WebCE’s Weekly Wrap Up: October 26 - November 1

The final week of Cybersecurity Awareness Month saw several stories highlighting the lack of basic cybersecurity awareness among employees and bosses alike. In fact, most cybersecurity training is limited to developers, even though this year saw phishing attacks jump 28% from Q1 to Q2. 

But even as cyber threats become more aggressive and more advanced, tried-and-true cybersecurity best practices remain as effective as ever. The challenge for many organizations is ensuring everyone is properly trained to be a strong human firewall, the heart of any strong cyberdefense. 

Here’s our final installment of this year’s coverage of Cybersecurity Awareness Month.  

Have a story you’d like us to feature? Contact us!   

Top Stories of the Week 

1. Many Bosses Think Their Employees Lack Even Basic Security Awareness (TechRadar) 

   
   

   Nearly three-quarters (70%) of business leaders are increasingly concerned about their employees’ cybersecurity knowledge, stating they lack even fundamental awareness needed to combat rising threats. 

   
   

2. 7 in 10 Firms Lament Workers’ Lack of Basic Cybersecurity Sense (Frontier Enterprise) 

   
   

   Employees can be a firm’s first line of defense, but leaders are increasingly worried that their employees lack security awareness. Nearly 70% of those surveyed believe their employees lack critical cybersecurity knowledge, up from 56% in 2023.

   
   

3. Human Firewall Weaker Than Ever, as Bosses, Users Ignore Cyber Security Best Practice (ITWeb) 

   
   

   IT and cyber security leaders and end-users alike persist in clicking on phishing links, ignoring password best practice and even disabling security measures on their systems, according to Arctic Wolf’s new report: 2024 Human Risk Behavior Snapshot. 

   
   

4. Cybersecurity Training Resources Often Limited to Developers (Dark Reading) 

   
   

   With a lack of cybersecurity awareness training resources for all employees, organizations are more susceptible to being breached or falling short when it comes to preventing threats. 

   
   

5. 4 out of 10 Phishing Emails Are Sent From a Compromised Email Account (KnowBe4) 

   
   

   45% of phishing emails contain a hyperlink-based payload, while 23% include malicious attachments, and 20% rely solely on social engineering. 

   
   

6. Phishing Attacks Are Evolving. Here’s How to Resist Them (Harvard Business Review) 

   
   

   Principles such as authority, social proof, and urgency are often crafted into these scams, prompting automatic thinking from the most cautious of us. It is no wonder that human error drives most cyber incidents. These tactics exploit our cognitive biases, preying on blind spots that arise from quick, emotion-driven decisions. 

   
   

7. 3 Key Factors to Make Your Cybersecurity Training a Success (World Economic Forum) 

   
   

   While there is rarely a single cause of a cyber incident, security and IT leaders say that multiple factors increase the likelihood of a breach, including having an IT or security staff that lacks the right skills (58%), as well as a lack of employee security awareness (54%). 

   
   

8. Preparing for Tomorrow's Cyber Threats (WebCE) 

   
   

   Even as cyber threats evolve, tried and true cybersecurity best practices are still the best approach to thwarting breaches.

   
   

9. A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation (The Hacker News) 

   
   

   In cybersecurity, exposure validation mirrors Holmes' approach: Security teams are usually presented with an overwhelming list of vulnerabilities, yet not every vulnerability presents a real threat. Just as Holmes discards irrelevant clues, security teams must eliminate exposures that are unlikely to be exploited or do not pose significant risks. 

   
   

10. CISA Launches First International Cybersecurity Plan (Infosecurity Magazine) 

    
    

    The plan acknowledges the complex and geographically dispersed nature of cyber risks, and the need for threat information and risk reduction advice to be shared rapidly with international partners. 

Top Podcast of the Week 

Is AI a Friend or Foe in Cybersecurity? Insights from The Godfather of Digital Forensics (Cybersecurity Simplified Podcast) 

AI fortifies cybersecurity but it also strengthens cyberthreats. How can your company tackle this double-edged dilemma? 

Cybersecurity Simplified Podcast asks, Rob Lee, Chief of Research at the SANS Institute, the go-to leader in cybersecurity training. 

With more than 20 years of experience in digital forensics and incident response, Rob is dubbed “The Godfather of DFIR.” He’s also the co-author of the must-read book, Know Your Enemy. 

Get ready to learn about … 

• the critical expertise gap in AI that could leave you vulnerable… 

• why research is a game-changer before deploying AI solutions… 

• why security culture is not the same as security awareness 

• what digital forensics and incident response go hand-in-hand