

James McQuiggan
Security Awareness Advocatefeature_status*/ ?>
KnowBe4
Comments Dotted :
66
January 13, 2021
Cybercriminals utilize various attack vectors to access organizations.
Cybercriminals utilize various attack vectors to access organizations. A primary example is via social engineering techniques such as phishing emails to employees or by leveraging third-party access through another organization. Organizations need to increase their third-party access procedures, training and technology to reduce the risk of attack by a third-party vendor.
Cybercriminals will continue to leverage attacks against smaller organizations to work their way into larger ones that are

November 18, 2020
All communications should be internally authorized before making them public.
It's essential to have documented procedures for handling various incidents and responses to support an event within any organization. These repeatable, established procedures should include communication paths and outlined responsibilities for all people involved in the incidents, whether it's an endpoint system infected with malware or an enterprise server environment compromised by ransomware.
It can damage the brand, reputation and possible bottom-line revenue if an outage source is not.....Read More

November 11, 2020
Emails will leverage topics similar to late tax payments or cases entered in court with fake case numbers.
One of the lures of social engineering scams is the use of fear. Cybercriminals will create an email profile to appear to be from a government agency to help strike fear into the victim. Emails will leverage topics similar to late tax payments or cases entered in court with fake case numbers. In fear of prosecution, the victim will write a check or submit payment to the cybercriminals and, unfortunately, learn when it\'s too late that it was all a scam.
The IRS and other government agencies.....Read More

November 05, 2020
Keeping the external systems current with the latest software significantly reduces the risk of a successful attack.
All organizations must have a robust security program that includes a repeatable change management program to keep up to date on known vulnerabilities.
Without up-to-date patching, it's an easy attack vector for cybercriminals, nation-states, and a beginning hacker to scan the internet to find network devices that are not up to date.
Having vulnerabilities exposed to the internet is like leaving the front door unlocked to your house when you go away on vacation. While you might be able to stop .....Read More

October 29, 2020
All organisations should have a robust security awareness training program to ensure that employees can make smarter security decisions.
The mailing lists for previous conferences could have been collected via a data breach or other theft, and the cybercriminals are using those lists to target the users specifically. The user may feel more relaxed and not scrutinise the email, as it appears to come from a trusted source; especially if he/she had previously attended the conference. End users receiving these types of emails will want to make sure they know the social engineering scams and techniques used by cybercriminals to.....Read More

October 29, 2020
They can discover these systems and publicly known vulnerabilities, which helps them gain access to an organization.
When it comes to ransomware attacks, it's important to note that the data encryption process is the last stage of the attack. The cybercriminals have already been in your network and will have either stolen the data or encrypted it.
These days, most ransomware attacks involve stealing data. Cybercriminals are increasing their ransomware attacks while leveraging exploits against unpatched and insecure devices that organizations have connected to the internet. They can discover these systems and .....Read More

October 26, 2020
Cybercriminals could generate spear phishing emails appearing to be sent from a particular political party's candidate.
During voting season, being able to assemble an extensive database of the population of the United States of America's citizens is undoubtedly going to generate a lot of buzz on the dark web and make a lot of money for those who compiled the list when sold.
With this kind of information readily available, cybercriminal groups will leverage this information, intimidate voters into not voting or use other social engineering tactics to get users to fall victim to phishing or vishing attacks......Read More

October 15, 2020
and students alike to understand how to spot a phishing email, realise what a fake link looks like
One of the common tactics used by nation-state threat actors or cybercriminals for phishing attacks is to use a similar website address of the target. In this case, it was the university’s research systems. Unfortunately, students do not receive security awareness training as part of their education.
Like corporate organisations, educational institutions must provide security awareness training for staff, professors, and students alike to understand how to spot a phishing email, realise what .....Read More

October 06, 2020
If the cybercriminals are successful, an effective monitoring program will detect the exfiltration of data.
Healthcare organizations are a prime target for ransomware, as they contain sensitive patient data. For large, profitable organizations, cybercriminals know that they have the means to pay the ransom after their data is stolen. Unfortunately, cybercriminals are stealing intellectual property to auction it to the dark web to increase their financial profits from the attack.
Having a defense-in-depth infrastructure makes it harder for cybercriminals to access the organization's intellectual.....Read More

October 04, 2020
There is a ransomware attack on average every fourteen seconds in the U.S., and it doesn't appear to be slowing down.
Many years ago, in Italy, there were many kidnappings by organised crime groups of the wealthy and affluent families. They would request large sums of money in exchange to return the victim's loved ones. The kidnappings got so bad that the Italian government initiated a ban on paying any ransom to organised crime groups. The government would seize all financial assets to prevent the kidnapped families from getting the money to pay. At first, the crime groups called the bluff of the families who .....Read More
