Text Message Scams

Archive for the ‘News’ Category

Text Message Scams

Posted by

Don’t click on the link you received about unpaid tolls. It’s likely a scam.

Excerpt from: If You Get This Text Message, It’s Probably a Scam.

Unpaid toll scams are on the rise, according to the FBI. The agency has received more than 2,000 complaints since March. Unpaid toll scams are classified as smishing, whereby bad actors use text messages and pretend to be a part of a company to extract your personal information.

Toll road scam texts often convey a false sense of urgency. This tricks you into acting quickly before you even consider the possibility that it may be a scam.

“Scared people moving quickly make poor decisions, which is exactly what a scammer wants,” Goerlich said. “If a message makes you feel rushed or afraid, trust your intuition and stop responding.”

Read the full article: https://www.cnet.com/personal-finance/identity-theft/if-you-get-this-text-message-its-probably-a-scam/

Wolf’s Additional Thoughts

Take a beat, take a moment, center yourself, and click from a place of calm. That’s my security awareness advice. While the tactics have changed over the decades, the one thing scams have in common is scaring people into move action. So give yourself a time to think.


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

Ways CISOs Can Stay Ahead

Posted by

Security leaders are expected to defend their organizations against existing and emerging threats. Here are some tactics they can use to crack down on the enemy.

Excerpt from: 9 Ways CISOs Can Stay Ahead of Bad Actors

It is often said that CISOs need to be right all the time and bad actors must only be right once. According to Wolfgang Goerlich, faculty member at independent cybersecurity research and advisory firm IANS Research, that mindset is counterproductive.

“That’s not the case. The criminals are fast, they’re strong, but there are things we can do. I’ve always started with threat intelligence [because] I want to know what the criminals are doing, what their tactics and procedures are. I want to know some good ways to stop them in ways that don’t interfere with my organizations,” says Goerlich. “Security is only as good as the last time you checked, so we will do tabletop exercises, drills, red team exercises and test all those ways a criminal would move through our environment, and ensure we have multiple ways to stop and catch them.”

There are many other things CISOs are doing to stay a step ahead. The following are some examples.

Read the full article: https://www.informationweek.com/cyber-resilience/9-ways-cisos-can-stay-ahead-of-bad-actors


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

Things to Consider When Buying a Password Manager, U.S. News

Posted by

Modern life means the proliferation of passwords. From banking to BBC iPlayer, nearly every website or application requires creating a password. But remembering multiple passwords is cumbersome and using the same easy-to-remember password for every application is a security nightmare. This is where password managers have come into their own

Excerpt from: Best Password Managers in the UK

Things to Consider When Buying a Password Manager

Security features and encryption. “It’s important to determine whether your passwords are safeguarded with multi-factor authentication and if the protection is structured so that only you have access to your data,” says Wolfgang Goerlich, faculty member at cybersecurity research and advisory firm, IANS Research. “This is commonly known as zero-knowledge architecture, which is a great way of saying that the vendor cannot access my passwords and secrets.”

Data backup and sync. For business users with “higher demands on the availability and integrity of their password manager”, Goerlich says that it is important to look into data recovery options, especially if the product is cloud-based: “If the cloud becomes unavailable, the password managers need to be able to continue to function.

Read the full article: https://www.usnews.com/uk/360-reviews/privacy/password-managers


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

Passkey Authentication, ITProToday

Posted by

Many organizations are interested in using passkeys instead of conventional passwords, but how much better are they?

Despite rising concerns about password security and a growing trend towards passkeys and other multifactor authentication tools, passwords remain the primary mode of authentication.

Excerpt from: Is Passkey Authentication More Secure Than Traditional Passwords?

Organizations are advised to use MFA on every website and application. For added security, users should use MFA methods with a physical token or software-based authenticators rather than less secure methods like text or email-based authentication.

Wolf Goerlich, a faculty member at IANS Research, suggested that IT professionals expand their focus beyond the initial authentication factor. “This should include device identity and posture, and the context and conditions of the request,” Goerlich said. “This risk-based authentication provides a defense against account takeovers by session hijacking, along with other common attack techniques.”

Goerlich also recommended that development teams pay attention to session handling, giving careful consideration to the detection and prevention of session hijacking.

Read the full article: https://www.itprotoday.com/identity-management-and-access-control/passkey-authentication-more-secure-traditional-passwords


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

Navigating an Evolving Landscape, Forbes

Posted by

The cybersecurity industry is undergoing significant shifts driven by evolving threats, technological advancements, and changing market dynamics. Wolfgang Goerlich recently noted, “There are certainly a lot of conversations going around with respect to how to do tool consolidation. ‘How do I simplify my security portfolio?’”

Excerpt from: Navigating The Evolving Landscape Of Cybersecurity

5 Questions For CISOs. With thousands of cybersecurity vendors, it can be daunting to evaluate and choose from among the myriad of tools and platforms available. Here are some key factors CISOs should consider:

1. How much visibility do you have of your network?

2. How many tools or platforms do you have to correlate to get a comprehensive view of your environment?

3. Can you access your data from anywhere without adding additional cost?

4. Are you relying too heavily on a single tool or technology?

5. Can your visibility and security scale effectively as your IT environment expands?

Read the full article: https://www.forbes.com/sites/tonybradley/2024/02/23/navigating-the-evolving-landscape-of-cybersecurity/


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

Passwordless authentication supports Zero Trust

Posted by

Passwordless authentication can make a zero-trust environment even more secure. Here’s what state and local governments need to know.

Excerpt from: How Passwordless Authentication Supports Zero Trust

State and local government agencies carry the heavy burden of collecting and managing large amounts of sensitive data to bring essential services to citizens. Naturally, they want to be on the cutting edge of cybersecurity, which is where the zero-trust security model comes in. And now, we’re seeing an innovation that could bolster zero trust’s already formidable defenses: passwordless authentication.

“When we think about zero trust, we want to regularly assess trust and evaluate everything,” Goerlich says. “If we’re constantly going to users and having them put in codes, PINs and passwords, we’re going to get a lot of resistance. So, I think many roadmaps that are successful for state and local governments pursuing zero trust are introducing passwordless as a way to reduce user friction while driving up assurance around identity.”

Passwordless authentication and zero trust work together. An agency may check a user’s fingerprint or face or have a user enter a PIN, but an agency that employs zero trust will also make sure the user is on the right computer in the right location and is behaving in a way that’s expected.

“This is the future of multifactor: implementing the strongest possible factors and addressing concerns around phishing and other common attacks,” Goerlich says.

How Can State and Local Agencies Implement Passwordless Authentication?

Read the full article: https://statetechmagazine.com/article/2024/02/how-passwordless-authentication-supports-zero-trust-perfcon


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

 

CISOs in crisis

Posted by

Cybersecurity is an intense race that never lets up, an endless back-and-forth with threat actors looking for a way in. Not surprisingly, CISOs are continually on edge, feeling increased stress and pressure: In fact, 75% are open to change, according to a new report from IANS Research and Artico Search.

Excerpt from: CISOs in crisis – why they feel dissatisfied and neglected by the C-suite and board.

So what can CISOs do to improve their satisfaction levels, standing and influence within a company and broaden their non-technical expertise? For starters, advocate, IANS advises. With traditional characteristics no longer meeting the needs of the new security landscape, CISOs have an “unprecedented opportunity” to argue for their role at the C-suite level and call for enhanced interaction with boards.

Ultimately, says advisory CISO and IANS faculty member Wolfgang Goerlich: “CISOs who manage relationships are more satisfied and successful than CISOs who manage technology.”

Read the full article: https://www.sdxcentral.com/articles/analysis/cisos-in-crisis-why-they-feel-dissatisfied-and-neglected-by-the-c-suite-and-board/2024/01/

Wolf’s Additional Thoughts

Security leadership is a relationship, not a position. I’ve said it before and I’ll say it again. I understand many of us (myself included!) got into this field for our love of technology. Preserve that love, that spark, that joy. But always remember it is our relationship with our peers, the C-Suite, and the board, which enables us to lead and make a difference.

Side note, I’m a fan of coaching. Both being coached, and coaching others. I think it just makes good sense to get an outside opinion on what you’re doing, and what’s possible. The study found it also makes good business sense. “Security leaders who don’t participate in professional development make an average of $369,000 a year, while those with executive coaching take in roughly $550,000 — a difference of nearly $200,000.”


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

 

ConsumerAffairs says use multiple emails

Posted by

According to tech experts who say that if you slice and dice your email addresses the right way, you’ll not only declutter your digital life, but you will protect yourself better when it comes to phishing and financial scams.

Excerpt from: Multiple email address for different functions beefs up security.

How many email addresses do you have? If you’re like most Americans, you have two – personal and work. But there’s a large number – 28% – who have four or more email addresses. The privacy and scam experts that ConsumerAffairs spoke to were pretty much in agreement that the magic number is four or five email addresses and they’re shoulder to shoulder on what those addresses should be, too.

Wolfgang Goerlich  insists a separate shopping — including for subscriptions and newsletters — email account is an absolute must. “For example, a shipping scam or invoicing scam sent to an email address not used for shopping is easily spotted,” he told ConsumerAffairs.

“Say one of your email addresses gets compromised because of clicking on a scam, or falling for a phishing email, the criminal wouldn’t be able to get into your bank if it’s through a separate address. And when a website or app gets breached, and they often do, it helps to keep things separate.”

Read the full article: https://www.consumeraffairs.com/news/multiple-email-address-for-different-functions-beefs-up-security-121423.html

Wolf’s Additional Thoughts

My recommendation is breaking email into: personal, professional, shopping, banking and finance, dating and relationships. Take that last category. People have been embarrassed, harassed, or even blackmailed when dating sites were compromised and their work email addresses were tied to those sites and leaked.

For the longest time, maintaining separate email addresses was a bit of a pain. You had to create them, remember to check them, and periodically clear out the inboxes. Today the major email providers make it easier to maintain several accounts. Moreover, on phones, it is easy to create separate email addresses for practically every website. Apple iPhone can do this natively with “hide my email” and Google Android devices can do this with third-party apps.

It’s never been easier to maintain a separation of email, and arguably, it’s never been more important to do so.


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

 

9 in 10 organizations embraced zero-trust, CSO

Posted by

Nearly 90% organizations have begun embracing zero-trust security, but many still have a long way to go, according to a report by multinational technology company Cisco. “The more organizations know about zero trust, the less they feel competent in zero trust,” Goerlich adds. “The more they learn, the more they realize they need to go further.”

Excerpt from 9 in 10 organizations have embraced zero-trust security globally.

“What often happens to security concepts that begin as buzzwords and capture momentum is they fade off into business as usual,” Goerlich says. “What we’re seeing is people no longer asking, ‘Are you doing zero trust?’ It’s, ‘Are you securing this new line of business? Are you securing our mergers and acquisitions? Are you protecting us against ransomware? Are you enabling the business to keep up to changing market demands and changes in the threat landscape?”

“Now that we have the outcomes identified,” Goerlich continues, “we can apply the appropriate technologies and appropriate pillars to achieve those outcomes. What we’re going to continue to see is zero-trust principles becoming fundamental security principles. As we move forward, good security is good security, and good security will include some of these zero-trust principles baked into every layer.”

Read the full article: https://www.csoonline.com/article/1249027/9-in-10-organizations-have-embraced-zero-trust-security-globally.html


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

 

Investments in cybersecurity initiatives, Spiceworks

Posted by

“Good security first delivers a business outcome and then, and only then, as a result, increases security,” noted J. Wolfgang Goerlich, advisory CISO at Cisco Secure.

Excerpt from In the Line of Fire: Understanding and Conquering Cybersecurity Risks

The benefits of adopting zero trust go beyond its drivers. Through zero trust, organizations not only avoid risk (and thus unnecessary costs) but also save capital through operational efficiencies and enable business.

Since implementing zero trust takes two or more years, Goerlich pointed out that organizations may not necessarily have 100% zero trust. “Today, the strongest predictor of whether or not organizations feel that they are achieving zero trust is whether or not they have automation, orchestration in place,” he said.

Aberdeen found that endpoint detection and response (EDR) and extended detection and response (XDR) are becoming mainstream as a result of zero trust thinking.

Goerlich reiterated this and added that organizations increasingly pair extended detection and response (XDR) with zero trust. “If you have a zero trust project in progress, you are 40% more likely to say, ‘I have an XDR/EDR project,’” Goerlich said. “ Because as we harden that layer, criminals are going to move. If you have end-to-end protection, where do they go? They go to the edge.”

Read the full article: https://www.spiceworks.com/it-security/cyber-risk-management/articles/cybersecurity-risk-management-zero-trust/


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.