To keep up with the firehose of news and press releases, we’ve decided to deliver some extra news to you on the side every Monday and Thursday morning. Some of it is an extension of our own reporting that didn’t make its way into a story, while others might be content we’ve bookmarked for later reading and thought of sharing with you. We’re doing a similar thing at Channel Daily News – check it out here. You can also view our previous ITWC Morning Briefing here. Today’s briefing is delivered by ITWC editorial director Alex Coop.
What you need to know, right now
It’s what you need to know right now in the world of IT and tech – ’nuff said. (Best taken with a side of Hashtag Trending and Cyber Security Today)
We finally get a demo for Neuralink, hackers appear to target Tesla, and The New York Times digs deep into how conspiracy theories are making doctors’ jobs harder.
Ransomware defences, a dishonest employee at Cisco, an honest employee at Tesla and printer owners embarrassed.
A one-on-one with Terranova Security’s CISO Theo Zafirakos
Clients are always asking Theo Zafirakos how he thinks their cybersecurity protocols compare to others.
“I’ve worked with more than 100 clients and they’re always asking ‘how do we compare to others?’ And when we mean others, we could be talking about others in the same industry, geographical location, and more,” he explained. “Years ago there was no answer, but that’s what gave us the idea of this phishing simulation tournament.”
Terranova Security loves phishing. The security firm is hosting its second annual Gone Phishing Tournament in October to coincide with National Cyber Security Awareness Month. The Gone Phishing Tournament, co-sponsored by Microsoft, uses an email template from Attack simulation training, a new capability of Office 365 Advanced Threat Protection (ATP) releasing later this year.
The Gone Phishing Tournament is an annual cybersecurity event open to security and risk management leaders responsible for driving a security culture by testing, training and reporting on phishing threats.
All it takes is one well-written email with a link to a malicious document, website, or infected attachment, to slip into your mailbox and get clicked on. Once that happens and you submit the information requested in the phishing email, the cybercriminal has won.
Zafirakos says when discussing how to improve security behaviour and culture at the workplace, the first question that needs asking is do you train and how often?
“Awareness helps with detection, but it doesn’t expose to examples of the tactics you’re reading about that attackers use,” Zafirakos said. “Tactics are almost always the same – email, phone call or text. But what changes is the story that’s told, and users who aren’t exposed to those stories will be exposed in the real world. Without simulations, you don’t see those examples in your inbox often enough, and then by the time you see a real attack, it’s probably too late.”
These attacks could be messages from your “boss” asking you to do something. Nowadays, you might read an email promising discounts on technology to help your business get through the pandemic.
Last year, phishing emails were sent to 76 countries during the inaugural Global Phishing Tournament and written in 27 different languages. Eleven per cent of all recipients clicked on the phishing link deployed for last year’s tournament, and two per cent of participants actually submitted their credentials. The public sector topped all industries when it comes to the frequency of employees who clicked on generic links and gave up usernames and passwords.
IT administrators are increasingly facing convincing phishing attacks, Zafirakos says. Last year, hackers began sending phishing emails specifically targeting Microsoft Office 365 administrators, an attack that if successfully executed, would allow them to gain administrative control over an organization’s Office 365 domain and accounts.
“Those were very convincing attacks,” he said.
In case you missed it
The recent news that we maybe didn’t get to yet, or it’s the news we’ve reported on and feel is worth resurfacing. Sometimes we’ll also feature awesome stories from other publications.
VMware Carbon Black recently released its third annual cybersecurity threat report titled Extended Enterprise Under Threat. It’s based on a survey of 251 Canadian CIOs, CTOs and CISOs as part of its Global Threat Report series. We got this handy infographic with the main takeaways. The full report can be accessed here.
Trend Micro delivered another mid-year roundup report last week, and to no one’s surprise, the implications of COVID-19 and the subsequent lockdowns resulted in troubling figures. Email was the most used attack entry point, making up 91.5 per cent of detections for COVID-19-related threats. The numbers started rising in March and peaked in April. Some of the emails Trend Micro says it observed included those that pose as health advisories or donation requests. These usually have attachments that carry malware.
Ransomware detections were through the room during the first half of this year.
Cyber Security Today – Alert to Linux administrators, attack on Outlook and crooks cashing in on online games [IT WORLD CANADA]
Alert to Linux administrators, attack on Outlook, and crooks are cashing in on online games.
Hashtag Trending – TikTok chief quits 100 days in; Apple makes advertising harder; Scots Wikipedia snafu [IT WORLD CANADA]
TikTok’s CEO steps down after 100 days in office, Apple is making it harder for Facebook to advertise, and in a shocking turn of events, it turns out Scots version of Wikipedia was written by someone who was clueless about the language.
Cisco stepped up recently in the ongoing fight against COVID by donating a $375,000 Cisco high-performance Unified Computing System to McMaster University. McMaster has partnered with the Ontario Vector Institute and Sunnybrook Health Sciences in Toronto on a tool to make the tracking of the COVID-19 virus easier. The COVID-19 Genotyping Tool (CGT) uses big data analytics to help researchers worldwide track changes in the virus’s genetic structure as it moves from person to person, providing clues that help them determine where it came from, and to project where it’s headed and whether it’s becoming more infectious.
Dell’s new Precision 3240 Compact desktop is absolutely tiny.
Brookfield Residential admits suffering a data security incident [IT WORLD CANADA]
The home construction division of one of Canada’s largest publicly-traded companies has acknowledged it was hit with a cyberattack recently.
Canadian business travellers view mobile check-ins as most important feature for future travel [IT BUSINESS CANADA]
More than half of Canadian business travellers say they have positive feelings about travelling again once COVID restrictions are lifted, provided there is effective tech in place to help them travel for business safely. And most Canadians expect mobile check-ins to perform a lot of the leg work.
The second part of a series focusing on a hacker the U.S. Secret Service described as someone who caused “more material financial harm to more Americans than any other convicted cybercriminals.”
Bookmarks of the week
A few bookmarked tweets that we think are worth sharing with you.
Falcon 9’s first stage has landed at Landing Zone 1 pic.twitter.com/0y5FkVqPk8
— SpaceX (@SpaceX) August 30, 2020
will never get over the fact that every adult human I know finds zoom work meetings utterly exhausting, yet many districts are forcing kids (regardless of age or need) to do that ALL DAY LONG in virtual school (webcams on, or you’re marked absent)
— Nicole Chung (@nicolesjchung) August 27, 2020