Ian Hawes wants you to have dinner with Donald Trump. He is a 25-year old, self-proclaimed entrepreneur, and “registered genius." Ian’s story broke Monday morning on Politico and it is a cautionary tale for anyone who values their online reputation.
Tue, Aug 30, 2016
Mon, Aug 22, 2016
Cyber threat intelligence (CTI) is all the rage.
Every day, it seems, there is another vendor offering a new fire hose of intelligence data, trying to meet the almost insatiable demand for data of CISOs and Security Operations Centers These feeds promise ever-increasing quantities of all kinds of cyber stuff, from inside and outside the organization, the individual streams delivered to the analytical desks, SIEMs and SOCs for filtering, analysis and attempts at big data manipulation. For the largest enterprises, acquiring and analyzing this data can cost multiple millions of dollars a year. And as the focus of these security investments centers on the data, very few teams have built expertise to actually mitigate the threats that are impacting their organizations every day. Mitigation? Unfortunately, for many enterprises, that's tomorrow's problem...
Mon, Aug 01, 2016
Read the August Executive Threat Brief
It's a fact that most of the headline-grabbing enterprise breaches -- from Target to the DNC -- began with a simple compromise, a compromise caused by a simple phishing email. The AugustThreat Brief from BrandProtect is focused on phishing:
- How phishers are raising the stakes.
- How phishers build their emails.
- How you can avoid being caught.
Wed, Jul 27, 2016
Regardless of their politics, the recent news of the DNC server hack, allegedly by Russian-government-backed hackers, should have security teams pulling their hair out. Why? Because the first phase of the attack used one of the oldest tricks in the book -- a phishing email attack, leveraging a copycat domain.
"For example, the first group, APT 28, often uses the same tactic: registering a domain whose name is similar to that of its target, to trick users into disclosing their passwords when logging into the wrong site. In this case, hackers set up misdepatrment.com — switching two letters — to target users of MIS Department, which manages networks for the Democratic committee." NY TImes, July 27, 2016
It should be no surprise to learn that almost every devastating cyber breach, from Target to the DNC, starts with the same exploit:
Mon, Jul 18, 2016
BrandProtect and the Ponemon Institute have teamed up to create a cross-industry study aimed at understanding companies’ ability to analyze and mitigate online incidents and cyber attacks that are beyond the traditional security perimeter. The 505 enterprises and financial institutions surveyed experienced an average of more than one cyber attack each month and spent an average of almost $3.5 million annually to deal with the attacks. The results of this study are being published on Monday July 18th.
Larry Ponemon will lead a free webcast detailing the research and the research results on Thursday July 21st at 1:00 p.m. ET. Registration for this webcast is now open, but it is filling fast. Click here to register. Attendees will receive a copy of the complete report.
Fri, Jun 10, 2016
BrandProtect recently trained our threatSMART platform on the social media presence of Fortune 100 CEOs to understand the breadth of one of social engineers' key exploits -- executive masquerades. Executive masquerades are an essential component of one the most damaging classes of modern attacks -- the BEC attack. We focused our investigation on LinkedIn and Twitter profiles and activity.
We were surprised by what we found...
Fortune 100 CEOs are among the most respected names in business. They are also among the most careful participants in the online world. If this elite group is a target, the potential for masquerading at all levels of a company and in all industries would theoretically be much higher.
Among the subset of Fortune 100 CEOs who maintain a LinkedIn profile, our review found that more than 15% are represented online by two or more LinkedIn profiles.
We looked on Twitter, too, and there, the numbers are worse. Among the subset of Fortune 100 CEOs who maintain a personal Twitter presence, almost 40% are plagued with duplicate Twitter accounts.
Thu, Jun 09, 2016
From the April FFIEC Guidance on Mobile Banking:
- The appendix emphasizes an enterprise-wide risk management approach for effectively managing and mitigating the risks associated with mobile financial services.
- The appendix discusses the technologies used in the mobile delivery channel, elevated risks that may result, and appropriate controls implemented by institutions or third-party providers.
- The appendix contains a work program to assist examiners in determining the risks posed by an institution’s mobile financial services and assessing the controls that have been implemented to mitigate those risks.
For the first time, the FFIEC is emphasizing that institutions gain visibility to and understanding of ALL mobile apps and mobile banking infrastructure that appear to be related to the institution. Some of these will be legitimate, implemented and authorized by the institution. But others will have been deployed by cyber criminals to attack the institution, the institution's customers, and the institution's partners.To help CISOs and security teams better understand the guidance, and to provide useful strategies for addressing these new security requirements, BrandProtect subject matter expert Dylan Sachs will review the recent guidance in a free one-hour webcast schedule for June 23, 2016 from 1:00 - 2:00 p.m.
Wed, Jun 01, 2016