Steve Levinson
Steve Levinson – Online Business Systems – VP, Risk, Security, and Privacy & CISO As the Vice President of Online Business Systems’ Risk, Security, and Privacy Consulting Practice, and Online’s Chief Security Officer, Steve leads a vibrant, pragmatic, risk-based, business-minded security consulting practice that focuses on right-sized security, including advisory services, governance/program management and risk assessments (PCI, HIPAA, ISO, NIST, FedRAMP and preparation for SOC2) technical security services (vulnerability scanning, penetration testing, red teaming, and secure code development), data protection and privacy, cloud security, and specialized security services for the healthcare and financial industries. Steve is considered a thought leader in the cybersecurity community, delivering captivating presentations and webinars, and having penned dozens of insights for many publications. Steve is an active CISSP, CISA, and QSA with an MBA from Emory Business School and has over twenty years of IT security experience, and over 25 years of IT experience. Steve’s strong technical and client management skills combined with his holistic approach to risk management resonates with clients and employees alike. He has performed or participated in hundreds of risk assessments and compliance assessments, starting his consulting career with Verisign and AT&T Consulting, where he provided cybersecurity consulting leadership. Since then, Steve has served as a key strategic advisor for hundreds of clients and has gained the trust of many industry partners and affiliates, earning him a seat as a respected voice around the PCI SCC’s Global Assessors Round Table. In addition to serving as virtual CISO for several clients, Steve has also performed security architecture reviews, network and systems reviews, security policy development, vulnerability assessments, and served as cybersecurity subject matter expert to client and partner stakeholders globally. Wherever Steve’s travels take him – and he travels a lot – he makes friends and finds time in his busy calendar to gather as many local like-minded security professionals, colleagues old and new, to share ideas, foster connections, and build on ideas. His true professionalism and his earnest nature, together, make up the ‘magic’ that fuels the passion of those he leads. It was exactly this combination of Steve’s vision, passion, and his connections around the world that recently helped form Online’s EMEA division, expanding the organization’s security and digital transformation footprint internationally. Keeping up with the latest security trends and threats is easier than keeping up with Steve; when he’s not connecting with clients or fighting cybercrime, Steve is making meaningful memories with his family, keeping pace with his beloved pups, catching the early surf just after sunrise, or charging down a mountain slope. “Where’s Stev0?” is a common phrase jested amongst colleagues around the virtual Online office. But not to worry, if you miss him, he will circle back again soon.
Earlier this week a new spambot emerged, targeting no less than 711 million email 
addresses. Basically, the spambot delivers malware called Ursnif into the victim's inbox and is capable of stealing personal information such as login details, passwords, and credit card data.
The name of this spambot, “onliner”, is a touch disappointing, a bit ironic, and of course has no relation to us whatsoever. At Online, our team (our employees) are known as Onliners.
The real Onliners are made up of a group of highly talented people who are dedicated to helping companies transform their businesses and run more securely. We are proud of the title Onliners and everything that it represents (#onlinerlife). Onliners from our Risk, Security, and Privacy practice work with our clients every day to implement right-sized security strategies to fight cyber miscreants and spambots just like this one. While we might not care for the name of this latest spambot, when new threats emerge, we know who to turn to for guidance – we ask an [real] Onliner.
"Ultimately, attackers are finding that the easiest vulnerability to exploit is our trusting and helpful nature," said Jay Smith, Onliner and Security Consultant with Online. "We've known about this 'vulnerability' for years, but it's not something that can be fixed with a software patch. It's something that involves developing a healthy sense of skepticism, and that takes time and practice."
According to Smith, the most important steps someone can take to protect themselves from threats such as spambots are:
- Don't underestimate the complexity of modern phishing attacks. We're past the days where we could identify malicious emails based upon poor spelling and dubious connections to Nigerian royalty. Thanks to social networking sites like LinkedIn and Facebook, attackers can learn a lot about you based on your email address alone, and they will use that information to tailor their attacks against you.
- Understand the limitations of modern antivirus software. Just because your antivirus solution doesn't flag an attachment as unsafe, doesn't mean it's safe. While antivirus software has become more sophisticated over time, it can still easily be fooled by threats that it hasn't seen before as it is ‘signature based’.
- When in doubt, don't click on the link and don't open the attachments. Just don't. Even if it seems urgent, find another way to verify that the email is legitimate, even if that means picking up the phone and calling the alleged sender.
If you have been the victim of a spambot or just want to protect yourself from cyberthreats such as these in the future, please feel free to contact us here and a real Onliner would be happy to help you!
Related links:
https://info.obsglobal.com/blog/we-all-wannacry-heres-how-to-shed-less-tears
https://info.obsglobal.com/blog/2016/03/phishing-attacks-4-tips
Submit a Comment