Small businesses are progressively utilizing information technology in business processes, but aren’t doing it securely. In essence, they do not believe adversaries will target them when there several other big, profitable organizations to attack. As a result, they neglect important measures like security awareness training, which leaves their firm in the crosshairs of cyber criminals.
Stating that information security is everyone’s job is not something new; just try asking any person in charge of awareness efforts how many times they have done so. Even if your company has a dedicated security team, it is very important to let every employee know that they have a shared responsibility for the company’s data protection. Since information security is so closely linked to IT protection, most would assume that IT workers would be way ahead of the game, quite aware that they play a major role in data protection and would not stray from secure behavior, following security rules without questioning and helping in the early detection of security related incidents. The simple truth is that most of the time IT employees are among the biggest insider threats to security.
Anti-Phishing: Factors to Consider When Planning, Developing and Implementing Phishing Awareness Training
By Randi Sherman
Security awareness training is very broad in scope, but essentially it amounts to creating a formalized environment for familiarizing and educating employees about proper procedures for protecting a company from intrusion and theft. Properly designed, it should ensure that all workers understand corporate policies and procedures for using company assets in a secure and conscientious manner. That being said, phishing is a black art. It is designed to trick otherwise conscientious employees into doing something that they would never ordinarily consider. Phishing poses a unique problem to corporate security. In many cases, employees have abrogated their responsibilities, operating under the mistaken impression that filters remove all incoming threats from e-mails. This is a notion that we need to do away with; phishing awareness education is the key.
» Read more
By Chris Garrett
CIOs, managers and staff are faced with ever increasing levels of complexity in managing the security of their organizations and in preventing attacks that are increasingly sophisticated. As individuals we are subjected to enormous amounts of information across broad ranges of subjects, for example, security policies, new technologies, new patches, new threats, new sources of information, the list is endless. To fulfill the function of our role in the organization whether at a strategic or tactical level we make many decisions each day in the context of this information. As the environment continues to become more dynamic the process of making good security decisions is becoming more and more challenging. The answer lies in creating security-aware cultures in our organizations. This paper proposes that creating security aware cultures is dependent on improving how individuals make security decisions. Awareness of our decision-making processes as security practitioners can help us ma…
» Read more
By Daniel Brecht
Today’s cyber scammers are quite savvy in their attempts to bypass security measures and collect information and data that should not normally be publicly exposed. Phishing, in particular, is a widely used social engineering technique that targets users by means of a bait to solicit personal information or deceive victims into performing certain actions, such as opening malicious links or attachments.
» Read more
By InfoSec Resources
Each year, Verizon publishes a report that highlights data breach and incident trends from the previous year. This report offers significant insight into not just the types of threats organizations face today, but who perpetrates breaches, the tactics used and, perhaps most importantly, the reason organizations find themselves at risk in the first place. Sadly, in too many of these breaches, security awareness on the part of the affected organization was lacking, and security awareness training could have made a significant difference. While security awareness training cannot provide guaranteed protection and does not play a role in defending against things like DDoS attacks, it has been implicated in a very wide range of breaches that could have been prevented.
By Chiragh Dewan
In this article, we will learn about Echo Mirage, a freeware tool that hooks into an application’s process and enables us to monitor the network interactions being done. This process can be done with a running process, or it can run the application on the user’s behalf. This type of security testing falls under Thick Client Application Security Testing. Thick Clients Applications can be further divided into two parts: Proxy-aware Thick Clients Proxy-Unaware Thick Clients Proxy-aware Thick Clients If a Thick Client can set up a proxy server, then it is known as a Proxy-aware Thick Client. Examples of Proxy-aware Thick Clients are Microsoft Outlook, Google Talk, Yahoo Messenger, etc.
» Read more
By Alyssa Robinson
Even companies with extensive, well-funded security awareness programs fall victim to attacks involving phishing, weak passwords and SQL injection, presumably the primary targets of user education. Either their users don’t have the skills to avoid these pitfalls, or they lack the motivation to apply those skills. Psychologists and other social scientists have studied the roots of effective behavioral change and have solutions to offer. By exploring personal, social and environmental sources of motivation and ability, security awareness professionals can attack the problem from multiple sides and give users both the ability and the will to make necessary changes.
» Read more
By Peter Lindley
It’s an accepted fundamental of IT Security: the weakest point is almost always the user. Most surveys and annual security reports will show that incidents caused by the user will represent the highest percentage by far of those reported or detected. And by the same token, the best “bang for your buck” for security incident prevention is invariably the security awareness program. But what exactly is a security awareness program? What should it include? I was once appointed to a recently-formed organization as its IT Security Manager. I was tasked with implementing and managing an Information Security Management System (ISMS) for the new body. A team of consultants had developed a number of IT security policies and security operating procedures (SyOps) as part of the ISMS prior to my appointment. These included a main overarching System Security Policy with various detailed policies specific to particular areas (for example, an incident reporting policy) supported by a number of S…
Keeping your data safe and far away from the clutches of the hacking community is a need of the hour in today’s world. We have compiled 20 of the most beneficial security awareness tips and tricks that should be common knowledge. Don’t sell yourself short Many forensic experts claim that the majority of their victims …