DTX Manchester DTX Manchester
  • About Us
Saturday, 16 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Tweet Chat Roundup with KnowBe4

Phishing trends, building a strong security culture and more

by Joel
August 11, 2020
in Featured, Guru's Picks, This Week's Gurus, TweetChat
Tweet Chat Twitter Bird
Share on FacebookShare on Twitter

We are now more than halfway through the year, and what a crazy half it has been, both in terms of the global pandemic but also when you consider the volatile climate that the cybersecurity industry finds itself in.

We wanted to find out what trends had been seen, how organisations should go about ensuring security is being kept as a priority, the impact Covid-19 will have and the importance of having a strong security culture during this time of uncertainty. To help us answer these questions, we were joined by KnowBe4’s security awareness evangelists. KnowBe4 is the provider of the world’s largest security awareness training and simulated phishing platform so they are best placed to give the necessary insight into the phishing trends which was where we started the Tweet Chat…the evangelists were certainly happy and eager to get started…

Current mood #AskKB4 https://t.co/lQk3tRfxp7 pic.twitter.com/27dNcNccMT

— Javvad Malik v2.0 (@J4vv4D) July 29, 2020

 

Noticeable trends and surprise tactics used by Hackers

A1: Ransomware, Data breaches have held steady. With the recent ShinyHunter data leaks due to phishing attacks. Phishing will not go away until more organizations provide training and this attack vector is no longer successful for the cybercriminals #AskKB4 #phishing https://t.co/fQL4mL11jJ

— James (@James_McQuiggan) July 29, 2020

Nearly every trend has been linked to the 'rona. The impromptu "digital transformation", wfh, attacks against home workers and home infrastructure, lots of misinformation. #AskKB4 https://t.co/WA4w1HKhaa

— Javvad Malik v2.0 (@J4vv4D) July 29, 2020

A2: I thought the android ransomware being spread as a Canadian COVID tracing app was interesting. The Canadian govt said they were making one and scammers fired up pages that looked legit and took advantage. Clever #AskKB4 https://t.co/MGDS5vdYv0 pic.twitter.com/kvo8LbbkNs

— Madsqu1rrel (@ErichKron) July 29, 2020

A2 Not a particular scam.. but I do notice the bad guys becoming more bold and blatant in their approach. And they don't really need to be inventive (unfortunately). BEC type scams, for instance, have been around for ages and are still the same #askkb4 https://t.co/QIrREaNmBn

— JellySandwich (@JelleWieringa) July 29, 2020

Will we see a rise in DeepFakes?

We then moved onto the impact the pandemic will have given that face-to-face contact will be limited for the time being and how criminals will leverage this for their own nefarious means…

A3a: #Deepfake attacks are still developing and take too much time and effort to be used in a commodity types of attacks, only high-value targets. Frankly those are still easier to get without all the deepfakery right now #AskKB4 https://t.co/PDlmy1qXDh

— Madsqu1rrel (@ErichKron) July 29, 2020

A3b: To avoid being impacted, make sure your processes are set up and people trained to require an out-of-band confirmation, such as calling someone on a known good phone number, before transferring money or sensitive info #AskKB4 https://t.co/PDlmy1qXDh

— Madsqu1rrel (@ErichKron) July 29, 2020

A3 As for voice and text phishing. This is far easier to set up and execute. And since a lot of users still find it hard to determine whether something is a fraudulent text or voice message, there is plenty of opportunities for the bad guys to be successful with this. #askkb4 https://t.co/yCzfyrbDxU

— JellySandwich (@JelleWieringa) July 29, 2020

A3: With their “hacker toolboxes”, cybercriminals vary attack vectors to get folks to be convinced of the event – #SMSing or #Vishing to convince people of bank changes,account passwords and click the link, phone the number #AskKB4 https://t.co/frJ0FMHJ1x pic.twitter.com/RfCgdkkaDE

— James (@James_McQuiggan) July 29, 2020

 

Humans will continue to be important

We then transferred the discussion to the vital role the human workforce plays in keeping organisations safe, especially when facing out of the ordinary threats seen today. Technology will always have its place in cybersecurity, but the importance of the human factor cannot be underestimated. Yet, this also begs the question: how much should be spent on technology vs training?

A4: Humans have always been a huge part and this has only highlighted that as they work form home with fewer technical controls and tools at their disposal. It’s important to realize that it is not their fault, but they ARE the ones targeted so often and get beat up #AskKB4 https://t.co/lI38Yf1nii pic.twitter.com/oCPql9qPtO

— Madsqu1rrel (@ErichKron) July 29, 2020

70% -90% of malicious breaches are due to social engineering humans, so helping the humans make better security decisions is THE best defense you can implement. #AskKB4 https://t.co/2LJ6JAx9lz

— Roger A. Grimes (@rogeragrimes) July 29, 2020

While I believe investing in the human workforce is vital.

Equally so, it's important for organisations to understand where tech controls are effective and appropriate, where procedures are needed and where and when to invest in humans and the limitations of each. #AskKb4 https://t.co/MPMNe2QA8d

— Javvad Malik v2.0 (@J4vv4D) July 29, 2020

A6: The money needed for annual training is a drop in the bucket compared to the money spent on technology. The training budget is the first cut when it comes to budget cuts for organizations. Provide education & training for the employees vs the cost of a new blinky box #AskKB4 https://t.co/4RHkC0lGDJ pic.twitter.com/9lQbLz6qeY

— James (@James_McQuiggan) July 29, 2020

A6: That depends on where they are now and how much ground they need to make up in one area or another. It also depends on the types of attacks they experience. I suggest using the approach @rogeragrimes takes in his Data-Driven defense book #AskKB4 https://t.co/Kv7RzhqSuy

— Madsqu1rrel (@ErichKron) July 29, 2020

Digging deeper into the training aspect of security, many may overlook the significance security awareness plays in the overall protection of an enterprise. Is there a perception that security awareness training is not necessary?

Yes. It may surprise some people, but we still get a small % of people questioning it's value at all. And we say just look at the data…anyone's data. Good security awareness training significantly reduces risk of compromise and I don't care who's data you use. #AskKB4 https://t.co/mXl3m0Ohpq

— Roger A. Grimes (@rogeragrimes) July 29, 2020

A7 I think a lot of organizations do value it. But find it hard to execute properly. Therefore, they go for the (easier?) technology angle. Showing them (through data) of the need AND the value in security awareness is the way to go to convince them. #AskKB4 https://t.co/KFNRvwro2I

— JellySandwich (@JelleWieringa) July 29, 2020

It also created a discussion amongst the evangelists as can be seen in this thread:

The money needed for annual training is a drop in the bucket: Not always

The training budget is the first cut when it comes to budget cuts for organizations: Any evidence to support this?#AskKb4

— Javvad Malik v2.0 (@J4vv4D) July 29, 2020

Surviving the current waves of cyberattacks requires the implementation of strong security culture – this should be paramount, but who within an organisation should be leading the way for this approach and how can one measure if they actually have a solid security culture foundation?

A8: It has not only to be talked about by leadership, but demonstrated as well. From the C-suite to line managers, it is important that leadership publicly demonstrate a proper security culture. #AskKB4 https://t.co/tdEjYWocMM

— Madsqu1rrel (@ErichKron) July 29, 2020

In an emergency or new event, most people revert to what they have been trained to do. So, training, no matter how you do it, is important to do. You just need to make sure the training is well done and relevant, however you do it. #AskKB4 https://t.co/rOU3MSE8c5

— Roger A. Grimes (@rogeragrimes) July 29, 2020

Use such metrics as "how many incidents have occurred or been prevented", using a Phish Prone Percentage of the employees. Create different scorecards for different roles, C-Suite, Finance, Developers, R&D, Service etc. #AskKB4 #scorecards https://t.co/WsFOO7pPFT

— James (@James_McQuiggan) July 29, 2020

Lastly, we moved onto password security.

We continuously read about poor password practises, whether its password reuse or sharing it with another person. So, has the password become obsolete or is there a future for this common layer of security?

A10: Every organisation needs to provide their employees with a password management application, just like applications for spreadsheets, email and databases. Add it to their corporate policies and require the use of it. People can learn it, like email and browsers. #AskKB4 https://t.co/WsFOO7pPFT

— James (@James_McQuiggan) July 29, 2020

If you agree or disagree or wish to continue the discussion, feel free to reach out to the Guru or any of the KnowBe4 evangelists on twitter with your thoughts.

 

0 0 vote
Article Rating
FacebookTweetLinkedIn
Share1TweetShare
Previous Post

US and Australian government warn of critical vulnerabilities in Cisco, Microsoft and IBM remote access and perimeter devices

Next Post

Nearly 300 Chrome extensions are loading malicious code

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

game

400,000 customer details compromised in Resident Evil and Street Fighter gaming company ransomware attack

January 15, 2021

XSS vulnerability affects government websites

January 15, 2021

COVID-19 State of Remote Work Survey: 34% of Workers Felt Pressure to Return to the Office

January 15, 2021
CCTV used to spy

Ethics Officer Facing Cyberstalking Charge

January 15, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept