Evidence Solutions, Inc., (ESI) is a premier forensics company founded in 1982.

ESI Provides Elite experts in:

Digital and Electronic Evidence, Computer Forensics, Cell Phone Forensics
Trucking, Truck Accident Investigation and Trucking Regulations, Truck Safety Consulting, Heavy Vehicles & Hazardous Materials
Sports and Fitness, Fitness Facility Standard of Care
Real Estate & Land, Real Estate Syndication
Bankruptcy and Corporate Governance
Accident Reconstruction

Call for a free consultation: 866-795-7166

 

 

Computer System Security Expert:
Department of Homeland Security
Chief Information Security Officer
Wants Consequences for Workers Who Fall for Security Scams!

Will Consequences Increase Data Security?

E-Discovery Expert / Computer Forensics Articles

By Scott Greene

If you fall for a phishing email, should you have your ability to handle sensitive government information revoked?

Cyber Security Expert: Treat Your Laptop Like Cash

Data Security Expert: Is Your Job On The Line Opening an Email?

When an associate opens a Phishing email and clicks on a link which has disastrous consequences it is no doubt embarrassing. However, the Chief Information Security Office (CISO) at the Department of Homeland Security (DHS) would like to see significant consequences to such hazardous behavior.

The DHS CISO Paul Beckman has proposed significant consequences up to and including termination for falling for hacking schemes. Currently, Beckman sends fake phishing e-mails to his staff. If the recipient fails to follow protocols and/or falls for the scam they must undergo remedial security training.

Beckman was part of a panel discussion regarding CISO priorities at the Billington Cybersecurity Summit in Washington on Sept. 17. During the panel discussion Beckman said: “These are emails that look blatantly to be coming from outside of DHS — to any security practitioner, they’re blatant. ” he went on to say “But to these general users” — including senior managers and other VIPs — “you’d be surprised at how often I catch these guys.”

In the discussion, Beckman said a small number of employees continue to fall for the fake scams even in the second of third round or phishing tests.

But Beckman wants to put his staff’s job on the line. He would do so by using these security tests and an individual's susceptibility to security threats as part of their performance evaluation. He would also use the test results as a factor in determining whether the individual is competent to handle sensitive data and have a security clearance.

Phishing remains one of the hacker’s simplest and most powerful ways into computer systems. When users click on attachments or links to malicious sites, they are letting the hacker into their computer system. This entry can be limited to a single computer or, more than likely, into the entire network.

According to the recently published Verizon Data Breach Investigation Report, 23 percent of phishing recipients open malicious messages. While this is a horrible statistic, the report says 11 percent open attachments. According to the report, it only takes 82 seconds from when a phishing campaign is launched to when people start swallowing the bait.

Spear Phishing is a more targeted system used to deliver malware or get the recipient to open a link. The sender generally has more information about the email recipient than would the average spammer. This additional information lures the recipient into thinking the email and links contained in the email are legitimate.

When data breaches occur, which leak sensitive information, hackers gather up the  information and use it to for Spear Phishing campaigns.

Becker has good reason to be concerned about this at the federal level. His personal data along with over 21 million other federal employees, was leaked in the Office of Personnel Management (OPM) data breach which occurred earlier this year.

The data which was breached from the OPM is certainly likely to be used to create spear phishing attacks against government employees. Some of those employees may have Top Secret or Secret clearances. If they fall for the wrong attack and open the wrong email and / or click on a link, who knows what other data could be leaked.

Training is the most important component in the defense of these cyber attacks. However, when the training doesn’t sink in and the attacked is dealing with sensitive data perhaps stronger measures may need to be taken as Becker suggests.

Contact us!

We are experts in Cyber and Digital Security. Call us today for a FREE consultation: 866-795-7166

By Scott Greene

Evidence Solutions, Inc.

Complex Electronic Evidence in PLAIN English.

Call us today with your Car Evidence Questions: 866-795-7166 or This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Related Forensics Expert Articles and Pages.

Cyber Security Expert: 10 Steps to a More Secure Laptop 6-10

Cyber Security Expert: 10 Steps to a More Secure Laptop 1–5

Computer Forensics

Data Breach Expert: Visual Hacking a Threat Most Miss

Digital Security Expert: Cars, Cyberattacks & Your Data!

 

An Article from our Trucking Experts:

Truck Regulation Expert: Life in Prison for Owner/Operator
 

Complex Electronic Evidence in PLAIN English.

Like Evidence Solutions - Computer Data Breach Forensics Experts on Facebook

Follow Evidence Solutions - Cyber Evidence Experts Division on LinkedIn

Circle Evidence Solutions - Digital Forensic Evidence Investigation Experts on Google+

Google+ Author

Google+ Publisher