In response the SANS cybersecurity training organization’s disclosure of a data breach in which approximately 28,000 records of PII were forwarded to an unknown external email address as a result of a phishing attack, a cybersecurity expert offers perspective and recommendations.
Experts Comments
The SANS Institute data breach demonstrates that no organisation is exempt from cyber attacks.
The SANS Institute data breach demonstrates that no organisation is exempt from cyber attacks. Security awareness training is fundamental to tackling phishing attempts but this needs needs to be continually implemented, ensuring employees are aware of the latest threats. It should not be a one-off instance. Individuals should also apply the S-T-O-P principle: (1) Stop- (2) Take a Deep Breath- (3) Opportunity to Think- (4) Put the email into Perspective and report the phish. Moreover,.....Read More
Phishing attempts often use the name of someone they know (a colleague or friend, for example) but with the wrong domain address.
It is ironic and disappointing to see this happen to a cybersecurity training organisation, but not all that surprising. The majority of breaches like this are through employee error within companies. Phishing attacks are becoming increasingly sophisticated in the ways that they masquerade as legitimate sources and while anti-phishing software can help stop many of them, others will always get through. Equipping employees with the skills they need to prevent breaches is absolutely essential for .....Read More
Companies must limit the amount of employees who have access to personal information to reduce the possibility of a breach.
Phishing scams remain extremely common, and this latest breach shows that cyber criminals are not even afraid of cyber security institutes when targeting organisations. Clever spear phishing attempts are designed to deceive even those who are aware of them; in the moment when reading something which mounts pressure on you to verify or give up information, it can be easy to trip up and overlook a scam with no obvious clues.
Verifying emails has never been more important, and remains your best.....Read More
On July 17th Emotet returned with a vengeance from the hiatus they had been on since February.
This goes to show that no organisation is immune to cyber attacks, in particular phishing. Not even an organisation as trusted and qualified as SANS. Malicious actors with a variety of different motivations are known to engage in this sort of activity. They may also have been planning a BEC (or ATO) type of scam, such as a wire fraud. Or they may have been looking to utilise the account to launch further malware attacks against SANS itself or other organisations by leveraging the account. One.....Read More
Attackers will now gradually focus their attention on cybersecurity companies and organizations to get their clients' privileged information.
I don’t think that we should hold SANS accountable to the same standard of security and data protection as we impose on, let’s say, financial institutions and other highly regulated industries. Otherwise, their training would become exorbitantly expensive and few organizations will be able to afford them, causing a domino effect of global insecurity and poor awareness. Like many others, SANS seems to fall victim to unforeseen work from home (WFH) measures that have undermined many security.....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Chloé Messdaghi, VP of Strategy, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Every company needs to be alert for signs that they’re not sufficiently investing in their teams...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cybersecurity-expert-reacted-on-latest-sans-data-breach
Facebook Message
@Chloé Messdaghi, VP of Strategy, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Every company needs to be alert for signs that they’re not sufficiently investing in their teams...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cybersecurity-expert-reacted-on-latest-sans-data-breach