Syrian Electronic Army continues to carry out successful data-entry phishing...
When the Syrian Electronic Army nailed a number of prominent media outlets earlier this year, we were pleased to see a number of open and honest responses from those that were breached, notably from...
View ArticleTo make training stick, immerse employees
When aspiring pilots go through flight school, they learn both in a conventional ground setting and using a flight simulator. On the simulator, new pilots are immersed in the experience of flying, and...
View ArticleFor effective security awareness, keep it focused
In their book, “Switch: How to Change Things When Change is Hard” authors Chip and Dan Heath examine how influencing humans to change requires appealing to two parts of the brain: the rational and the...
View ArticleUse metrics to measure and improve security awareness
It’s no secret that data is revolutionizing industries. Baseball managers have applied data to buck century-old beliefs about strategy (think Moneyball), anyone who has ever used Amazon.com knows that...
View ArticleBreaking out of the compliance mindset
During my years at Mandiant, I responded to a lot of breaches for a wide variety of organizations. Every breach case had one thing in common – the customer was compliant. While compliance is a...
View ArticleEffective security awareness includes everyone
I’m often asked which employees are most likely to be targeted by phishing emails. It’s interesting to think about, but the truth is that adversaries will target whichever employees can offer access to...
View Article2-factor authentication wouldn’t have prevented AP Twitter hack
When a hacked Twitter account spreads false news of an explosion at the White House and causes hysteria that spurs a 140 point drop in the stock market, it should encourage calls for Twitter to bolster...
View ArticleRSA breach: Lessons Learnt
Most of you have probably heard about the “RSA hack” by now. It was hot news three weeks ago when an employee at RSA fell prey to a targeted phishing attack as explained in this blog post:...
View ArticlePhishing and Spear-Phishing and APTs, oh my!
With all of the media coverage on the recent flurry of successful phishing attacks targeting RSA, Epsilon’s clients and their customers, and Oak Ridge, it’s come to our attention that the fire hose of...
View Article
More Pages to Explore .....