The Havoc Shield Blog
Cybersecurity Awareness Training: 11 Most Wanted
Cybersecurity Awareness Training is no longer a do-it-yourself type of proposal. The new compliance, privacy, regulatory, and threat landscapes have evolved in ways that blur the lines between different types of training. And the stakes are high: HIPAA non-compliance fines can span up to $1.5M, PCI non-compliance fines are said to span up to $100,000/month, and one analysis of the impact of phishing on large companies places the annual cost at over $3.7M. The good news? It’s easy to take initial steps towards de-risking your small business. Read on for our perspective.
The 6 Worst Blockers for Security Awareness Training
Security Awareness Training. Perhaps the only thing you’d like less that allocating time to participating in it, is to allocate time to being the organizer for it. But why has it become so painful to run point for your company on this front? Traditionally it’s been a bit of a thankless job, but more importantly there are six blockers that make it particularly unpleasant to be the organizer. In the wrap-up we’ll give you some great resources for avoiding these blockers, but in the meantime, here’s what to watch out for.
7 Hidden Ways that Phishing Emails Reveal Their Motives
The most deceptive phishing emails are getting more and more convincing over time. Especially spear phishing emails that contain contextually-relevant cues that subconsciously lead us to believe that we’re interacting with a person or organization that we know and trust. But, there are some hidden secrets to sniffing out most phishing emails — stopping them in their tracks. Read on to learn more.
Cybersecurity History: The Very First Man-in-the-Middle Attack
Wikipedia’s list of security hacking incidents begins with a blurb about a 1903 hack involving Marconi (widely regarded as the inventor of radio). As cybersecurity enthusiasts, we couldn’t help but go one level deeper to learn more. The details we found have everything one could want in a story about (if you’ll allow us just a bit of leeway) the beginnings of cybersecurity history. Brilliant technologists (on both the creating and receiving ends of the hack). Intellectual curiosity. Timing. Famed participants. And, legendary post-incident debates. Let’s dive in.
WFH Cybersecurity: 12 crucial sensors for cyber safety
WFH cybersecurity has been thrust into the limelight ever since the COVID-19 era arrived and rapidly ushered many office-dwelling workers into the nooks and crannies of their homes for the bulk of their workday. But while you are staying safe from COVID-19, don’t forget to also stay safe on the cybersecurity front. On this topic of WFH cybersecurity, we’re frequently asked what types of sensors work well in combination to lead to a secure cyber perimeter. Although we’ve mentioned many sensors in various blog articles on this site, it occurred to us that we had not organized them into a consolidated location for your reading enjoyment. So, without further ado, here are our thoughts on the sensors that you should look to first, when raising your WFH cybersecurity strength.
Threat Primer: Worms
A worm is a self-propagating code execution attack that causes damage on each host that it infects. In less technical terms, a worm is a virus that causes damage, then finds another host to propagate to. This process repeats until it is stopped in its tracks by some effective mitigation, or until it cannot find any additional hosts to transfer to. Here are the key steps that attackers use to implement this type of attack.
The Latest Hack – Garmin
The past few days have been rough for Garmin device owners/users, and no doubt rougher for Garmin’s cybersecurity professionals. Numerous reports suggest that Garmin has been the subject of a ransomware attack that resulted in systems outages for the cloud components that many Garmin products rely on. Recently, reports have emerged that the specific root cause was a WastedLocker ransomware attack.
Garmin has not yet confirmed this. However, if the reports to that effect turn out to be based in fact, here is the attack likely went down.
Locking in on Security with Havoc Shield: Episode #1
In this episode of Locking In on Security with Havoc Shield, we’re joined by guest John Nordin, who has spent several decades in the cybersecurity hot seat as Chief Information Officer at leading brands that we all know and love. In this episode, we delve into the question “Does Cyber History Repeat Itself?”
WFH Cybersecurity: Old, New, and Revised Threat Vectors
Strong WFH cybersecurity is what hackers least expect. Hackers noticed the abrupt upheaval of an incredibly high percentage of previous business processes. And, they saw opportunity. They saw the speedy move away from office-based work environments as exactly the...
6 Quick Fixes for your Shadow IT Problems
Shadow IT. It has arrived. But can it coexist with cybersecurity? It must, somehow, because it’s not going away and your cyberperimeter must continue to guard your valuable digital (and real) assets — especially in the context of WFH cybersecurity. Let’s start at the beginning — what is Shadow IT and how did it get here?
The Latest Hack — Twitter
How The Twitter Hack Went Down On July 15th, word began to spread across the twitterverse (and beyond) that numerous high-profile accounts were tweeting requests to send cryptocurrency to specific destinations, with the promise that the funds would be doubled and...
Why Look-a-Like Domains Spell TROUBLE on Mobile
Cyberattacks using look-a-like domains are getting a boost in effectiveness for an unexpected reason, and it relates to the very likely case that you may be reading their fraudulent email on your mobile device instead of your laptop or desktop. Why has that increased the effectiveness of phishing attacks relying on look-a-like domains? Read on to learn more.
Zooming In on Ransomware
Ransomware is on the rise. If you are fortunate enough to not yet have experienced it first-hand, read on for the troublesome premise. Your precious data — your work files, your personal records, or maybe even something more personal than records, are valuable. Hackers know it. And they are willing to bet that you might be willing to pay to prevent them from doing one of the following to your records, information, etc. Lets dig deeper at understanding this aspect of the threat landscape.
Can Macs get Viruses? Fact vs Fiction
If you are a Mac user, or even if you aren’t, there’s a good chance that you’ve heard the folklore that “Macs don’t get viruses”. Fact, or fiction? Let’s explore.
Phishing, Smishing – The Growing Threat Landscape
Bad news. As if using email to impersonate an employee of a financial institution or other similarly trusted entity wasn’t brazen enough, hackers have set their eye on the next frontier: SMS. Smishing is on the rise, and it’s an adaptation of phishing, but performed via SMS (text message) rather than email. Particularly troubling is the fact that the average professional receives fewer SMS text messages than emails, and from a smaller circle — often creating a subconscious bias that messages received via SMS are less likely to be from outside of an inner circle of friends or colleagues. The potential for harm is enormous.
4 Phishing Steps that Cyber Criminals Use Against You
When cyber criminals using phishing against you or your company, they take fraudulent action to pretend to be someone they aren’t. They seek to extract data, financial resources, and personal information to use against you or your employees. Read on, for the four phishing steps that cyber criminals use against you, and how Mail Armor from Havoc Shield can help.
The Latest Hack — Amtrak
Amtrak Guest Rewards users’ personally identifiable information (PII) was compromised.
The Latest Hack – Wishbone App
40 million user records from the Wishbone app were released online, some with easily decryptable passwords.
The Latest Hack – Marriott
5 million user records were hacked from Marriott’s system, two years after a massive breach.
The Latest Hack – Mathway
A data breach at calculator app Mathway exposed 25 Million user records due to cloud hosting misconfigurations.