CEO of the Herjavec Group agrees, stating it is the responsibility of each company to train their staff.
February 6, 2017 How con artists are changing tactics to steal identities CBS News Theft of personal information was up 16% in 2016 and account takeovers 40%. Electronic shoppers are two times more likely to experience fraud compared to those shopping in stores. Tips for protecting yourself online include: use two-factor authentication with online accounts, monitor all transactions, use account alerts, and limit social media sharing.
February, 2017 29,000 taxpayers affected by W-2 scams, IRS issues new warning CSO Online Business Email Compromise (BEC) attacks are on the rise. In these attacks, spear phishers, or phishers, forge an email pretending to be from a top executive in the victim's organization. It is usually sent to Human Resources or payroll requesting W-2 information for employees. And they work. As of February 5, 2017, 23 organizations revealed that they had BEC-related data breaches resulting in compromised W-2 data. The IRS has already announced it will delay refunds to taxpayers to combat identity theft.
February, 2017 Your Vizio TV Spied On You And Reported What You Watched Forbes The Federal Trade Commission (FTC) announced TV Vizio has been collecting billions of data points from the millions of TVs it sold since 2014. Vizio could determine exactly what was being watched. The data was collected without user's knowledge or permission. Vizio, owned by the Chinese firm LeEco, will pay $1.5 million to the FTC to settle the matter and $700,000 to the state of New Jersey for a civil suit. Vizio will also stop collecting data without gaining consent.
January, 2017 The Most Common Passwords of 2016 Keeper Security Keeper Security analyzed more than 10 million stolen passwords. 123456 is still the most common password and is employed by 17% of users. Of the 10 million passwords, the top passwords account for more than 50% of all passwords analyzed. To increase password security, website operators need to assume more responsibility to enforce password best practices.
December, 2016 August in November: New Information Stealer Hits the Scene Proofpoint A group known as TA530, is using social engineering email tactics to distribute malware in an attempt to steal files, login credentials and even steal money from cryptocurrency wallets. As phishing and social engineering campaigns become more effective, Proofpoint researchers recommend to educate your end users on how to identify and properly address emails that appear suspicious.
December, 2016 Backdoor vulnerabilities discovered in Sony IP cameras ZDNet A backdoor was discovered in over 80 different Sony IP camera models that can allow attackers to hijack vulnerable cameras, execute code, and spy on users. Additionally, attackers with physical access to the cameras can use serial ports to access log in.
December, 2016 Ransomware attacks against businesses increased threefold in 2016 CSO Online Ransomware attacks against business increased by three times in 2016. One in every 5 businesses were targeted worldwide. Attacks were launched at one every 40 seconds. One-third of the businesses paid the ransom, but one-fifth of those businesses never got their data back.
October, 2016 How Hackable is Your Smart Enterprise? ForeScout ForeScout released an IoT Enterprise Risk Report that included IoT security tips for enterprises. Findings include 65% of enterprises have actively deployed IoT technologies as of June 2016 and by 2018, two-thirds of enterprises will experience IoT security breaches. Key findings were seven IoT devices could be hacked in three minutes. Once hacked, hackers can then plant backdoors in the device to launch further attacks. Some IoT devices have the potential for causing disastrous impacts to the enterprise.
September, 2016 Data breaches: This time it's more personal NetworkWorld Identity theft was the leading type of data breach in the first half of 2016, according to a report by Gemalto. Data breaches are shifting to stolen identities from stolen credit card data and financial information. Despite the breaches, apathy from consumers and enterprises abounds. The solution is encryption. Less than 4% of all data breaches involved data that was encrypted in part of full.
July, 2016 Careless employees remain the biggest security threat in 2016, study shows Bitdefender In a study by BitDefender, 81% of respondents said that negligent or careless employees were their greatest security threat. This was up from 78% in 2015.
June, 2016 Fasoo and Ponemon Institute Study Reveals That Employees Still Present the Highest Security Risk to Organizations Ponemon Careless employees were the greatest cause of data breaches (56%). Seventy three percent of organizations thought it was likely some confidential information was lost in the past 12 months.
June, 2016 Laptop Theft May Have Exposed PHI of 400,000 Current or Former California Inmates healthcare informatics A non-encrypted laptop belonging to an employee of the California Correctional Health Care Services was stolen and may expose 4000,000 patients over an 18-year period.
May, 2016 MySpace hack puts another 427 million passwords up for sale ZDNet Time Inc. reported 427 million passwords were stolen from MySpace, the aging social media site it purchased three months earlier. A hacker posted them for sale on the dark web. This breach was tied to a 2013 hack.
April, 2016 Verizon's 2016 Data Breach Investigations Report finds cybercriminals are exploiting human nature PRNewswire Verizon's 2016 Data Breach Investigations report found cybercriminals are relying on exploiting human nature in their attacks. The use of weak, default, or stolen passwords were involved in sixty-three percent of breaches. Phishing remains the top concern with 30 percent opening phishing messages and increase of seven percent from 2015. Thirteen percent clicked on phishing links or malicious attachments. Twenty-six percent of miscellaneous errors were people sending sensitive information to the wrong person.
February, 2016 Cyber security megatrends and what you can do Telestra Corporation Limited [AU] Forty-five percent of Asia Pacific businesses surveyed experienced even more business-interrupting incident in 2015.
April, 2015 User mistakes aid most cyber attacks, Verizon and Symantec studies show Reuters Technology Reports by Verizon and Symantec find that the majority of hacker attacks are successful because of mistakes by end users. Phishing emails continue to be so successful that even sending 10 emails will result in 90% infection rate.
April, 2015 Global cyberattacks on big business up 40 percent in 2014 CNBC Cybersecurity Cyber criminals increased attacks against big businesses by 40% in 2014; attacks against SMBs increased 26 and 30 percent, respectively. Oil & gas was the most targeted industry, followed by manufacturing, transportation, and communication. Ransomware also increased by 113%.
March, 2015 Michigan Works to Thwart Barrage of Cyberattacks CBS Detroit David Behen, the State of Michigan's Chief Information Officer (CIO) and Director of the Department of Technology, Management and Budget, said there are 540,000 daily attacks. Behen explained, "We are only as strongly as our weakest link," which is why the state has focused on cyber awareness training for the state employees, starting in 2012.
February, 2015 Massive Data Breach Forbes Hackers broke into Anthem's data servers resulting in the potential exposure of nearly 80 million Anthem customers. If confirmed, this would be the largest health care related data breach in history. "Anthem's President and CEO Joseph R. Swedish revealed his own personal information was accessed during the data breach ..."
February, 2015 Hacked Hotel Phones Fueled Bank Phishing Scams Krebs on Security Brian Krebs writes about how fraudsters have been sending mass mailings of phishing messages targeting mobile users. The message warns recipients about "problems with their bank account" and provides a number to call, which then prompts for credit card information.
January, 2015 Target Breach Had Massive Impact on Cyber Security Awareness eSecurityPlanet A Ponemon study found that 50 percent of organizations conducted training and awareness activities in response to large data breaches that occurred in 2014. And the news doesn't get any better, 2015 is predicted to be as bad or worse than 2014.
August, 2014 Personal Devices and Security: Keep Data Secure and Employees Happy MSPMentor Employees are expected to continue their work responsibilities when out of the office. Eighty-one percent use personal devices to email, access, and share company information. Yet an astounding seventy-one percent download and share documents without IT authorization. Even more astounding is that employees in highly regulated industries circumvent security requirements; this was found in 78% of the financial institutions studied, 78% of the legal services, and 88% of the professional services. Many employees don't understand the risks if data is leaked.
May, 2014 US cybercrime: Rising risks, reduced readiness. Key findings from the 2014 US State of Cybercrime Survey PwC "The merit of awareness programs is quite clear: 42% of respondents said security education and awareness for new employees played a role in deterring a potential criminal, among the highest of all policies and technologies used for deterrence." "The financial value of employee awareness is even more compelling. Organizations that do not have security awareness programs -- in particular, training for new employees -- report significantly higher average financial losses from cybersecurity incidents."
March 26, 2014 Six clicks: How hackers use employees to break through security walls ZDNet Employees are the most vulnerable point of hacker attacks. Attacks target employees in many ways: phishing attacks, attacks on mobile devices while traveling, theft of data over WiFi, and use compromised storage devices. Employee awareness could save millions in the race to prevent cyber theft.
March 7, 2014 The Final Countdown - Windows XP end of support popup has started Naked Security from Sophos Microsoft XP will reach end of life on April 8, 2014. After that date, security patches and support will no longer be available, leaving vulnerabilities open to be exploited forever.
February 9, 2014 Highly Sensitive Barclays Customer Data 'Stolen and Sold' BBC According the BBC, The Mail reported that a whistle blower had been given them a Flash drive with the stolen personal data of 2,000 Barclays customers. Apparently, another 25,000 records were also available. The information was said to be highly sensitive including personal, health, insurance and financial data.
January 29, 2014 Social Engineering Attack Led to Theft of Twitter Account eWeek A social engineering attack on a GoDaddy phone representative allegedly resulted in the theft of a user's domains hosted at GoDaddy. The attacker then extorted the user into giving up his Twitter handle to get his domains back.
January 21, 2014 Worst Passwords See Little Change in 2013 SplashData The three most common passwords in 2013 were 123456, password, and 12345678, according to password management company SplashData. These same three passwords topped last year's list as well.
January 10, 2014 Target data breach could expand to 110 million CNET Target announced that the personal information of as many as 70 million additional customers was stolen. Personal information stolen included names, mailing addresses, phone numbers, and email addresses. In December 2013, Target had already revealed that 40 million credit and debit card numbers had been stolen.
October 2013 EY Global Information Security Survey 2013 EY Global Information Security Survey 2013 According to the EY Global Information Security Survey 2013, more emphasis needs to be placed on security awareness and training, a key component of continuous improvement activities.
July 12, 2013 FBI warns of surge in spear-phishing attacks against multiple industries The Federal Bureau of Investigation (FBI) Multiple industry sectors continue to see elevated spear-phishing attacks. Cyber criminals target individuals in industries or organizations that they want to attack. The spear-phishing messages often contain accurate information about the targeted victim that has been gleaned from postings on social networking sites, blogs, or other websites. The FBI advises not to follow links when you don't know the sender and to keep anti-virus, firewall, and browser software updated.
Jul. 2, 2013 131 incidents resulted in the sensitive information of 2.5 million Californians being exposed Silicon Valley The State of California released its first data breach report. In 131 incidents, 2.5 million Californians had sensitive information breached including Social Security, credit card, and bank account numbers. Most breaches occurred in 2012. Data breaches occurred in the commercial, government, education, and non-profit sectors.
June 21, 2013 Facebook bug inadvertently exposes private information of 6 million users Reuters A bug in Facebook's code exposed the email addresses and phone numbers of 6 million users. Facebook users who downloaded contact data for their friends, inadvertently also downloaded private information. Users were notified of the bug via a message on the Facebook website. The bug was fixed within 24 hours. In a released message at the time of the breach, Facebook stated it was not aware of any wrongdoing or anomalous behavior related to the data breach.
June 10, 2013 Data breaches reach all time high; tied closely to consumer fraud Javelin Strategy & Research According to a Javelin Strategy & Research report, a single data breach can result in billions of dollars in consumer fraud. If you are a data breach victim, the odds of also becoming a fraud victim are 23%. This comes at a time when the number of data-breaches in 2012 reached an all-time high, increasing 48% over the previous year.
May 27, 2013 Crackers ability to break passwords highlights need for stronger passwords Ars Technica Ars Technica provided three cracking experts with a list of more than 16,000 cryptographically hashed passwords. In less than one hour, they cracked 82% of the passwords. According to one of the crackers that meant 13,000 people did not choose good passwords. The article further stated: "The prowess of these three crackers also underscores the need for end users to come up with better password hygiene. Many Fortune 500 companies tightly control the types of passwords employees are allowed to use to access e-mail and company networks, and they go a long way to dampen crackers' success."
May 10, 2013 Violent crimes being driven by theft of smartphones and tablets Computerworld Across the United States, mobile phone theft is at rampant levels, many thefts are at gun point, knife point or by brute force. From November 2012 to April 2013, 41% of thefts in San Francisco were related to cellphone or tablets theft. Users are advised to use a password, screen lock, and software that can remotely track or wipe a stolen device.
February 14, 2013 Default passwords vulnerability exploited resulting in fake Emergency Alert System warning of zombie attacks Reuters Broadcasters were sent an urgent message by the FCC instructing them to change the default passwords on all Emergency Alert System equipment after hackers posted a zombie attack alert warning. Although no damage resulted from the hack, future attacks could prevent stations sending out real emergency alerts.
January 18, 2013 Global Security Study recommends investing in information security training and awareness to address vulnerabilities Deloitte Touche Tohmatsu Limited (DTTL) The 2013 Technology, Media and Telecommunications Global Security Study by Deloitte "identified lack of employee awareness and third-party risks as top security vulnerabilities, suggests that TMT organizations should consider investing in information security training and awareness for their employees to help mitigate risks from new technologies."
January 15, 2013 Phishing 59% higher in 2012 compared to 2011 Speaking of Security: The Official RSA Blog and Podcast The number of phishing attacks in 2012 increased by 59%, according to the official blog of security company RSA. The projected impact of these phishing attacks was $1.5 billion dollars in fraud damages.
December 07, 2012 Data breaches frequent in healthcare organizations The Data Breach Press by ID Experts The Third Annual Benchmark Study on Patient Privacy & Data Security by the Ponemon Institute found that not only did 94% of healthcare organizations experience at least one data breach in the last two years, 45% had more than five.
October 1, 2012 White House victim of spear phishing attack CNET News A White House official confirmed that in September there was a successful spear phishing attack targeting the White House. Although an unclassified computer network was accessed, no classified networks were breached and no damage was done, according to the official.
September 16, 2012 Security Mentor champions the National Cyber Security Awareness Month Every October is National Cyber Security Awareness Month (NCSAM). All around the world events are put on to help increase cyber security awareness. Visit the website ( to find events or learn how you can become involved.
September 9, 2012 SMS phishing attacks rise 913% Cloudmark Did you receive the following SMS message? "Fwd: Good Afternoon. Attention Required" If you did you aren't alone. In the first week of September (2012), SMS phishing attacks were up 913% with 500 unique attacks. The goal -- innovative new ploys to get people to reveal their sensitive bank and credit card information.
September 5, 2012 One-third have lost or had their stolen mobile phones stolen PEW Internet Nearly a third of all mobile users had their device lost or stolen. And 15% had their private data accessed. The study further found that loss or theft was highest among younger users (18-24 years old), but otherwise results were fairly consistent across different types of mobile users.
August 21, 2012 Passwords have never been weaker according to Ars Technica article Ars Technica In depth article describing why passwords are weaker today than ever before. Topics discussed include the proliferation of reused, easily broken passwords, password exposure due to website breaches, how some web sites are inadequately protecting user's passwords, and the success of password crackers.
August 7, 2012 19% Increase in Data Breaches Reports GAO Federal Times The Government Accountability Office (GAO) reported to the United States Senate that federal data breaches of personally identifiable information increased almost 20% in 2011.
March 20, 2012 Negligent insiders responsible for 39% of data breaches Symantec Negligent insiders were responsible for 39% of all data breaches according to businesses interviewed in the "2011 Cost of Data Breach Study: United States" Symantec-sponsored report by the Ponemon Institute.
February 16, 2012 Identity theft and phishing lead IRS tax scams for 2012 United States Internal Revenue Service Each year the U.S. Internal Revenue Service issues a list of the top tax scams for the year called the "Dirty Dozen". For 2012, identity theft is the top scam, followed by phishing. In 2011, the IRS stopped more than $1.4 billion dollars from being stolen by identity thieves. The IRS reminds tax payers that it "does not initiate contact with taxpayers by email or request personal or financial information".
February 13, 2012 PHI data breaches increased 97% in 2011; security awareness best vaccination according to Redspin Redspin Data breaches of protected health information (PHI) increased 97% in 2011 and have reached epidemic portions according to Redspin, a provider of penetration testing services and IT security audits. In their Breach Report 2011, Redspin examined 385 breached of PHI affecting 19 million records. The ending conclusion of the report: "Lastly, there is no better vaccination against a data breach than improving the security awareness of healthcare workers."
January 18, 2012 Dr. Hugh Thompson discusses why the need for security awareness is bigger than ever. Help Net Security Dr. Hugh Thompson, Program Committee Chair for RSA Conferences and Chief Security Strategist, spoke in a Help Net Security podcast about why the need for security awareness is now bigger than ever. Dr. Thompson states "security is coming more and more down to the little decisions that every single employee makes every single day". He goes on to discuss the importance of security awareness training actively engaging users and the burden on information security professionals for education.