Expert(s):
Security Awareness Advocatefeature_status*/ ?>
KnowBe4

Comments Dotted : 69
March 03, 2021

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach
It is essential to conduct red team or pen testing exercises.

Within society, any time we provide any information about ourselves to another organization, there is an expected level of privacy. When data is provided to organizations for reward programs, the possibility of that organization being attacked and having data stolen is a risk.

 

Within an organization's robust security program, along with a layered defense within the network and environment for the protection of sensitive information, it is essential to conduct red team or pen testing

.....Read More

Within society, any time we provide any information about ourselves to another organization, there is an expected level of privacy. When data is provided to organizations for reward programs, the possibility of that organization being attacked and having data stolen is a risk.

 

Within an organization's robust security program, along with a layered defense within the network and environment for the protection of sensitive information, it is essential to conduct red team or pen testing exercises. This activity provides the opportunity to discover weaknesses and take corrective actions to reduce the risk of an attack. 

 

When working with third-party organizations for providing services, it is vital to conduct the necessary audits and periodic reviews to ensure that the third party is not the weakest link in your security chain.

  Read Less
February 26, 2021

NPower Shutsdown App After Hackers Steal Customer Bank Info
Organizations want to implement a robust security culture to inform users of the importance of unique passwords.

We all know it's easier to remember one style of password or one password for all of our accounts. However, cybercriminals are fully aware of this and use passwords stolen from other data breaches to access various user accounts. While phishing and other attack vectors involve more analysis and security measures, credential stuffing is something that we as individuals can fix ourselves.

 

There are free monitoring services available, like HaveIBeenPwned.com, where you can find out if your email

.....Read More

We all know it's easier to remember one style of password or one password for all of our accounts. However, cybercriminals are fully aware of this and use passwords stolen from other data breaches to access various user accounts. While phishing and other attack vectors involve more analysis and security measures, credential stuffing is something that we as individuals can fix ourselves.

 

There are free monitoring services available, like HaveIBeenPwned.com, where you can find out if your email is known to be involved in a previous data breach. Keeping track of your passwords in a password vault is the first step toward protecting your accounts. The second step is to always change that password when it has been compromised in a data breach. The third step is to have unique and strong passwords for each account you create, reducing the likelihood of a credential stuff attack.

 

Finally, using multi-factor authentication or MFA, wherever provided by the organization, can add that extra layer of protection to an account. If the password is compromised, it is significantly more difficult for cybercriminals to gain access and expose a user's data. Organizations want to implement a robust security culture to inform users of the importance of unique passwords to reduce the risk of compromised accounts and the potential loss of stolen Personally Identifiable Information.

  Read Less
February 15, 2021

Security Expert Reaction On U.S CBP Uses Facial Recognition To Verify Travelers
In cybersecurity or physical security, organizations want to test and monitor their perimeters, whether electronic or physical.

Facial recognition over the past several years has been an active tool within various government groups, whether at the local, state, or federal level. Regarding CBP, their use has the citizen or visitor standing in front of them with their passport. By scanning the passport and using the facial recognition system, the agent can determine if the person is the right person or an imposter.  

Having no imposters come through in 2020 and with 23 million coming into the U.S. could be due to lockdowns

.....Read More

Facial recognition over the past several years has been an active tool within various government groups, whether at the local, state, or federal level. Regarding CBP, their use has the citizen or visitor standing in front of them with their passport. By scanning the passport and using the facial recognition system, the agent can determine if the person is the right person or an imposter.  

Having no imposters come through in 2020 and with 23 million coming into the U.S. could be due to lockdowns in various countries and restrictions on travel, which might have slowed imposters' progress to gain entry in the U.S. illegally.

While the report does not provide any data or audit results, it's unclear whether the Government Assurance Office (GAO) conducted any test with a "fake" imposter to see if they could bypass the CBP.  

In cybersecurity or physical security, organizations want to test and monitor their perimeters, whether electronic or physical. These audits can determine any areas of improvement and if the processes and procedures are operating as required.

  Read Less
January 13, 2021

Ubiquiti Urges Customers To Quickly Enable 2FA
Cybercriminals utilize various attack vectors to access organizations.

Cybercriminals utilize various attack vectors to access organizations. A primary example is via social engineering techniques such as phishing emails to employees or by leveraging third-party access through another organization. Organizations need to increase their third-party access procedures, training and technology to reduce the risk of attack by a third-party vendor.


Cybercriminals will continue to leverage attacks against smaller organizations to work their way into larger ones that are

.....Read More

Cybercriminals utilize various attack vectors to access organizations. A primary example is via social engineering techniques such as phishing emails to employees or by leveraging third-party access through another organization. Organizations need to increase their third-party access procedures, training and technology to reduce the risk of attack by a third-party vendor.


Cybercriminals will continue to leverage attacks against smaller organizations to work their way into larger ones that are already authorizing the users. For all third-party access, organizations want to monitor all access, machine to machine communications and any interactive user sessions. When an interactive user is accessing your organization, multifactor authentication (MFA) is crucial to further reduce the risk of lost passwords or a compromised third party. Supply chain and third-party attacks are rising, especially with the recent data breaches discovered in December.

  Read Less
November 18, 2020

Experts Insight On Web Hosting Giant Managed.com Hit By Ransomware And Taken Offline
All communications should be internally authorized before making them public.
It's essential to have documented procedures for handling various incidents and responses to support an event within any organization. These repeatable, established procedures should include communication paths and outlined responsibilities for all people involved in the incidents, whether it's an endpoint system infected with malware or an enterprise server environment compromised by ransomware. It can damage the brand, reputation and possible bottom-line revenue if an outage source is not.....Read More
It's essential to have documented procedures for handling various incidents and responses to support an event within any organization. These repeatable, established procedures should include communication paths and outlined responsibilities for all people involved in the incidents, whether it's an endpoint system infected with malware or an enterprise server environment compromised by ransomware. It can damage the brand, reputation and possible bottom-line revenue if an outage source is not transparent to an organization’s customers. All communications should be internally authorized before making them public to avoid any confusion or concern by those who might use the victimized organization's product or service.  Read Less
November 11, 2020

Security Expert Re: Scammers Impersonate IRS, Threaten Legal Action As Tax Payment Deadline Looms
Emails will leverage topics similar to late tax payments or cases entered in court with fake case numbers.
One of the lures of social engineering scams is the use of fear. Cybercriminals will create an email profile to appear to be from a government agency to help strike fear into the victim. Emails will leverage topics similar to late tax payments or cases entered in court with fake case numbers. In fear of prosecution, the victim will write a check or submit payment to the cybercriminals and, unfortunately, learn when it\'s too late that it was all a scam. The IRS and other government agencies.....Read More
One of the lures of social engineering scams is the use of fear. Cybercriminals will create an email profile to appear to be from a government agency to help strike fear into the victim. Emails will leverage topics similar to late tax payments or cases entered in court with fake case numbers. In fear of prosecution, the victim will write a check or submit payment to the cybercriminals and, unfortunately, learn when it\'s too late that it was all a scam. The IRS and other government agencies will not contact you to request payment through email. If they do, it is usually through certified mail.  Read Less
November 05, 2020

Cyber Experts Comment On Bitdefender Report: The ‘New Normal’ State Of Cybersecurity
Keeping the external systems current with the latest software significantly reduces the risk of a successful attack.
All organizations must have a robust security program that includes a repeatable change management program to keep up to date on known vulnerabilities. Without up-to-date patching, it's an easy attack vector for cybercriminals, nation-states, and a beginning hacker to scan the internet to find network devices that are not up to date. Having vulnerabilities exposed to the internet is like leaving the front door unlocked to your house when you go away on vacation. While you might be able to stop .....Read More
All organizations must have a robust security program that includes a repeatable change management program to keep up to date on known vulnerabilities. Without up-to-date patching, it's an easy attack vector for cybercriminals, nation-states, and a beginning hacker to scan the internet to find network devices that are not up to date. Having vulnerabilities exposed to the internet is like leaving the front door unlocked to your house when you go away on vacation. While you might be able to stop them from stealing your essential items with an alarm system, the bad guys have been able to break in and could get away with valuables. Keeping the external systems current with the latest software significantly reduces the risk of a successful attack and the potential damage to the brand, revenue, and resources. For all employees working remotely, it's critical to have a policy for all workers to utilize a VPN connection from their homes to the office to reduce any risk from other devices on the employee's home network attempting to access corporate devices. Having a robust security awareness training program that will educate employees to spot phishing emails will reduce the risk of a business email compromise attack. This training can ensure that employees can make smarter security decisions and protect an organization from various cyber-attacks.  Read Less
October 29, 2020

Expert Reacted On Microsoft Says Iranian Hackers “Phosphorus” Targeted Conference Attendees
All organisations should have a robust security awareness training program to ensure that employees can make smarter security decisions.
The mailing lists for previous conferences could have been collected via a data breach or other theft, and the cybercriminals are using those lists to target the users specifically. The user may feel more relaxed and not scrutinise the email, as it appears to come from a trusted source; especially if he/she had previously attended the conference. End users receiving these types of emails will want to make sure they know the social engineering scams and techniques used by cybercriminals to.....Read More
The mailing lists for previous conferences could have been collected via a data breach or other theft, and the cybercriminals are using those lists to target the users specifically. The user may feel more relaxed and not scrutinise the email, as it appears to come from a trusted source; especially if he/she had previously attended the conference. End users receiving these types of emails will want to make sure they know the social engineering scams and techniques used by cybercriminals to engineer them to fall victim to these attacks. All organisations should have a robust security awareness training program to ensure that employees can make smarter security decisions like recognising a spear-phishing email and taking the necessary actions to protect an organisation from various attacks.  Read Less
October 29, 2020

Security Blueprints Of Many Companies Leaked In Hack Of Swedish Firm Gunnebo – Experts Reaction
They can discover these systems and publicly known vulnerabilities, which helps them gain access to an organization.
When it comes to ransomware attacks, it's important to note that the data encryption process is the last stage of the attack. The cybercriminals have already been in your network and will have either stolen the data or encrypted it. These days, most ransomware attacks involve stealing data. Cybercriminals are increasing their ransomware attacks while leveraging exploits against unpatched and insecure devices that organizations have connected to the internet. They can discover these systems and .....Read More
When it comes to ransomware attacks, it's important to note that the data encryption process is the last stage of the attack. The cybercriminals have already been in your network and will have either stolen the data or encrypted it. These days, most ransomware attacks involve stealing data. Cybercriminals are increasing their ransomware attacks while leveraging exploits against unpatched and insecure devices that organizations have connected to the internet. They can discover these systems and publicly known vulnerabilities, which helps them gain access to an organization. It is becoming more vital for organizations to have a defense in depth security program which can protect, monitor, and act quickly to any cyber attack. If they discover a ransomware attack in progress and prevent or stop the attack from happening, it's critical to understand that the criminals have been in the system and have possibly already stolen important information from the organization. Technology is instrumental when matched with human involvement. Having a robust security awareness training program to ensure that employees can make smarter security decisions will help to protect an organization from various attacks.  Read Less
October 26, 2020

Experts Reacted On Massive US Voters And Consumers Databases Circulate Among Hackers
Cybercriminals could generate spear phishing emails appearing to be sent from a particular political party's candidate.
During voting season, being able to assemble an extensive database of the population of the United States of America's citizens is undoubtedly going to generate a lot of buzz on the dark web and make a lot of money for those who compiled the list when sold. With this kind of information readily available, cybercriminal groups will leverage this information, intimidate voters into not voting or use other social engineering tactics to get users to fall victim to phishing or vishing attacks......Read More
During voting season, being able to assemble an extensive database of the population of the United States of America's citizens is undoubtedly going to generate a lot of buzz on the dark web and make a lot of money for those who compiled the list when sold. With this kind of information readily available, cybercriminal groups will leverage this information, intimidate voters into not voting or use other social engineering tactics to get users to fall victim to phishing or vishing attacks. Cybercriminals could generate spear phishing emails appearing to be sent from a particular political party's candidate with disconcerting information to dissuade a voter from voting for the other party's candidate. With this information available to cybercriminals, there could be an immense number of phishing or social engineered emails sent to the American public. These emails will manipulate the user with fear or curiosity to take specific actions that he/she otherwise might not take and change his/her vote or click a link and be attacked by cybercriminals.  Read Less