What Keeps You Up At Night – Part II

This week let’s take a look at data feedback so here we go! Over 350 organizations globally participated in this year’s report. The top industry verticals high to low are as follows: Finance, Technology, Healthcare, Government, Professional Services, Non-profit, Manufacturing, Energy & Utilities, Education, Transportation, Insurance, Consumer, Materials, Real Estate, Construction.

Representing these organizations of every size, gaining perspective from a wide range of IT titles, ranging from IT admin all the way up to those in the C-suite.

The key findings around security that organizations don’t quite yet have a handle on. While a portion of organizations had many of the issues under control, on the average, 81% of organizations were concerned to some degree about a security issue.

The Up At Night issue

  • Users are the primary concern for 92% of organizations. Negligent users that become phishing attack victims tops the “up at night list.
  • Ensuring security is in place that meets GDPR requirements is still a challenge for 64% of organizations, despite the regulation details being out for quite some time.
  • Security awareness training along with phishing testing topped the list of security initiatives 80% of organizations are needing to implement.
  • Data breaches remain a rampant problem worldwide. With executives concerned about breach repercussions, this one has 95% of organizations worried.
  • Attackers utilization of compromised credentials is such a common tactic, 93% of organizations are aware of the problem, but still have lots of work to do to stop it.
  • Nearly every part of the success of a security strategy relies on having adequate budget, a material concern for 75% of organizations.

In my next post we will look at “What single issue around your organization’s security stands out as the greatest concern that either figuratively or literally keeps you up at night?”

Till then…..Think Before You Click!

Tina Louise ~ https://www.cloudplusservices.com ~ 888.871.6584

What Keeps You Up At Night

Maintaining organization security against cyber threats last year was a unique challenge. Cybercriminals turned up their execution a notch – targeting specific industry verticals organizations, and even individuals. Increases in the frequency of ransomware, phishing and cryptojacking attacks were experienced by businesses of nearly every size vertical , and locale. Many criminal organizations now leverage the very same types of machine learning AI to help them better understand how to improve the art of their attack.

2018 was also a year of some of the most sensational and successful attacks. Marriott’s 500 million stolen customer record represented the largest data breach in history, reminding organizations that no company is completely safe. Over 184 million ransomware attacks occurred, with damages estimated at over $8 billion. And phishing attacks are now being used to commit fraud that has some businesses out millions of dollars. And in the midst of all this cyber-turmoil, IT organizations have been tasked with trying to establish and maintain a layered security defense that protects the organization and its users, despite the every-changing threat landscape. Much of the constant barrage of threats, attacks, malware, and news stories has got to have some IT organizations deeply worried.

So, let’s look at possible concerns that may be keeping you “up at night”; that is, which aspects of security – from prevention, to attack, to detection, to response – are you most concerned about. Over the next six post, we’re going to take a deep dive into the stuff of nightmares – security concerns that have organizations worried. Six areas to focus on will be:

  • Attack Types
  • Security Initiatives
  • Compliance Security
  • User-Related Issues
  • Resource Issues
  • Executive-Level Concerns

We’ll dig into each area, providing insight into what parts of security have organizations lying awake in their beds, and which ones allow them sleep soundly.

Thank you for the above content in my partnership with KnowBe4 ~ Till next time……Think Before You Click!

Tina Louise ~ https://www.cloudplusservices.com ~ 888.871.6584

[Heads-Up] If This Is True It’s A Disaster.

Three Major US Antivirus Companies Breached? Technology news provider
ARSTECHNICA , posted that security researchers found out that high-profile hackers have breached three US AV companies and are selling the source code. The most annoying thing is that they have alerted the authorities, but no one has mentioned the actual vendors as of yet.

Advance Intelligence, LLC is the InfoSec shop that broke the news, and here is their Executive Summary:

“Fxmsp” is a high-profile Russian- and English-speaking hacking collective. They specialize in breaching highly secure protected networks to access private corporate and government information and they have a long-standing reputation for selling sensitive information from high-profile global government and corporate entities. The group was singled out in a 2018 FireEye report on Internet crime for selling access to corporate networks worldwide, including a global breach of a luxury hotel group—potentially tied to the Marriott/Starwood breach revealed last November.

In March, the group “stated they could provide exclusive information stolen from three top antivirus companies located in the United States,” AdvIntel’s researchers reported in a blog post going live today. “They confirmed that they have exclusive source code related to the companies’ software development.” And the group offered privately to sell the source code and network access to all three companies for “over $300,000,” the researchers said.

AdvIntel subject matter experts assess with high confidence that Fxmsp is a credible hacking collective with a history of selling verifiable corporate breaches returning them profits close to $1,000,000 USD. AdvIntel alerted law enforcement regarding these claimed intrusions.

Yelisey Boguslavskiy, director of research at AdvIntel, told Ars that his company notified “the potential victim entities” of the breach through partner organizations; it also provided the details to US law enforcement. In March, Fxmsp offered the data “through a private conversation,” Boguslavskiy said. “However, they claimed that their proxy sellers will announce the sale on forums.”

Who Is/Are Fxmsp?

According to “ShadowRunTeam,” a high-profile Russian threat actor operating on Telegram, Fxmsp is reportedly a Moscow resident with the first name “Andrey” who started to engage in cybercrime activities in mid-2000 and specialized in social engineering.


Here is the arstechnica article which has some mitigation suggestions.
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/

To my readers thank you for being patient and following my blogs. Life showed up and now I am back in the game. If you’d like to connect and learn more about Security Awareness Training please contact my office.

Till then….Think Before You Click!


Tina Louise ~ https://www.cloudplusservices.com ~ 888.871-6584

Theirs A Hunter In The Wild

I was speaking to a business today and they are perplexed by the emails their employees are receiving seem fishy and I said as in Phising? She said what do you mean and I said theirs a hunter in your mist don’t respond or click on anything.

I received one of those UPS emails right after my post last week, funny I didn’t order anything so I filed it under “T” for trash. Here are more “Common Attacks In The Wild”!

  • Apple: You recently requested a password reset for your Apple ID
  • Employee Satisfaction Survey
  • Sharepoint: You Have Received 2 New Fax Messages
  • Your Support Ticket is Closing
  • Docusign: You’ve received a Document for Signature
  • ZipRecruiter: ZipRecruiter Account Suspended
  • IT System Support
  • Amazon: Your Order Summary
  • Office 365: Suspicious Activity Report
  • Squarespace: Account billing failure

KEY TAKEAWAY

The desire to receive communications intended for the individual is strong. The potential of something being wrong and/or at risk also plays into the human psyche, leaving the individual to think that he/she must act immediately to resolve the issue. These types of attacks are effective because they cause a person to react before thinking logically about the legitimacy of the email.

Till Next Time ~ Think Before You Click!

Tina Louise ~ http://www.cloudplusservices.com ~ 888.871-6584

Top-Clicked Phishing Test!

Top 10 general email subjects

  1. Password Check Required Immediately – 34%
  2. You Have A New Voicemail – 13%
  3. Your order is on the way – 11%
  4. Change of Password Required Immediately – 9%
  5. De-activation of [[email]] in Process – 8%
  6. UPS Label Delivery 1ZBE312TNY00015011 – 6%
  7. Revised Vacation & Sick Time Policy – 6%
  8. You’ve received a Document for Signature – 5%
  9. [ACTION REQUIRED] – Potential Acceptable Use Violation – 5%
  10. Spam Notification: 1 New Messages – 4%

If you have not received the above subject lines and there are many more it is up to you to stop and think “Why am I receiving this email”? In the work place and in our personal lives be diligent in protecting your network and data.

Tips and tricks – hover your mouse over the sender if it looks odd it is, so block that address. I have even received a so called email from UPS with a tracking number – copy the tracking # go to the legit UPS site and paste the number, that will tell you the story. Become the detective, get on the phone make a call if needed and scrutinize the email do not click on any link or attachments.

Key Takeaways – Hackers are playing into employees’ desires and our personal lives to remain security minded. There’s also an intrigue of mystery that often makes people curious enough to click (i.e., new voicemail, order on the way). Password management is a popular way to get people to click on a link.

Next time ~ COMMON “IN THE WILD” ATTACKS ~ Think Before You Click!

Tina Louise ~ http://www.cloudplusservices.com ~ 888.871.6584

CEO Fraud – Action Step Four And Wrap It Up!

Isolate security policy violations
For such an incident to happen, violations of existing policy are likely to be in evidence. Conduct an internal investigation to cover such violations as well as to eliminate any possibility of any collusion with the criminals.
Take the appropriate disciplinary action.

Draw up a plan to remedy security deficiencies
When the immediate consequences of the attack have been addressed and full data has been gathered about the attack, draw up a plan that encompasses adding technology and staff training to prevent the same kind of incident from repeating. Be sure to beef up staff awareness training as a vital part of this.


Wrap It Up!
There is no substitute for preparation when it comes to dealing with cybercriminals and the many flavors of CEO fraud. The CEO Fraud Prevention Checklist given here will guide you through the steps to take to proof the organization up against this type of incident.


While those steps will greatly reduce the likelihood of an incursion, all it takes is one gullible or inattentive user to let the bad guys inside. In those cases where CEO fraud is being perpetrated.


In the case of both checklists, security awareness training plays an essential role in creating a human firewall around your organization. Only when users are fully aware of the many facets of phishing will they be capable
of withstanding even the most sophisticated attempts at CEO fraud.

Contact my office for CEO Fraud Response Checklist.

Thank you for following this important series on CEO Fraud…Till next time..Think Before You Click!

Tina Louise – http://www.cloudplusservices.com – 888.871.6584

CEO Fraud – Action Step Three!

Action is the cure to all business growth! As it is in security awareness training being proactive instead of reactive determines success of your data.

Contact your insurance company
FBI data shows that less than 4% of CEO fraud funds are recovered. Therefore, it is necessary to contact your insurance company to find out if you are covered for the attack. While many organizations have taken out
cyber-insurance, not all are covered in the event of CEO fraud.
This is a grey area in insurance and many refuse to pay up. Many that have reported CEO fraud to their insurer, find that this type of incident is not covered. Despite the presence of a specific cyber insurance policy,
the unfortunate fact is that no hardware or software was hacked. It was the human that was hacked instead. Insurance companies draw a distinction between financial instruments and email fraud. Financial instruments
can be defined as monetary contracts between parties such as cash (currency), evidence of an ownership interest in an entity (share), or a contractual right to receive or deliver cash (bond). Many companies are
covered in the event of a fraudulent financial instrument.

However, CEO fraud is often categorized differently. It is regarded by some insurance firms as being purely an email fraud and not a financial instrument fraud. In other words, it is being regarded in many cases as a matter of internal negligence or email impersonation as opposed to being a financial instrument matter. That said, there are dozens of carriers in the market providing up to $300 million in limits. Coverage extensions have developed to include both the third-party liability and first-party cost and expenses associated with a data breach or cyber-attack.

Next time…Action Step Four…till then “Think Before You Click”!

Tina Louise ~ http://www.Cloudplusservices.com ~ 888.871.6584