Healthcare data breaches are among the most costly of any industry, and phishing attacks are the number one cause. Security technologies, while essential, are not enough to mitigate the threat posed by phishing. Over 90 percent of data breaches contain a phishing component, and the average cost to remediate a data breach is $3.86 million. However, the silver lining is that with an effective...

This month the largest recorded data dump in history, 87GB filled with passwords and user credentials, was made available. Dubbed Collection #1 consists of 1,160,253,228 unique combinations of email addresses and passwords. Though historic, there are two positive notes regarding this information: The first is that this data set was circulated on hacking forums back in December of 2018 and is...

Phishing simulations come with a range of emotions for the users who interact with them. Some will simply ignore them, others may fail by clicking on a link or attachment, and for the well-trained, they may even report them. Even if there is a negative outcome, training leads and organizations should not be worried, yet. Just like in school, these simulations are just that, simulations or quizzes...

The most likely way that you will be compromised online is through a simple phish or a socially engineered attack. Today, these two techniques are often combined to create an even more threatening attack, an intelligently targeted phish. Thanks to the wealth of information that we all leave behind us as we use the Internet, it is easier than ever for a social engineer to learn our name, address...

Let's be honest, employees make mistakes. And sometimes those mistakes have catastrophic consequences. Everybody has heard stories about people accidentally leaving an unencrypted work laptop on the train, or on the seat of their car. Heck, on a busy day we could even imagine ourselves doing it. But with industry regulators finally starting to find their teeth — and the GDPR is now in full force —...

So here it is… the first one you've received. Everything has been building up to this. You spent days preparing the business case, weeks designing the training program… and it's finally paid off. The first user-reported phishing email has hit your inbox. Now… what should you do with it? Time is of the Essence Reported phishing emails are good for a lot of reasons. For starters, they can help you...

Frustrating, isn't it? You design a powerful anti-phishing program, secure funding from your executive board, provide world-class training. You do everything right… Oh, your users are probably spotting phishing emails. After all, they've engaged with the training, and seem to be taking it seriously. But no matter how many times you remind them, they just won't report those phishing emails. The...

You receive an email, you are unfamiliar with the sender's name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back. Malicious Versus Benign According to Symantec , 55.5 percent of business emails are considered spam emails, with the average business account getting about...

The push for more widespread adoption of HTTPS has been in full-force this year as a way to increase the number of websites that securely transmit information on the Internet. In January, both Chrome and Firefox browsers began alerting users whenever sensitive information, such as passwords or credit card information, was entered on a non-HTTPS web page. In October, Google took this a step further...

'Tis the season for shopping, time spent with friends and family, and preparations to celebrate the holidays. As most of us plan for the coming season, cyber criminals are looking for opportunities to catch victims off guard and steal valuable personal information. People looking to supplement their gift-giving budget with a seasonal holiday job should take a close look at job listings before...

Nation states. Hacktivists. Cyber criminals. There are so many players in the modern threat landscape it can be hard to keep up. And the number of threats ? Practically too many to count. By the time you’ve secured your organization against password reuse, DDoS, and crimeware attacks, your resources are likely so diminished there’s no point even thinking about what else could be out there. But...

The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret. And really, it’s not surprising either. After all, most of us are practically glued to our smartphones throughout the day. An SMS arrived? Better read it straight away. New email? Let me at it. Somebody I don’t care about updated their Facebook status? Great, let’s see what they’re up to. The increased attack...

When you’re attempting to mitigate the risk of phishing, threat intelligence plays a vital role. After all, what better way to predict and intercept future phishing attacks than by analyzing past attacks for patterns and indicators? This post is the second in a series breaking down lessons learned from our recent consumer-focused phishing webinar . In the first post we covered the value of...

It’s a sobering moment. You work long and hard to prepare your users. You train them. You test them. And over time, you see amazing results. But then it happens. Just when you think your users are becoming rockstars at identifying phishing emails, threat actors throw a new tactic at you… and everybody falls for it. Of course, this isn’t a new story. Threat actors constantly update their tactics to...

The cyclical relationship between threat actors and security professionals begins with the creation of a new attack technique, followed by the discovery of that technique by the security community, and then a refashioning of the manner of attack or creation of another novel approach by threat actors. Phishers are always seeking better ways to entice victims into providing their personal and/or...

In recent months we’ve written a lot about security awareness and phishing awareness training. It’s an involved topic, clearly, and if you’ve taken away anything we hope it will be this: If you want real, measurable improvements you must test your employees. And when it comes to email security, that means phishing your employees on a regular basis. In this post, we’ll take a deep dive into a...

Everybody knows phishing is costly to their organization. But how costly? Few organizations know for sure. Plenty of studies have claimed to calculate the cost of phishing, but the results are usually hard to swallow. For instance, does phishing cost your organization $1.6 million per incident ? Or $3.7 million per year ? Perhaps... but probably not. The issue with these figures is that they're...

Frustrating, isn’t it? It seems like no matter what you do, a few phishing emails always find their way into your users’inboxes. You’ve tweaked your spam filter, and you’re scanning every attachment… But nothing seems to work. Is it you? Are you making some glaring mistake? Probably not. We've discussed before why your users keep falling for phishing scams , and there's more to it. The fact is...

We’ve all been there. That awful moment, when you realize it’s happened again. “Why do they never learn?” You ask yourself. “It really isn’t that hard!” Time and time again, your users click on malicious links and attachments in phishing emails, and it seems like no matter what you do to improve their awareness, it never gets any better. So why do they keep falling for phishing scams? Is it just...

Security education programs are sometimes mandated, always important, and often difficult to justify the investment. It is easy to get the powers that be to sign off on a once-per-year security awareness training program that will satisfy compliance requirements, but we all know by now that compliance does not equal security. The Information Security Forum (ISF) has defined information security...