Measured as a Country, Cybercrime Would be the World’s Third Largest Economy
January 30th, Tip of the Week | Cybersecurity Ventures released a new report that claims cybercrime is going to cost the world $8 trillion in 2023. If it were measured as a country, then cybercrime would be the world’s third largest economy after the U.S. and China. They report that “cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.”
So what’s the solution? Guidance from outside industry experts as well as years of accumulated knowledge and experience at W&L point to user “awareness” as a key component in defending the University from ongoing network attacks.
Yes, Most Experts Still Recommend Using a Password Manager
January 23rd, Tip of the Week | The recent data breach at LastPass has many folks wondering whether a password manager is worth it. Most industry experts still say yes. While it’s true that password managers can be hacked lots of different ways, they still offer an enhanced level of security over currently available alternatives.
According to KnowBe4, “password managers allow users to create and use different strong and perfectly random passwords for every site and service. This prevents the compromise of one site or service from more easily leading to another compromise of the same user on a different, unrelated, site. And the strong passwords that most password managers create and use today are ‘unguessable’ by any known technology”.
Phishing is the Number One Delivery Vehicle for Ransomware
January 16th, Tip of the Week | According to Deloitte, “the motive behind this is that phishing emails are easy to send and lead to a faster return on investment (ROI). Phishing, as part of social engineering schemes, lures victims into executing actions without realizing the malicious drive. The less aware the targeted user is, the more fruitful the attack. Likewise, in case of targeted attacks, phishing emails are created to look like they come from a trustworthy sender, but link to or contain malicious content that executes as soon as users click it, encrypting their data and asking for the ransom”.
It’s equally important to note that the number one method for protecting organizations against phishing and ransomware is awareness. Stay aware, alert and suspicious of emails asking you to click a link, download a file, or input your personal information.
Beware of Spear Phishing Associated with LastPass Breach
January 9th, Tip of the Week | The plaintext information (e.g., email addresses, telephone numbers, etc.) stolen in the recent LastPass data breach is incredibly useful to any hacker doing social engineering and phishing. It allows an attacker to specifically target (i.e., spear phish) a potential victim using information not known to the general public and other hackers. Bad actors may contact LastPass customers in an attempt to get them to reveal additional information like logins for banking sites or social media accounts. Never give your information away when requested from an unsolicited call or email message.
