Security Awareness training is most effective when repeated every six months

Security Awareness training is most effective when repeated every six months

Awareness training in the field of cybersecurity and phishing must be repeated after approximately six months to ensure that employees continue to recognize phishing emails properly. This is evident from a study that was carried out by a number of German universities at an organization from the public sector. In Germany, public organizations are required to implement an information security management system (ISMS) to increase employee awareness of information security. The research focused on the question of how effective these awareness training courses will still be over time. To this end, it was periodically tested whether employees were able to recognize phishing emails.
The research showed that the participants were still perfectly capable of recognizing phishing emails after four months. That was no longer the case if the phishing training was six months or more ago, ZDNet writes.

Read more about this: https://www.zdnet.com/article/phishing-awareness-training-wears-off-after-a-few-months/?

Data breach approximately costs €125 per leaked data record

According to researchers at the American Ponemon Institute, cyber attacks are the leading cause of data leaks, followed by technical defects, configuration errors in the cloud and human error.

The “Cost of a Data Breach Report 2020” study conducted by IBM among 3,200 people from 524 organizations shows that the average cost per leaked or stolen data record has increased.

According to the study, the average cost per lost or stolen data record was $ 146 (approx. $ 123). With malicious attacks the costs are even slightly higher, around $ 175 per leaked data record, according to Darkreading.

The study covered 17 different sectors. The costs of data breaches are the highest in the healthcare sector. In the healthcare sector, a major data breach can easily cost about 7 million dollars (6 million euros). The high costs are caused by, among other things, customers who no longer have confidence, system downtime, lost sales, legal costs and fines.

On average, it takes 329 days before the leakage of data is detected by organizations.

Want to read more about this: https://www.darkreading.com/vulnerabilities—threats/advanced-threats/average-cost-of-a-data-breach-in-2020-$386m/a/d-id/1338660

Former Uber CISO charged for concealing hack

Former Uber CISO charged for concealing hack

Yesterday Uber’s former security chief Joe Sullivan was charged with attempting to conceal a hack from federal investigators. This hack exposed the email addresses and phone numbers of 57 million drivers and passengers.

As a result the former CISO could face up to eight years in prison for not promptly disclosing to the employee and consumer victims in that hack, which indicates bad corporate behaviour.

Read more about this at: https://www.nytimes.com/2020/08/20/technology/joe-sullivan-uber-charged-hack.html

How to improve cyber security within your organisation?

NCSC published the following Small Business Guide for Cyber Security with the following steps for which ID Control gives some free trials of cloud security services:


1. Backing up your data;
2. Protecting your organization from malware (f.e. https://antivirusservice.eu/ );
3. Keep your mobile devices safe (f.e. https://antivirusservice.eu/ );
4. Using password to keep your data safe (f.e. https://idcontrol.pw);
5. Avoid phishing attacks.


If you want to learn more how to manage these steps and improve cyber security, you can checkout the guide below and use the example trial cloud security services or call ID Control at +31 888 SECURE (732873)!
Guide: https://www.ncsc.gov.uk/collection/small-business-guide

Spy on satellite broadband traffic using $300?

Spy on satellite broadband traffic using $300?

Transmitted information via satellite broadband connections – something that’s useful in areas where fixed internet connections might be slow or non-existent – could get their traffic sniffed, potentially putting usernames and passwords into the hands of attackers, as well as the ability to track sensitive but often not encrypted information about individuals or corporations.

You can read more about this here: https://www.zdnet.com/article/how-hackers-could-spy-on-satellite-internet-traffic-with-just-300-of-home-tv-equipment/

FBI: how to recognize malicious web stores?

Ecommerce

The FBI has provided Internet users with tips for recognizing malicious web stores. According to the U.S. Service, there is an increase in the number of victims being tracked down through fake online stores. The US regulator FTC also reports an increase in the number of shoppers who do not receive ordered goods. These include masks.

Tips to recognize these malicious web stores are:

  • check the top level domain;
  • check the public whois data of the domain owner and whether the contact details are correct and how long the domain exists;
  • if the price or discount is too good to be true then it probably is;
  • check their email address, private email addresses are suspicious;
  • don’t blindly trust advertised websites on social media;
  • check the reviews and complaints of the sites.

Read more about this at: https://www.ic3.gov/media/2020/200803.aspx

FBI warns for hack risks on mobile banking apps

FBI warns for hack risks on mobile banking apps

The FBI warned mobile banking app users that they will be increasingly targeted by hackers trying to steal their credentials and take over their banking accounts. Mobile banking users who download an app-based banking trojan onto their tablet or smartphone are usually asked to give it the permissions it requires to steal their information.
Such malware does not go snooping around the victim’s Android or iOS device but, instead, it will stay dormant and will only surface when the user opens a legitimate banking app on his device.
The “trojan creates a false version of the bank’s login page and overlays it on top of the legitimate app.”
“Once the user enters their credentials into the false login page, the trojan passes the user to the real banking app login page so they do not realize they have been compromised.” 

Read more about this: https://www.bleepingcomputer.com/news/security/fbi-warns-of-increased-hacking-risk-if-using-mobile-banking-apps/

Millions of Facebook passwords exposed to FB employees

The passwords of millions of Facebook users were accessible by up to 20,000 employees of the social network. Security researcher Brian Krebs broke the news about data protection failures, which saw up to 600 million passwords stored in plain text. Most of the people affected were users of Facebook Lite, which tends to be used in nations where net connections are sparse and slow.

Read more about this topic at: https://www.bbc.com/news/technology-47653656

AI in battle with GDPR?

AI enables computers to make intelligent decisions in order to perform diverse tasks while operating to learn by collecting, processing, and linking huge amounts of data, of which a large part might be personal data. Also called machine learning, this principle simply means that the more data that is available to be consumed, the better and more credible the AI is. On the other hand, this massive collection of data on which the AI relies on, is problematic from a privacy perspective. That is why the EU has put these activities under a data protection microscope with the GDPR. Questions rise:

– How data is protected and processed?
– Is access given to this information to any party?
– How to organize human intervention?
– What about the data rights of the subject?
– How to withdraw consent?
– How to implement the requirements of the GDPR into AI?

Read more about this topic at: https://brusselstalking.blog/2019/03/07/ai-vs-gdpr-finding-the-balance-between-ethics-and-innovation/