Erich Kron, Freelance Journalist Profile

Articles

Cultivating a security-conscious culture while preserving employee morale

2 weeks ago | propertycasualty360.com | Erich Kron

A strong security culture can be built on positive attitudes toward security controls and policies, role participation and accountability. (Credit: Yakobchuk Olena/Adobe Stock)You get the culture you ignore. For example, an employee walks into the office without their ID badge, and there is no security protocol to challenge this. Soon enough, others may see no value or incentive to wearing a badge, and they too stop wearing it.
Hackers Are Hiding Malware in This Common Image Format—And It’s Working | HackerNoon

2 weeks ago | hackernoon.com | Erich Kron

The KnowBe4 Threat Research team detected a sudden increase in phishing campaigns that abuse the scalable vector graphics (SVG) file format to hide malicious HTML, malware, and scripts that can easily bypass conventional email security filters. Analyzing phishing emails from Q1 we discovered that SVG files comprised 6.6% of malicious attachments within phishing emails—a 245% increase compared to the previous quarter. Why have SVG Files Suddenly Become Popular with Threat Actors?
Gen Z’s Rising Susceptibility to Social Engineering Attacks

3 weeks ago | securityboulevard.com | Erich Kron

Designed to exploit human behavior and our fallible natures, social engineering attacks are surging for a simple reason: It’s far easier to con and compromise an employee and steal the keys to the kingdom rather than trying to hack or subvert advanced cybersecurity controls that require specialized skills and resources. Recently, researchers discovered that a specific set of demographics is more susceptible to social engineering than others. Nope, it’s not baby boomers, but Generation Z.
Cyberattacks on Major Consumer Brands in 2024: Key Takeaways

1 month ago | cdotrends.com | Erich Kron

In 2024, several well-known brands faced significant cyberattacks, highlighting that no organization is immune to cyber threats. At the end of the second quarter 2024, the number of U.S. data breach victims surged by 1,000% compared to the previous period. Below are just a sample of major household brands that were attacked in 2024, highlighting the nature of cybersecurity risks and lessons organizations can learn from these incidents.
Unpaid toll texts are scams, and they keep getting more sophisticated

1 month ago | 13newsnow.com | Erich Kron

ST. PETERSBURG, Fla. — For years, VERIFY viewers have been reporting text messages sent to them, alarming them to alleged unpaid tolls. The messages include a link to pay the bill, and if left unpaid, says extra fees could be added. Many Reddit users who also received the text message have questioned if it's real. Are text messages claiming to be from SunPass, E-ZPass, FasTrk and other companies about unpaid tolls legitimate?
The Power Of Info-Sharing For Shaping Your Organization’s Security Culture

1 month ago | informationsecuritybuzz.com | Erich Kron

Phishing and social engineering attacks are exploding as threat actors increasingly discover that humans are the most exploitable entry point in organizations. Unfortunately, 70% of organizations still report that their employees lack critical cybersecurity knowledge, even when many have a formal security awareness training (SAT) program in place. The success and effectiveness of security awareness programs hinges on three key cornerstones: content, experience, and relationships.
Top 10 Most Probable Ways a Company Can Be Hacked

1 month ago | darkreading.com | Erich Kron

Erich Kron, Security Awareness Advocate, KnowBe4COMMENTARYImagine yourself as an army general. You could send your troops into battle with intel on how the battle will be fought, the targets to be aimed at, the weapons to be loaded. Or, you could send your soldiers into battle blindly, without the necessary intel. Obviously, the former is better. Cybersecurity is no different.
Chubb research shows cybersecurity and AI risks threaten business growth

2 months ago | dig-in.com | Erich Kron

Cybersecurity risks have emerged as a fundamental business issue, one that organizations cannot just brush aside. And it's not because security incidents have led to operational disruptions…it's because security has evolved into a critical business risk that significantly impacts long-term financial stability, growth and business reputation.
Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks

2 months ago | securityboulevard.com | Erich Kron

Through phishing, malware, and password attacks, most cyberattacks are directed at individuals. In response, organizations are increasingly implementing phishing awareness training. This involves sending simulated phishing emails that mimic real-world threats to employees, aiming to elevate awareness about phishing techniques and to improve their reflexes against such attacks.
NIST phish scale Archives

2 months ago | securityboulevard.com | Erich Kron

Using the NIST Phish Scale Framework to Detect and Fight Phishing AttacksThe NIST Phish Scale framework offers a structured and effective approach to improving phishing awareness training in organizations ...