Malware is perhaps the most widely known out of all IT security threats. Since 1986, malware has become a significant concern for enterprise users, with recent examples including the Colonial Pipeline attack, Kaseya ransomware attack, and the SolarWinds Dark Halo breach. However, these attacks are just the tip of the iceberg, with many businesses falling victim to malware and...

Phishing threats are everywhere, and if your employees don’t know how to spot them, you’re putting your information at risk. Knowing how to build a successful phishing simulation is vital for identifying how well employees can spot the latest threats and ensuring they know how to spot them independently. Unfortunately, many organizations fail to offer adequate security...

In early July, IT solutions provider and remote management solution provider Kaseya announced that it had fallen victim to a supply chain ransomware attack. During the attack, hackers leveraged a vulnerability in Kaseya’s VSA platform to encrypt the data of hundreds of downstream MSPs and their clients. The Kaseya ransomware outbreak is one of the latest high-profile...

On June 22nd, Terranova Security hosted the 2021 edition of the Security Awareness Virtual Summit. Sponsored by Microsoft, the virtual event boasted sessions featuring speakers from some of the cyber security industry’s most recognized entities, including the National Cyber Security Alliance (NCSA) and Gartner. The event’s lineup also featured a panel discussion featuring...

At the start of April, hackers leaked the data of 533 million Facebook users from 106 countries in an online hacking forum. The leaked data included the private information of Facebook users like full names, phone numbers, email addresses, locations, Facebook IDs, and biographical data. While hackers obtained the information in 2019, there are serious concerns over how cyber...

Maintaining cyber security awareness is something that many companies struggle to maintain, particularly in the logistics and transportation sectors. Even though cyber crime poses an existential threat to these industries, awareness of threats like phishing attempts and ransomware remains low. As a critical infrastructure sector, the transportation sector is a critical...

Personal voice assistants have proven to be a great technological innovation that improves lives daily. With 4.2 billion of these devices in use in 2020, they are no longer just a novelty, and, with workers staying home for the foreseeable future, voice assistants could pose a sizeable security risk. Voice assistants are mostly known as standalone speakers that people talk to...

Imagine waking up one day and the organizations you deal with – your bank, your workplace, the tax office, your educational institution – don’t recognize you as you. Sounds like science fiction, right? In its extreme version, it is. But versions of this story are playing out for people and organizations daily as incidences of identity theft occur more frequently around the...

During the last week of January 2021, cyber security provider TrendMicro shared a blog post highlighting an Office-365 phishing campaign that criminals have targeted executives within manufacturing, tech, real estate, government, and finance since May 2020. As part of the scam, fraudsters sent the victims fake emails with links to a phishing site, where they harvested their...

Discover security awareness trends and best practices for 2021 Your employees are your first line of defense against cyber security attacks. The strength of your security awareness program depends on every employee in your organization. As part of your organizational goals and plans for 2021, you need to prioritize building a cyber secure and aware culture. This requires an...

The disruption caused by the Covid-19 pandemic saw enterprises across the globe rapidly adopt remote working to support social distancing and comply with quarantine restrictions implemented by national governments. Amid this chaos, many cyber criminals created new phishing scams and other online threats, leading to many high profile data breaches. One of the most alarming...

Every organization, regardless of size or revenue generated, needs an information security program (ISP), a collection of initiatives that form the basis for any cyber security plan involving confidential data. A well-developed information security program enables your organization to take an inclusive approach to protecting data such as protected health information (PHI),...

Actionable security awareness tips on how employees can prevent insider threats  A misplaced USB drive with confidential data. An opportunistic employee sharing confidential information with a competitor. An employee who accidentally clicks a phishing email. These are all examples of insider threats to your organization. Insider threats unfortunately are not simply the stuff...

With Black Friday, Cyber Monday, Thanksgiving, and the Christmas holidays fast approaching, cyber criminals are working round the clock to create new scams, such as the shipping notification scam, to phish for private information and commit identity fraud. As many employees will be shopping online during working hours, cyber security leaders need to educate employees on...

The holiday shopping season presents a target-rich environment for cybercriminals. In fact, as per the 2020 Trustwave Global Security Report, the retail industry is the most targeted sector for cyber attacks for the third year running. An increasing shift to a digital environment—a change due in no small part to the COVID-19 pandemic—isn’t making data protection easier for...

How to Protect Against Ryuk Ransomware As countries worldwide struggle to come to grips with the Covid-19 pandemic, attackers have attempted to capitalize by launching a wave of ransomware attacks on hospitals across the U.S. and Canada. These attacks have taken place in locations ranging from New York, Nebraska, Ohio, Missouri, and Michigan, to Montreal, by using Ryuk...

Security awareness training for financial services and bank employees must be a top priority. While financial services institutions have long been prime targets for cybercriminals, as most attacks are financially motivated, the shift to remote work business models and operations has heightened cyber security risk levels. Recent data reinforces why financial services CISOs and...

Robust, engaging security awareness training is an essential part of strong cyber security practices, especially given the accelerated digital transformation and shift by many organizations to remote workforces. It can also be a crucial value-added product for resellers, distributors, MSSPs, OEMs partners and technology partners, who are looking to expand their portfolio,...

To create a truly effective security awareness training program, your organization must also build a clear, engaging internal communication structure to match. This process involves more than just sending out one or two mass emails to let employees know such a program exists. It’s about establishing a consistent drumbeat of content distribution that grows participation numbers...

In mid-August, cybercriminals targeted the Canada Revenue Agency with two credential stuffing attacks, obtaining the usernames and passwords of 9,041 GCKey accounts, and 5,500 CRA accounts. The fraudsters then used the stolen login credentials to apply for the Canadian Emergency Response Benefit (CERB). In response to the attack, a statement released by the Office of the Chief...