blog-logo.png

A BLOG ABOUT CYBER SECURITY

Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

Risk Management

Scary Data Breach Statistics of 2017

Posted by Gretel Egan on Oct 27, 2017 12:20:04 PM

On October 25, the Identity Theft Resource Center (ITRC) published its latest compilation of confirmed data breach notifications affecting US organizations and customers so far this year.* The headline numbers — 1,120 total breaches and more than 171 million records exposed — are frightening in their own right, especially considering that in all of 2016, the ITRC reported 1,039 total breaches and just over 36.6 million records exposed. But what really stood out to us in this latest look at the report wasn’t the numbers that are known, but the numbers that remain unknown.

Read More »

Connecting the Dots: The Human Factor and the Cost of Cybercrime

Posted by Gretel Egan on Oct 18, 2017 11:29:20 AM

The recently published 2017 Cost of Cyber Crime Study from Ponemon Institute and Accenture delivered some sobering statistics:

  • Organizations pay an average annualized cost of $11.7 million* to deal with cybercrime (up 23% from the prior year).
  • Organizations are dealing with an average of 130 successful security breaches each year (an uptick of 27% year over year)
  • The average cost of cybercrime has risen by 62% since 2013.
Read More »

Security Awareness Training: Why ‘Us vs Them’ Is a Lose-Lose Situation

Posted by Gretel Egan on Aug 24, 2017 3:39:31 PM

Good idea: Applying gamification techniques to your security awareness training program. This type of lighthearted, healthy competition between departments can help engage participants and leave employees feeling empowered and rewarded.

Bad idea:  Approaching your security awareness training program with a ‘you vs. the end users’ mentality. This mindset can breed resentment and distrust — on both sides — and undermine your efforts to build a more secure culture.

Read More »

Black Hat 2017 Takeaways: Treating the Root of End-User Risk

Posted by Kurt Wescoe on Aug 1, 2017 9:49:12 AM

Last week, I got to spend time with many other members of the security community at Black Hat USA 2017. Despite being in the infosec space for the past ten years, this was my first time attending the event, and I was impressed with the breadth of topics covered. None too surprising, I found a lot of interesting talks in the “Human Factors” track, but it was refreshing to see how broadly this community is looking at security.

Read More »

Business Email Compromise: Prevent Wire Transfer Fraud & W-2 Phishing

Posted by Gretel Egan on Jul 27, 2017 8:26:00 AM

Though business email compromise (BEC) phishing attacks continue to plague organizations worldwide, many end users still don't fully appreciate the danger. Employees are not aware of how sophisticated these targeted social engineering attacks can be, the very real threat they pose to their personal reputations, and the impact they can have on their organizations. 

Read More »