For security, your session has timed out. Please sign in again.

Your session will expire in approximately 5 minutes. Click "Continue" to keep your account active or "Close" to end your session now.

Choose your preferred training language

Home >

Security Awareness News

What's in the news about security awareness? Take a look at some of the headline stories and hot topics that we've gathered. If you want to know more about a story, just click on the title and a new window will take you to the story's source.

Date Topic Source Description
Jan 23, 2018 Are bad analogies killing your security training program? CSO Magazine The key to good analogies is to know your audience and speak in their language. Many security professionals speak in technical jargon which is hard for many end users to understand. Here are some tips on how to use good analogies, but not take them too far.
Jan 21, 2018 Let’s Not Be Our Own Worst Enemy Security Boulevard It’s funny how technology professionals can be the worst critics of security awareness training programs. The old “been there, done that, got the T-shirt” motto seems to apply to technology professionals when they discuss security awareness programs. This is not a good trend and sets a bad example. Here’s why.
Jan 10, 2018 4 steps to launch a security awareness training program CSO Magazine Building a successful security awareness training program includes these four steps: 1) Assessing your needs and developing content. 2) Schedule and deliver training. 3) Test your training effectiveness. 4) Track staff and take appropriate action.

Here are the details on each phase.
Jan 3, 2018 Gamification - the safe road to cybersecurity awareness and training Enterprise Innovation Magazine Game-based training can help enterprises understand the key cybersecurity challenges and opportunities. These interviews with top global leaders point out trends in gamification and raising overall cybersecurity awareness of staff.
Dec 20, 2017 Why Phishing Alone is Not Enough Awareness Training Infosecurity Magazine Phishing simulations are great, but not nearly enough. While phishing simulations are often perceived by the targeted staff as a form of entrapment, with negative consequences if an employee falls for the trap, holistic security training offers engaging, interactive content offered in brief, frequent and focused lessons that teach staff things they don’t already know.
Dec 20, 2017 Creating a culture of security: Part 2 CSO Magazine online There are practical steps that security leaders can take in creating a culture of security awareness with their staff. In part, this article describes some steps that can help with people, process and technology.
Dec 19, 2017 78 Percent of U.S. Healthcare Providers Were Hit by Email Cyber Attacks in 2017 The vast majority of healthcare organizations received some unwanted email that caused harm in 2017. By training staff in security procedures and following these helpful steps, such as analyzing inbound attachments, healthcare organizations can lower their cyber risk.
Dec 8, 2017 Training Employees to Avoid Healthcare Data Security Threats Healthcare employees need ongoing, effective cybersecurity training to avoid potential data security threats. Here are seven steps and ways to make that happen and ensure that you are also HIPAA-compliant.
Nov 22, 2017 Getting Personal About Cybersecurity Inside Higher Ed Representatives from the University of Massachusetts at Amherst shared how they leveraged students’ love of social media and personalized content like pet pictures to help train them on good cyber hygiene. Training needs to be different – even fun to capture attention.
Nov 21, 2017 Microsoft warns: Bogus Apple, Windows tech support sites open your phone app ZDNet The FTC has caught tech-support scammers conning innocent users into providing system access and demanding money to repair problems. Watch out for boxes popping-up asking you to call phone numbers to help resolve Apple or Windows PC problems.
Nov 17, 2017 National Cyber Security Awareness Month Does Not Stop in October Tap Into Franklin Township A nice recap of the National October Cybersecurity Awareness Month Themes and top messages and audiences. These tips apply year-round, so let’s not forget them.
Nov 9, 2017 This phishing attack pretends to be from someone you trust ZDNet An invoice that appears to be from a trusted partner. But is it? Watch-out for these tricks that bad guys use to scam you. Phishing is getting more sophisticated and everyone needs to be alert.
Oct 19, 2017 Your Security Awareness Program Stinks. Here’s Something You Can Do About It Security Intelligence If you think your security awareness training is boring a waste of your time, you are not alone. Training is not good, just because it comes from the security team. Some potential answers include brining in engaging training from the outside that changes the culture and is more effective with examples that relate to all aspects of life.
Oct 10, 2017 Awareness training is key to reducing security risk CSO Online Enterprises already use firewalls and other cybersecurity tools to stop hackers, but end user security awareness training is a key element of any successful cybersecurity defense strategy. Organizations must influence employee attitudes as well as intentions and measure the effectiveness of training with staff. Efforts must be made to address more than just phishing and changing passwords, and include the latest techniques used by hackers to commit cybercrime.
Oct 6, 2017 Cyber security awareness month: Training doesn’t always have to be serious IT World Canada Humor can go a long way towards making security awareness training more effective. There are many ways to make training memorable, and engaging, fun training can certainly make a positive difference and a lasting impression.
Sep 29, 2017 Small Business Security (Pt. 1): Employee Security Awareness Business to In order to have good cyber hygiene and protect the business from online threats, every small business needs to train staff regarding threats and potential fraud and scams. If businesses fail to plan, they will certainly fail, and this article contains a checklist of things to look out for and implement regarding online activity.
Sep 29, 2017 Campaign Advice for CISOs for Cybersecurity Awareness Month IT World Canada Security leaders to grab the attention of all staff and make October 2017 a month where cyber risk is reduced. Cyber awareness training can be tough to measure, but it is like health and safety. Everyone can play a vital role and be involved and dedicated to improve protections for the good of the company and to help individuals.
Sep 22, 2017 Cybersecurity awareness and training is everyone's business The Hampton Roads Business Journal There are many types of business fraud and online theft that companies must address, but keeping information safe is everyone responsibility. Security awareness and training is one of the 22 categories in the National Institute of Standards and Technology’s Cybersecurity Framework, and effective training that supports a safe online culture will offer year-round activities to keep cybersecurity top of mind for everyone.
Aug 23, 2017 How small businesses should invest in cyber security The Daily Telegraph (UK) Even small businesses need to invest in security for their staff. The average cost of a small business data breach is over $4,000, but there are steps you can take, including building a culture of security awareness with items such as instilling a sense of responsibility in your staff around passwords, software updates and navigating the internet with the right habits and an understanding of online risks.
Aug 17, 2017 Protecting Against Spam and Phishing Attacks With a Layered Approach to Email Security Security Intelligence Website Protecting organizations from unwanted emails require a layered approach that starts with SPAM control and monitoring. Other layers include: email scanning from external sources, perimeter protection, internal network solutions and end devices protections. Finally, end users must be trained and tested on phishing attacks.
Aug 2, 2017 Increased cyber awareness must lead to equivalent action CSO Magazine Australia Recent online attacks from the WannaCry ransomware and Petya (or sometimes called NotPetya) malware must lead to employee actions and changes in behavior. Every global organization needs an effective security awareness training program which is one critical component of business due diligence.
July 19, 2017 Training helps keep Show Me State workers aware of cyberthreats American City & County Missouri has moved to engaging, interactive online security lessons for their staff, and the results have been outstanding. Mike Roling, the State CISO, said “Our end users have become the best detection system that we have in our security stack. As we have been making them more aware, they are uncovering more,” Roling says. “Our end users are not afraid to let us know about concerns they are finding. Security Mentor has really brought down any communication barrier there may have been in the past.”
July 13, 2017 Three core elements of a security awareness training program Both annual training and monthly refreshers are important elements in end user security awareness training programs. In addition, employees should be tested to see if they are putting their learning into practice, according to one cybe3 expert.
July 10, 2017 Creating the Right Perception for Security Awareness Training Infosecurity Magazine Security awareness training should be a positive experience and not a penalty in order to be effective. While just-in-time training can sometimes help, fear should be an appetizer and not the main course in order positively impact the culture in the long-term.
June 22, 2017 7 elements of a successful security awareness program CSO Magazine Australia Here is a good checklist of important steps to making Security Awareness Training (SAT) successful. It starts with executive buy-in and partnering with relevant content. You can also incentivize and measure your success with metrics to help.
June 14, 2017 Internal Audit’s Critical Role in Cybersecurity Accounting Most organizations have security policies, procedures and plans, but are managers following through on their promises? Internal audit must help bring all sides together to ensure communication, coordination and collaboration to all levels of management.
June 2, 2017 The Trouble if Security Awareness Training Is Mainly a Penalty Government Technology Magazine Security awareness training (SAT) should be positive, proactive and include all employees. By offering game-based learning techniques that teach people things they don’t already know, a positive security culture will develop. However, some organizations are using traditional “just in-time training” techniques to punish employees and force those who make online mistakes to take security training. This is a troubling trend which undermines the benefits of SAT and hurts an organization’s culture of security.
June 1, 2017 Three cybersecurity answers bankers and directors should know Cincinnati Business Courier Business leaders need to become much more familiar with cyber risks in their organizations. What are the means and methods used by attackers and what can be done to mitigate cyber attacks? In the article is a checklist of things you need to know along with list of recommended actions. Included on the list is cyber education for staff regarding technology resources.
May 29, 2017 Stop making these silly mistakes when it comes to cyber security SecurityBrief Australia From email to social media to passwords, the story provides a list of mistakes to watch out for and actions to take to protect yourself in cyberspace.
May 26, 2017 Security Awareness: Three Lessons From Health Campaigns Security Intelligence Three lessons taken health campaigns that apply to security awareness are discussed in this article. 1. Organizations should stop looking at cybersecurity awareness “like a set of quarterly sales figures to achieve, or worse, a short-term initiative to reprogram their employees.” Security awareness is about changing culture, which in the long-term changes behavior. 2. Behavioral health campaigns have been teaching people for years the importance of washing their hands in order to prevent the spread of germs. Likewise, employees need regular reminders about security hygiene. 3. Peer pressure is effective at changing behavior long-term.
May 23, 2017 Companies Believe Coffee Shops Present Biggest Threat To Be Hacked International Business Times In a recent survey, 93% of companies in the US. UK, Germany and France are worried about mobile security, with many more companies saying they are “very concerned” in 2017 as compared to 2016. On the top of the list is WiFi security in coffee shops and other public places like airports. The report also noted that “much of the protection comes from companies educating their workforce about threats and providing them the necessary tools to combat them.”
May 3, 2017 Google Docs phishing scam spreads widely, reportedly shut down quickly Silicon Beat More and more cyberattacks are going after the weakest link – organization employees. “That phenomenon was showcased May 3 in a widespread phishing attack that saw Google users hit with fake prompts to open a Google Docs document purportedly shared by someone they knew.” “That access can give attackers data for stealing identities, then plundering bank accounts or committing other financial crimes.”
March 21, 2017 Security Awareness Training: Doing It Right Nemertes Research A Virginia-based government cyber security contracting firm recently fell victim to a phishing email attack. According to Nemertes Research CEO, Johna Johnson, “If it can happen to a cybersecurity company, it can happen to yours. Since the weakest link in infosec security is almost always the human link, the best defense against attack is a security-aware culture that permeates the entire organization. Security awareness training is the key to creating that culture, and spreading the security team’s culture outward to every member of the organization.”
March 15, 2017 Becky Bace's passing hits cybersecurity community hard SC Media “The security industry today is mourning the death of security expert, mentor and Infidel President/CEO Rebecca “Becky” Bace, who passed away Tuesday.” Security Mentor doesn’t usually don’t add personal comments to the security awareness news stories, but today is an exception. We lost a dear friend and trusted advisor when Becky passed. Becky’s expert knowledge, visionary outlook, and generosity touched many in the security community, including us. We pay tribute to the lasting impact that her life has had and will continue to have on cyber security.
March 15, 2017 Many smartphone owners don’t take steps to secure their devices PewResearchCenter A Pew Research Center report found smartphone owners aren’t taking the most basic steps for security. Twenty-eight percent (28%) of users don’t use a screen lock; and 40% only update their phone when convenient and 10% never update their phones. Many of these users also performed sensitive activities while using their phones connected to public WiFi potentially putting information at risk.
March 6, 2017 Fraudsters Step Up Their Game During March Madness Like tax season and other seasonal events, hackers are using March Madness to steal your confidential information.Like tax season and other seasonal events, hackers are using March Madness to steal your confidential information. Like tax season and other seasonal events, hackers are using March Madness to steal your confidential information. Like tax season and other seasonal events, hackers are using March Madness to steal your confidential information.A surge in cyber attacks will occur as the hype promoting March Madness rises and the number of people participating in NCAA brackets and betting pools increases, matched by an even larger number of new financial scams and phishing attacks. Cyber security experts discuss the importance of security awareness training in protecting against these attacks. Tips are provided on what March Madness fans should look out for and how to protect themselves.
March 6, 2017 5 things to know about cyber security in healthcare — and what CEOs (aren't) doing about it Becker’s ASC Review CEOs, although concerned about cyber security aren’t taking actions according to PwC's 20th Annual Global CEO Survey. According to the survey, “Sixty-one percent of healthcare CEOs ranked cyber security as the No. 2 risk to stakeholder trust, but just 48 percent of healthcare CEOs are taking action to resolve cyber security issues.”
February 21, 2017 Security Awareness Training is Essential for Small Businesses Entrepreneur Magazine Ponemon Institute research found that human error is responsible for approximately 80 percent of all business data leaks. Careless employee mistakes can result in big problems. That is why it is imperative for owners of small business to teach security awareness.
February 9, 2017 Gartner and industry experts on the booming market for security awareness training CSO Magazine Online The security awareness market was estimated to be $1 billion in 2014 by Andrew Walls, Research Vice President at Gartner. A new report from Gartner Cybersecurity Ventures predicts the market can be worth $10 billion by 2027. Lawrence Pingree, Research Vice President at Gartner, explains that “Training employees on security will immediately bolster the cyber defenses of most companies.” If done right, security awareness training can provide excellent ROI for large enterprises. Robert Herjavec, CEO of the Herjavec Group agrees, stating it is the responsibility of each company to train their staff.
February 6, 2017 How con artists are changing tactics to steal identities CBS News Theft of personal information was up 16% in 2016 and account takeovers 40%. Electronic shoppers are two times more likely to experience fraud compared to those shopping in stores. Tips for protecting yourself online include: use two-factor authentication with online accounts, monitor all transactions, use account alerts, and limit social media sharing.
February, 2017 29,000 taxpayers affected by W-2 scams, IRS issues new warning CSO Online Business Email Compromise (BEC) attacks are on the rise. In these attacks, spear phishers, or phishers, forge an email pretending to be from a top executive in the victim's organization. It is usually sent to Human Resources or payroll requesting W-2 information for employees. And they work. As of February 5, 2017, 23 organizations revealed that they had BEC-related data breaches resulting in compromised W-2 data. The IRS has already announced it will delay refunds to taxpayers to combat identity theft.
February, 2017 Your Vizio TV Spied On You And Reported What You Watched Forbes The Federal Trade Commission (FTC) announced TV Vizio has been collecting billions of data points from the millions of TVs it sold since 2014. Vizio could determine exactly what was being watched. The data was collected without user's knowledge or permission. Vizio, owned by the Chinese firm LeEco, will pay $1.5 million to the FTC to settle the matter and $700,000 to the state of New Jersey for a civil suit. Vizio will also stop collecting data without gaining consent.
January, 2017 The Most Common Passwords of 2016 Keeper Security Keeper Security analyzed more than 10 million stolen passwords. 123456 is still the most common password and is employed by 17% of users. Of the 10 million passwords, the top passwords account for more than 50% of all passwords analyzed. To increase password security, website operators need to assume more responsibility to enforce password best practices.
December, 2016 August in November: New Information Stealer Hits the Scene Proofpoint A group known as TA530, is using social engineering email tactics to distribute malware in an attempt to steal files, login credentials and even steal money from cryptocurrency wallets. As phishing and social engineering campaigns become more effective, Proofpoint researchers recommend to educate your end users on how to identify and properly address emails that appear suspicious.
December, 2016 Backdoor vulnerabilities discovered in Sony IP cameras ZDNet A backdoor was discovered in over 80 different Sony IP camera models that can allow attackers to hijack vulnerable cameras, execute code, and spy on users. Additionally, attackers with physical access to the cameras can use serial ports to access log in.
December, 2016 Ransomware attacks against businesses increased threefold in 2016 CSO Online Ransomware attacks against business increased by three times in 2016. One in every 5 businesses were targeted worldwide. Attacks were launched at one every 40 seconds. One-third of the businesses paid the ransom, but one-fifth of those businesses never got their data back.
October, 2016 How Hackable is Your Smart Enterprise? ForeScout ForeScout released an IoT Enterprise Risk Report that included IoT security tips for enterprises. Findings include 65% of enterprises have actively deployed IoT technologies as of June 2016 and by 2018, two-thirds of enterprises will experience IoT security breaches. Key findings were seven IoT devices could be hacked in three minutes. Once hacked, hackers can then plant backdoors in the device to launch further attacks. Some IoT devices have the potential for causing disastrous impacts to the enterprise.
September, 2016 Data breaches: This time it's more personal NetworkWorld Identity theft was the leading type of data breach in the first half of 2016, according to a report by Gemalto. Data breaches are shifting to stolen identities from stolen credit card data and financial information. Despite the breaches, apathy from consumers and enterprises abounds. The solution is encryption. Less than 4% of all data breaches involved data that was encrypted in part of full.
July, 2016 Careless employees remain the biggest security threat in 2016, study shows Bitdefender In a study by BitDefender, 81% of respondents said that negligent or careless employees were their greatest security threat. This was up from 78% in 2015.
June, 2016 Fasoo and Ponemon Institute Study Reveals That Employees Still Present the Highest Security Risk to Organizations Ponemon Careless employees were the greatest cause of data breaches (56%). Seventy three percent of organizations thought it was likely some confidential information was lost in the past 12 months.
June, 2016 Laptop Theft May Have Exposed PHI of 400,000 Current or Former California Inmates healthcare informatics A non-encrypted laptop belonging to an employee of the California Correctional Health Care Services was stolen and may expose 4000,000 patients over an 18-year period.
May, 2016 MySpace hack puts another 427 million passwords up for sale ZDNet Time Inc. reported 427 million passwords were stolen from MySpace, the aging social media site it purchased three months earlier. A hacker posted them for sale on the dark web. This breach was tied to a 2013 hack.
April, 2016 Verizon's 2016 Data Breach Investigations Report finds cybercriminals are exploiting human nature PRNewswire Verizon's 2016 Data Breach Investigations report found cybercriminals are relying on exploiting human nature in their attacks. The use of weak, default, or stolen passwords were involved in sixty-three percent of breaches. Phishing remains the top concern with 30 percent opening phishing messages and increase of seven percent from 2015. Thirteen percent clicked on phishing links or malicious attachments. Twenty-six percent of miscellaneous errors were people sending sensitive information to the wrong person.
February, 2016 Cyber security megatrends and what you can do Telestra Corporation Limited [AU] Forty-five percent of Asia Pacific businesses surveyed experienced even more business-interrupting incident in 2015.
April, 2015 User mistakes aid most cyber attacks, Verizon and Symantec studies show Reuters Technology Reports by Verizon and Symantec find that the majority of hacker attacks are successful because of mistakes by end users. Phishing emails continue to be so successful that even sending 10 emails will result in 90% infection rate.
April, 2015 Global cyberattacks on big business up 40 percent in 2014 CNBC Cybersecurity Cyber criminals increased attacks against big businesses by 40% in 2014; attacks against SMBs increased 26 and 30 percent, respectively. Oil & gas was the most targeted industry, followed by manufacturing, transportation, and communication. Ransomware also increased by 113%.
March, 2015 Michigan Works to Thwart Barrage of Cyberattacks CBS Detroit David Behen, the State of Michigan's Chief Information Officer (CIO) and Director of the Department of Technology, Management and Budget, said there are 540,000 daily attacks. Behen explained, "We are only as strongly as our weakest link," which is why the state has focused on cyber awareness training for the state employees, starting in 2012.
February, 2015 Massive Data Breach Forbes Hackers broke into Anthem's data servers resulting in the potential exposure of nearly 80 million Anthem customers. If confirmed, this would be the largest health care related data breach in history. "Anthem's President and CEO Joseph R. Swedish revealed his own personal information was accessed during the data breach ..."
February, 2015 Hacked Hotel Phones Fueled Bank Phishing Scams Krebs on Security Brian Krebs writes about how fraudsters have been sending mass mailings of phishing messages targeting mobile users. The message warns recipients about "problems with their bank account" and provides a number to call, which then prompts for credit card information.
January, 2015 Target Breach Had Massive Impact on Cyber Security Awareness eSecurityPlanet A Ponemon study found that 50 percent of organizations conducted training and awareness activities in response to large data breaches that occurred in 2014. And the news doesn't get any better, 2015 is predicted to be as bad or worse than 2014.
August, 2014 Personal Devices and Security: Keep Data Secure and Employees Happy MSPMentor Employees are expected to continue their work responsibilities when out of the office. Eighty-one percent use personal devices to email, access, and share company information. Yet an astounding seventy-one percent download and share documents without IT authorization. Even more astounding is that employees in highly regulated industries circumvent security requirements; this was found in 78% of the financial institutions studied, 78% of the legal services, and 88% of the professional services. Many employees don't understand the risks if data is leaked.
May, 2014 US cybercrime: Rising risks, reduced readiness. Key findings from the 2014 US State of Cybercrime Survey PwC "The merit of awareness programs is quite clear: 42% of respondents said security education and awareness for new employees played a role in deterring a potential criminal, among the highest of all policies and technologies used for deterrence." "The financial value of employee awareness is even more compelling. Organizations that do not have security awareness programs -- in particular, training for new employees -- report significantly higher average financial losses from cybersecurity incidents."
March 26, 2014 Six clicks: How hackers use employees to break through security walls ZDNet Employees are the most vulnerable point of hacker attacks. Attacks target employees in many ways: phishing attacks, attacks on mobile devices while traveling, theft of data over WiFi, and use compromised storage devices. Employee awareness could save millions in the race to prevent cyber theft.
March 7, 2014 The Final Countdown - Windows XP end of support popup has started Naked Security from Sophos Microsoft XP will reach end of life on April 8, 2014. After that date, security patches and support will no longer be available, leaving vulnerabilities open to be exploited forever.
February 9, 2014 Highly Sensitive Barclays Customer Data 'Stolen and Sold' BBC According the BBC, The Mail reported that a whistle blower had been given them a Flash drive with the stolen personal data of 2,000 Barclays customers. Apparently, another 25,000 records were also available. The information was said to be highly sensitive including personal, health, insurance and financial data.
January 29, 2014 Social Engineering Attack Led to Theft of Twitter Account eWeek A social engineering attack on a GoDaddy phone representative allegedly resulted in the theft of a user's domains hosted at GoDaddy. The attacker then extorted the user into giving up his Twitter handle to get his domains back.
January 21, 2014 Worst Passwords See Little Change in 2013 SplashData The three most common passwords in 2013 were 123456, password, and 12345678, according to password management company SplashData. These same three passwords topped last year's list as well.
January 10, 2014 Target data breach could expand to 110 million CNET Target announced that the personal information of as many as 70 million additional customers was stolen. Personal information stolen included names, mailing addresses, phone numbers, and email addresses. In December 2013, Target had already revealed that 40 million credit and debit card numbers had been stolen.
October 2013 EY Global Information Security Survey 2013 EY Global Information Security Survey 2013 According to the EY Global Information Security Survey 2013, more emphasis needs to be placed on security awareness and training, a key component of continuous improvement activities.
July 12, 2013 FBI warns of surge in spear-phishing attacks against multiple industries The Federal Bureau of Investigation (FBI) Multiple industry sectors continue to see elevated spear-phishing attacks. Cyber criminals target individuals in industries or organizations that they want to attack. The spear-phishing messages often contain accurate information about the targeted victim that has been gleaned from postings on social networking sites, blogs, or other websites. The FBI advises not to follow links when you don't know the sender and to keep anti-virus, firewall, and browser software updated.
Jul. 2, 2013 131 incidents resulted in the sensitive information of 2.5 million Californians being exposed Silicon Valley The State of California released its first data breach report. In 131 incidents, 2.5 million Californians had sensitive information breached including Social Security, credit card, and bank account numbers. Most breaches occurred in 2012. Data breaches occurred in the commercial, government, education, and non-profit sectors.
June 21, 2013 Facebook bug inadvertently exposes private information of 6 million users Reuters A bug in Facebook's code exposed the email addresses and phone numbers of 6 million users. Facebook users who downloaded contact data for their friends, inadvertently also downloaded private information. Users were notified of the bug via a message on the Facebook website. The bug was fixed within 24 hours. In a released message at the time of the breach, Facebook stated it was not aware of any wrongdoing or anomalous behavior related to the data breach.
June 10, 2013 Data breaches reach all time high; tied closely to consumer fraud Javelin Strategy & Research According to a Javelin Strategy & Research report, a single data breach can result in billions of dollars in consumer fraud. If you are a data breach victim, the odds of also becoming a fraud victim are 23%. This comes at a time when the number of data-breaches in 2012 reached an all-time high, increasing 48% over the previous year.
May 27, 2013 Crackers ability to break passwords highlights need for stronger passwords Ars Technica Ars Technica provided three cracking experts with a list of more than 16,000 cryptographically hashed passwords. In less than one hour, they cracked 82% of the passwords. According to one of the crackers that meant 13,000 people did not choose good passwords. The article further stated: "The prowess of these three crackers also underscores the need for end users to come up with better password hygiene. Many Fortune 500 companies tightly control the types of passwords employees are allowed to use to access e-mail and company networks, and they go a long way to dampen crackers' success."
May 10, 2013 Violent crimes being driven by theft of smartphones and tablets Computerworld Across the United States, mobile phone theft is at rampant levels, many thefts are at gun point, knife point or by brute force. From November 2012 to April 2013, 41% of thefts in San Francisco were related to cellphone or tablets theft. Users are advised to use a password, screen lock, and software that can remotely track or wipe a stolen device.
Feb. 14, 2013 Default passwords vulnerability exploited resulting in fake Emergency Alert System warning of zombie attacks Reuters Broadcasters were sent an urgent message by the FCC instructing them to change the default passwords on all Emergency Alert System equipment after hackers posted a zombie attack alert warning. Although no damage resulted from the hack, future attacks could prevent stations sending out real emergency alerts.
Jan. 18, 2013 Global Security Study recommends investing in information security training and awareness to address vulnerabilities Deloitte Touche Tohmatsu Limited (DTTL) The 2013 Technology, Media and Telecommunications Global Security Study by Deloitte "identified lack of employee awareness and third-party risks as top security vulnerabilities, suggests that TMT organizations should consider investing in information security training and awareness for their employees to help mitigate risks from new technologies."
Jan. 15, 2013 Phishing 59% higher in 2012 compared to 2011 Speaking of Security: The Official RSA Blog and Podcast The number of phishing attacks in 2012 increased by 59%, according to the official blog of security company RSA. The projected impact of these phishing attacks was $1.5 billion dollars in fraud damages.
Dec. 07, 2012 Data breaches frequent in healthcare organizations The Data Breach Press by ID Experts The Third Annual Benchmark Study on Patient Privacy & Data Security by the Ponemon Institute found that not only did 94% of healthcare organizations experience at least one data breach in the last two years, 45% had more than five.
Oct. 1, 2012 White House victim of spear phishing attack CNET News A White House official confirmed that in September there was a successful spear phishing attack targeting the White House. Although an unclassified computer network was accessed, no classified networks were breached and no damage was done, according to the official.
Sep. 16, 2012 Security Mentor champions the National Cyber Security Awareness Month Every October is National Cyber Security Awareness Month (NCSAM). All around the world events are put on to help increase cyber security awareness. Visit the website ( to find events or learn how you can become involved.
Sep. 9, 2012 SMS phishing attacks rise 913% Cloudmark Did you receive the following SMS message? "Fwd: Good Afternoon. Attention Required" If you did you aren't alone. In the first week of September (2012), SMS phishing attacks were up 913% with 500 unique attacks. The goal -- innovative new ploys to get people to reveal their sensitive bank and credit card information.
Sep. 5, 2012 One-third have lost or had their stolen mobile phones stolen PEW Internet Nearly a third of all mobile users had their device lost or stolen. And 15% had their private data accessed. The study further found that loss or theft was highest among younger users (18-24 years old), but otherwise results were fairly consistent across different types of mobile users.
Aug. 21, 2012 Passwords have never been weaker according to Ars Technica article Ars Technica In depth article describing why passwords are weaker today than ever before. Topics discussed include the proliferation of reused, easily broken passwords, password exposure due to website breaches, how some web sites are inadequately protecting user's passwords, and the success of password crackers.
Aug. 7, 2012 19% Increase in Data Breaches Reports GAO Federal Times The Government Accountability Office (GAO) reported to the United States Senate that federal data breaches of personally identifiable information increased almost 20% in 2011.
Mar. 20, 2012 Negligent insiders responsible for 39% of data breaches Symantec Negligent insiders were responsible for 39% of all data breaches according to businesses interviewed in the "2011 Cost of Data Breach Study: United States" Symantec-sponsored report by the Ponemon Institute.
Feb. 16, 2012 Identity theft and phishing lead IRS tax scams for 2012 United States Internal Revenue Service Each year the U.S. Internal Revenue Service issues a list of the top tax scams for the year called the "Dirty Dozen". For 2012, identity theft is the top scam, followed by phishing. In 2011, the IRS stopped more than $1.4 billion dollars from being stolen by identity thieves. The IRS reminds tax payers that it "does not initiate contact with taxpayers by email or request personal or financial information".
Feb. 13, 2012 PHI data breaches increased 97% in 2011; security awareness best vaccination according to Redspin Redspin Data breaches of protected health information (PHI) increased 97% in 2011 and have reached epidemic portions according to Redspin, a provider of penetration testing services and IT security audits. In their Breach Report 2011, Redspin examined 385 breached of PHI affecting 19 million records. The ending conclusion of the report: "Lastly, there is no better vaccination against a data breach than improving the security awareness of healthcare workers."
Jan. 18, 2012 Dr. Hugh Thompson discusses why the need for security awareness is bigger than ever. Help Net Security Dr. Hugh Thompson, Program Committee Chair for RSA Conferences and Chief Security Strategist, spoke in a Help Net Security podcast about why the need for security awareness is now bigger than ever. Dr. Thompson states "security is coming more and more down to the little decisions that every single employee makes every single day". He goes on to discuss the importance of security awareness training actively engaging users and the burden on information security professionals for education.