Clearwater, FL, USA
People are one of the most common factors contributing to successful data breaches. Let’s dive in deeper into the latest Verizon Data-Breach Investigations Report (DBIR) to find out how and why users are a contributor to the problem.
The New Verizon DBIR is a treasure trove of data. As we covered here, and here, people are one of the most common factors contributing to successful data breaches. Let’s drill down a bit more in the Social Engineering section. They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill.
We occasionally learn of articles and papers that claim that security awareness training and/or simulated phishing campaigns are not effective. We don’t want to disparage what these individuals have found in their own experience, and we encourage everyone to find out how various social engineering mitigations work for themselves and their environments.
Jun 7, 2023 | By Roger Grimes
For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible. Unfortunately, most MFA is as easily phishable, hackable, and bypassable as the passwords they were intended to replace. Even though KnowBe4 was an early proponent of phishing-resistant MFA, now most of the world is coming around, including NIST and CISA. Why Do I Need Training If I Am Already Using Phishing-Resistant MFA?
Jun 7, 2023 | By Stu Sjouwerman
My analysis of this year’s newly-released Verizon Data Breach Investigations Report begins with ransomware findings that point back to users as a big problem. If you only read one report each year to give you an idea of what’s going on with cyber attacks, it’s Verizon’s Data Breach Investigations Report (DBIR). Each year, analysts sort through tens of thousands of data breach incidents (some successful, some not) and identify the attack patterns.
Jun 7, 2023 | By Stu Sjouwerman
A Chinese-speaking phishing gang has expanded its targeting from the Asia-Pacific region to the Middle East, researchers at Group-IB have found. The gang, which the researchers call “PostalFurious,” impersonated a toll operator and a postal service in the Middle East.
Jun 6, 2023 | By Stu Sjouwerman
The U.S. and South Korean governments have issued a joint advisory outlining a North Korean phishing campaign, The Register reports. The threat actor, known as “Kimsuky,” is targeting “individuals employed by research centers and think tanks, academic institutions, and news media organizations.”
Jun 5, 2023 | By Stu Sjouwerman
A phishing campaign is using hyperlinked images in order to trick users into visiting malicious sites, according to Jeremy Fuchs at Avanan. The emails contain images that offer gift cards or promotions for Delta or Kohls. “Obfuscation is a gift to hackers,” Fuchs says. “It allows them to pull off a magic trick. It works by hiding the true intent of their message. In this case, it’s a picture. The picture is meant to entice the user to click.
Jun 5, 2023 | By Stu Sjouwerman
Today, the FBI alerted warned against a new even more disgusting type of sextortion. Previously, these schemes involved coerced or stolen digital material, but now some criminals are using technology to create explicit content from innocent images or videos found online. This information comes from today's alert by the FBI's Internet Crime Complaint Center (IC3).
Jun 2, 2023 | By Stu Sjouwerman
Forced verification fraud and deepfake fraud are on the rise in the US and Canada, according to researchers at Sumsub. Pavel Goldman-Kalaydin, Sumsub’s Head of AI & ML, explains that forced verification involves bypassing biometric data checks.
May 31, 2023 | By KnowBe4
A security awareness training vendor should provide the necessary tools to turn your users into a human firewall while serving as a foundation for improved security culture and human risk management. Here's what you need to know before you evaluate security awareness training programs.
Apr 5, 2023 | By KnowBe4
TrustRadius collected live user reviews from Black Hat 2022 on their experience with the KnowBe4 security awareness training and simulated phishing platform. In this short video, users talk through how they use KnowBe4, what the best features are, the return on investment they've had and rate how likely they are to recommend KnowBe4. A de minimus incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement.
Mar 14, 2023 | By KnowBe4
Phishing emails increase in volume every month and every year, so we created this free resource kit to help you defend against attacks. Request your kit now to learn phishing mitigation strategies, what new trends and attack vectors you need to be prepared for, and our best advice on how to protect your users and your organization.
Artificial intelligence (AI) is no longer science fiction. And the emergence of newer technologies like ChatGPT has raised new questions about the real threats AI poses. Join James McQuiggan, Security Awareness Advocate at KnowBe4, for this presentation as he discusses the benefits of AI, the potential threats, and strategies you can use to protect your network today and in the future.
Jan 31, 2023 | By KnowBe4
Kevin Mitnick, KnowBe4's Chief Hacking Officer, reveal the real risks of weak passwords. Attack assumes the hacker is already on network with victim’s IP address and password, and is trying to access passwords on the victim’s locked password manager remotely. We strongly recommend that you use a password manager to reduce password reuse and improve complexity, but you may be wondering if it’s really worth the risk. Is it safe to store all of your passwords in one place? Can cybercriminals hack them? Are password managers a single point of failure?
Jan 30, 2023 | By KnowBe4
Kevin Mitnick, KnowBe4's Chief Hacking Officer, demonstrates how bad actors conduct "password sprays". A password spray is when a cybercriminal chooses a single password and tries it against everyone in their target organization. We strongly recommend that you use a password manager to reduce password reuse and improve complexity, but you may be wondering if it’s really worth the risk. Is it safe to store all of your passwords in one place? Can cybercriminals hack them? Are password managers a single point of failure?
Jan 26, 2023 | By KnowBe4
Kevin Mitnick, KnowBe4's Chief Hacking Officer, demonstrates how easy it is for bad actors to steal credentials (like saved passwords) from a target's browser.
Jan 18, 2023 | By KnowBe4
Deliver real-time coaching in response to risky user security behavior with SecurityCoach. SecurityCoach is the first real-time security coaching product created to help IT and Security Operations teams further protect your organization’s largest attack surface — your employees. Introducing a new category of technology called Human Detection and Response (HDR), SecurityCoach helps strengthen your security culture by enabling real-time coaching of your users in response to their risky security behavior.
Dec 21, 2022 | By KnowBe4
The holiday season is consistently a time where fraudsters and cybercriminals come out in full force. The holidays are an especially busy time of year for cybercriminals.
Dec 19, 2022 | By KnowBe4
The holidays are an especially busy time of year for cybercriminals.
Apr 2, 2023 | By KnowBe4
Want to read this bestseller? Register now for your free (instant 240-page PDF download) Cyberheist e-book and learn how to not be the next victim! Cyberheist was fully updated and written for the IT team and owners / management of Small and Medium Enterprise, which includes non-profits, local and state government, churches, and any other organization with more than a few thousand dollars in their bank operating account.
Apr 2, 2023 | By KnowBe4
Your employees are your largest attack surface. For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit. But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.
Mar 1, 2023 | By KnowBe4
Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don't have an effective strategy to stop them. This enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Don't get caught in a phishing net! Learn how to avoid having your end users take the bait. Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.
Mar 1, 2023 | By KnowBe4
Hackers have become increasingly savvy at launching specialized attacks that target your users by tapping into their fears, hopes, and biases to get access to their data. Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one. People, no matter their tech savviness, are often duped by social engineer scams, like CEO fraud, because of their familiarity and immediacy factors.
Anything but 100% completion on your employee compliance training is often more than simply frustrating. Compliance audits and regulatory requirements can make anything less than 100% feel like a failure. But, getting compliance on your compliance training is possible! Organizations have struggled for years with getting everyone to complete their required compliance training. This puts organizations at risk of more incidents occurring, fines or reputational damage if an employee is non-compliant.
All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks.
- June 2023 (12)
- May 2023 (48)
- April 2023 (44)
- March 2023 (14)
- February 2023 (3)
- January 2023 (4)
- December 2022 (3)
KnowBe4 is the provider of the world's largest integrated platform for security awareness training combined with simulated phishing attacks. Join our more than 56,000 customers to manage the continuing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive, and powerful. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design a full-featured, yet easy-to-use platform.
Find Out How Effective Our Security Awareness Training Is:
- Train Your Users: The world’s largest library of security awareness training content. Automated training campaigns with scheduled reminder emails.
- Phish Your Users: Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
- See The Results: Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
Human Error. Conquered.