For security, your session has timed out. Please sign in again.

Your session will expire in approximately 5 minutes." Click "Continue" to keep your account active or "Close" to end your session now.

Home >

Security Awareness News

What's in the news about security awareness? Take a look at some of the headline stories and hot topics that we've gathered. If you want to know more about a story, just click on the title and a new window will take you to the story's source.

Date Topic Source Description
April, 2015 User mistakes aid most cyber attacks, Verizon and Symantec studies show Reuters Technology Reports by Verizon and Symantec find that the majority of hacker attacks are successful because of mistakes by end users. Phishing emails continue to be so successful that even sending 10 emails will result in 90% infection rate.
April, 2015 Global cyberattacks on big business up 40 percent in 2014 CNBC Cybersecurity Cyber criminals increased attacks against big businesses by 40% in 2014; attacks against SMBs increased 26 and 30 percent, respectively. Oil & gas was the most targeted industry, followed by manufacturing, transportation, and communication. Ransomware also increased by 113%.
March, 2015 Michigan Works to Thwart Barrage of Cyberattacks CBS Detroit David Behen, the State of Michigan's Chief Information Officer (CIO) and Director of the Department of Technology, Management and Budget, said there are 540,000 daily attacks. Behen explained, "We are only as strongly as our weakest link," which is why the state has focused on cyber awareness training for the state employees, starting in 2012.
February, 2015 Massive Data Breach Forbes Hackers broke into Anthem's data servers resulting in the potential exposure of nearly 80 million Anthem customers. If confirmed, this would be the largest health care related data breach in history. "Anthem's President and CEO Joseph R. Swedish revealed his own personal information was accessed during the data breach ..."
February, 2015 Hacked Hotel Phones Fueled Bank Phishing Scams Krebs on Security Brian Krebs writes about how fraudsters have been sending mass mailings of phishing messages targeting mobile users. The message warns recipients about "problems with their bank account" and provides a number to call, which then prompts for credit card information.
January, 2015 Target Breach Had Massive Impact on Cyber Security Awareness eSecurityPlanet A Ponemon study found that 50 percent of organizations conducted training and awareness activities in response to large data breaches that occurred in 2014. And the news doesn't get any better, 2015 is predicted to be as bad or worse than 2014.
August, 2014 Personal Devices and Security: Keep Data Secure and Employees Happy MSPMentor Employees are expected to continue their work responsibilities when out of the office. Eighty-one percent use personal devices to email, access, and share company information. Yet an astounding seventy-one percent download and share documents without IT authorization. Even more astounding is that employees in highly regulated industries circumvent security requirements; this was found in 78% of the financial institutions studied, 78% of the legal services, and 88% of the professional services. Many employees don't understand the risks if data is leaked.
May, 2014 US cybercrime: Rising risks, reduced readiness. Key findings from the 2014 US State of Cybercrime Survey PwC "The merit of awareness programs is quite clear: 42% of respondents said security education and awareness for new employees played a role in deterring a potential criminal, among the highest of all policies and technologies used for deterrence." "The financial value of employee awareness is even more compelling. Organizations that do not have security awareness programs -- in particular, training for new employees -- report significantly higher average financial losses from cybersecurity incidents."
March 26, 2014 Six clicks: How hackers use employees to break through security walls ZDNet Employees are the most vulnerable point of hacker attacks. Attacks target employees in many ways: phishing attacks, attacks on mobile devices while traveling, theft of data over WiFi, and use compromised storage devices. Employee awareness could save millions in the race to prevent cyber theft.
March 7, 2014 The Final Countdown - Windows XP end of support popup has started Naked Security from Sophos Microsoft XP will reach end of life on April 8, 2014. After that date, security patches and support will no longer be available, leaving vulnerabilities open to be exploited forever.
February 9, 2014 Highly Sensitive Barclays Customer Data 'Stolen and Sold' BBC According the BBC, The Mail reported that a whistle blower had been given them a Flash drive with the stolen personal data of 2,000 Barclays customers. Apparently, another 25,000 records were also available. The information was said to be highly sensitive including personal, health, insurance and financial data.
January 29, 2014 Social Engineering Attack Led to Theft of Twitter Account eWeek A social engineering attack on a GoDaddy phone representative allegedly resulted in the theft of a user's domains hosted at GoDaddy. The attacker then extorted the user into giving up his Twitter handle to get his domains back.
January 21, 2014 Worst Passwords See Little Change in 2013 SplashData The three most common passwords in 2013 were 123456, password, and 12345678, according to password management company SplashData. These same three passwords topped last year's list as well.
January 10, 2014 Target data breach could expand to 110 million CNET Target announced that the personal information of as many as 70 million additional customers was stolen. Personal information stolen included names, mailing addresses, phone numbers, and email addresses. In December 2013, Target had already revealed that 40 million credit and debit card numbers had been stolen.
October 2013 EY Global Information Security Survey 2013 EY Global Information Security Survey 2013 According to the EY Global Information Security Survey 2013, more emphasis needs to be placed on security awareness and training, a key component of continuous improvement activities.
July 12, 2013 FBI warns of surge in spear-phishing attacks against multiple industries The Federal Bureau of Investigation (FBI) Multiple industry sectors continue to see elevated spear-phishing attacks. Cyber criminals target individuals in industries or organizations that they want to attack. The spear-phishing messages often contain accurate information about the targeted victim that has been gleaned from postings on social networking sites, blogs, or other websites. The FBI advises not to follow links when you don't know the sender and to keep anti-virus, firewall, and browser software updated.
Jul. 2, 2013 131 incidents resulted in the sensitive information of 2.5 million Californians being exposed Silicon Valley The State of California released its first data breach report. In 131 incidents, 2.5 million Californians had sensitive information breached including Social Security, credit card, and bank account numbers. Most breaches occurred in 2012. Data breaches occurred in the commercial, government, education, and non-profit sectors.
June 21, 2013 Facebook bug inadvertently exposes private information of 6 million users Reuters A bug in Facebook's code exposed the email addresses and phone numbers of 6 million users. Facebook users who downloaded contact data for their friends, inadvertently also downloaded private information. Users were notified of the bug via a message on the Facebook website. The bug was fixed within 24 hours. In a released message at the time of the breach, Facebook stated it was not aware of any wrongdoing or anomalous behavior related to the data breach.
June 10, 2013 Data breaches reach all time high; tied closely to consumer fraud Javelin Strategy & Research According to a Javelin Strategy & Research report, a single data breach can result in billions of dollars in consumer fraud. If you are a data breach victim, the odds of also becoming a fraud victim are 23%. This comes at a time when the number of data-breaches in 2012 reached an all-time high, increasing 48% over the previous year.
May 27, 2013 Crackers ability to break passwords highlights need for stronger passwords Ars Technica Ars Technica provided three cracking experts with a list of more than 16,000 cryptographically hashed passwords. In less than one hour, they cracked 82% of the passwords. According to one of the crackers that meant 13,000 people did not choose good passwords. The article further stated: "The prowess of these three crackers also underscores the need for end users to come up with better password hygiene. Many Fortune 500 companies tightly control the types of passwords employees are allowed to use to access e-mail and company networks, and they go a long way to dampen crackers' success."
May 10, 2013 Violent crimes being driven by theft of smartphones and tablets Computerworld Across the United States, mobile phone theft is at rampant levels, many thefts are at gun point, knife point or by brute force. From November 2012 to April 2013, 41% of thefts in San Francisco were related to cellphone or tablets theft. Users are advised to use a password, screen lock, and software that can remotely track or wipe a stolen device.
Feb. 14, 2013 Default passwords vulnerability exploited resulting in fake Emergency Alert System warning of zombie attacks Reuters Broadcasters were sent an urgent message by the FCC instructing them to change the default passwords on all Emergency Alert System equipment after hackers posted a zombie attack alert warning. Although no damage resulted from the hack, future attacks could prevent stations sending out real emergency alerts.
Jan. 18, 2013 Global Security Study recommends investing in information security training and awareness to address vulnerabilities Deloitte Touche Tohmatsu Limited (DTTL) The 2013 Technology, Media and Telecommunications Global Security Study by Deloitte "identified lack of employee awareness and third-party risks as top security vulnerabilities, suggests that TMT organizations should consider investing in information security training and awareness for their employees to help mitigate risks from new technologies."
Jan. 15, 2013 Phishing 59% higher in 2012 compared to 2011 Speaking of Security: The Official RSA Blog and Podcast The number of phishing attacks in 2012 increased by 59%, according to the official blog of security company RSA. The projected impact of these phishing attacks was $1.5 billion dollars in fraud damages.
Dec. 07, 2012 Data breaches frequent in healthcare organizations The Data Breach Press by ID Experts The Third Annual Benchmark Study on Patient Privacy & Data Security by the Ponemon Institute found that not only did 94% of healthcare organizations experience at least one data breach in the last two years, 45% had more than five.
Oct. 1, 2012 White House victim of spear phishing attack CNET News A White House official confirmed that in September there was a successful spear phishing attack targeting the White House. Although an unclassified computer network was accessed, no classified networks were breached and no damage was done, according to the official.
Sep. 16, 2012 Security Mentor champions the National Cyber Security Awareness Month Every October is National Cyber Security Awareness Month (NCSAM). All around the world events are put on to help increase cyber security awareness. Visit the website ( to find events or learn how you can become involved.
Sep. 9, 2012 SMS phishing attacks rise 913% Cloudmark Did you receive the following SMS message? "Fwd: Good Afternoon. Attention Required" If you did you aren't alone. In the first week of September (2012), SMS phishing attacks were up 913% with 500 unique attacks. The goal -- innovative new ploys to get people to reveal their sensitive bank and credit card information.
Sep. 5, 2012 One-third have lost or had their stolen mobile phones stolen PEW Internet Nearly a third of all mobile users had their device lost or stolen. And 15% had their private data accessed. The study further found that loss or theft was highest among younger users (18-24 years old), but otherwise results were fairly consistent across different types of mobile users.
Aug. 21, 2012 Passwords have never been weaker according to Ars Technica article Ars Technica In depth article describing why passwords are weaker today than ever before. Topics discussed include the proliferation of reused, easily broken passwords, password exposure due to website breaches, how some web sites are inadequately protecting user's passwords, and the success of password crackers.
Aug. 7, 2012 19% Increase in Data Breaches Reports GAO Federal Times The Government Accountability Office (GAO) reported to the United States Senate that federal data breaches of personally identifiable information increased almost 20% in 2011.
Mar. 20, 2012 Negligent insiders responsible for 39% of data breaches Symantec Negligent insiders were responsible for 39% of all data breaches according to businesses interviewed in the "2011 Cost of Data Breach Study: United States" Symantec-sponsored report by the Ponemon Institute.
Feb. 16, 2012 Identity theft and phishing lead IRS tax scams for 2012 United States Internal Revenue Service Each year the U.S. Internal Revenue Service issues a list of the top tax scams for the year called the "Dirty Dozen". For 2012, identity theft is the top scam, followed by phishing. In 2011, the IRS stopped more than $1.4 billion dollars from being stolen by identity thieves. The IRS reminds tax payers that it "does not initiate contact with taxpayers by email or request personal or financial information".
Feb. 13, 2012 PHI data breaches increased 97% in 2011; security awareness best vaccination according to Redspin Redspin Data breaches of protected health information (PHI) increased 97% in 2011 and have reached epidemic portions according to Redspin, a provider of penetration testing services and IT security audits. In their Breach Report 2011, Redspin examined 385 breached of PHI affecting 19 million records. The ending conclusion of the report: "Lastly, there is no better vaccination against a data breach than improving the security awareness of healthcare workers."
Jan. 18, 2012 Dr. Hugh Thompson discusses why the need for security awareness is bigger than ever. Help Net Security Dr. Hugh Thompson, Program Committee Chair for RSA Conferences and Chief Security Strategist, spoke in a Help Net Security podcast about why the need for security awareness is now bigger than ever. Dr. Thompson states "security is coming more and more down to the little decisions that every single employee makes every single day". He goes on to discuss the importance of security awareness training actively engaging users and the burden on information security professionals for education.