During the annual eCommerce bonanza known as Black Friday and Cyber Monday weekend, shopping websites will be swarming with people who are mostly unaware of cyber threats that can leave personal data vulnerable. In 2021, Europe, Canada, and the United States saw a 50% spike in transactions during the Black Friday and Cyber Monday window from the previous week. With the imminent spike in online...

With an ever-increasing threat complexity across the cyber threat landscape, Cyber Security Awareness Month (CSAM) provides an opportunity to reflect on how enterprises can enhance their defenses and educate employees on cyber security best practices. Few areas are as important to focus on as security awareness. As part of the 2021 Gone Phishing Tournament , launched during CSAM, Terranova...

On September 15, the Hive ransomware group claimed to have launched an attack against Bell Technology Solutions on August 20, 2022. The compromised information contained approximately 1.9 million active email addresses, 1,700 names, and active phone numbers. Bell Technology Solutions is a subsidiary of Bell Canada, a leading communications company and communications provider for over 140 years...

The secret of any good security awareness training program is teaching your employees how to mitigate the threats they’re most likely to encounter in the workplace. To do this, you need to choose your security awareness training topics carefully. No two organizations have the same infrastructure, vulnerabilities, or user access policies to sensitive data, so there’s no one-size-fits-all training...

Whether deployed as a cloud service or on-premises, email security—and especially email security gateways—is of growing importance to organizations of all sizes, particularly given the upheavals to the working world over the last several years. It is estimated that in the post-pandemic world, one quarter of the workforce will choose to permanently work remote. In some sectors, such as technology...

None of the innovations seen in workplaces over the years posed challenges as significant as remote work. Even before hybrid workforces were the norm, many companies worldwide found themselves consolidated in large multinationals with employees all over the globe. The leading problem companies face, no matter the industry, is giving all their employees the same working experience, regardless of...

When it comes to cyber crime, hackers like to locate the most high-value targets, whether it’s a piece of infrastructure or an individual with access to privileged information, all while expending the least effort possible. In most examples of spear phishing attacks, a criminal will send out targeted attacks via email to multiple users. In these emails, the attacker will use high-pressure...

Spoofing refers to an attack where hackers use various ways to disguise their identity so that their victims think they are talking to their coworker, boss, or business. The methods used to achieve this are the typical phishing tropes such as fake websites, links, and social engineering . When spoofing is involved, it’s often more helpful to focus on detecting the facade rather than looking at the...

Malware is perhaps the most widely known out of all IT security threats. Since 1986, malware has become a significant concern for enterprise users, with recent examples including the Colonial Pipeline attack, Kaseya ransomware attack, and the SolarWinds Dark Halo breach. However, these attacks are just the tip of the iceberg, with many businesses falling victim to malware and ransomware attacks on...

Phishing threats are everywhere, and if your employees don’t know how to spot them, you’re putting your information at risk. Knowing how to build a successful phishing simulation is vital for identifying how well employees can spot the latest threats and ensuring they know how to spot them independently. Unfortunately, many organizations fail to offer adequate security awareness training , with...

In early July, IT solutions provider and remote management solution provider Kaseya announced that it had fallen victim to a supply chain ransomware attack. During the attack, hackers leveraged a vulnerability in Kaseya’s VSA platform to encrypt the data of hundreds of downstream MSPs and their clients. The Kaseya ransomware outbreak is one of the latest high-profile ransomware attacks targeting...

On June 22nd, Terranova Security hosted the 2021 edition of the Security Awareness Virtual Summit. Sponsored by Microsoft, the virtual event boasted sessions featuring speakers from some of the cyber security industry’s most recognized entities, including the National Cyber Security Alliance (NCSA) and Gartner. The event’s lineup also featured a panel discussion featuring security awareness...

At the start of April, hackers leaked the data of 533 million Facebook users from 106 countries in an online hacking forum. The leaked data included the private information of Facebook users like full names, phone numbers, email addresses, locations, Facebook IDs, and biographical data. While hackers obtained the information in 2019, there are serious concerns over how cyber criminals could use...

Maintaining cyber security awareness is something that many companies struggle to maintain, particularly in the logistics and transportation sectors. Even though cyber crime poses an existential threat to these industries, awareness of threats like phishing attempts and ransomware remains low. As a critical infrastructure sector, the transportation sector is a critical component in the supply...

Personal voice assistants have proven to be a great technological innovation that improves lives daily. With 4.2 billion of these devices in use in 2020 , they are no longer just a novelty, and, with workers staying home for the foreseeable future, voice assistants could pose a sizeable security risk. Voice assistants are mostly known as standalone speakers that people talk to in order to execute...

Imagine waking up one day and the organizations you deal with – your bank, your workplace, the tax office, your educational institution – don’t recognize you as you. Sounds like science fiction, right? In its extreme version, it is. But versions of this story are playing out for people and organizations daily as incidences of identity theft occur more frequently around the world. In 2022, the...

During the last week of January 2021, cyber security provider TrendMicro shared a blog post highlighting an Office-365 phishing campaign that criminals have targeted executives within manufacturing, tech, real estate, government, and finance since May 2020. As part of the scam, fraudsters sent the victims fake emails with links to a phishing site, where they harvested their credentials to sell...