Truth in IT

I'm excited to be speaking at RSAC again! I'll be doing 3 presentations, a book signing (4 of my books will be in the RSAC bookstore), and hanging out in the KnowBe4 most of the time. If you want to meet me, please come by.

A vendor just emailed us an invoice. Right logo. Right project. Right invoice number. New bank account. If we had paid it, $50K is gone. No recovery. No insurance. Just gone. We got an email a few days later that the vendors email had been hacked. This is happening to businesses every single day. And it's about to get much worse. AI is an incredible tool when it's used for good. But it is also a weapon. The same technology helping us underwrite deals and manage portfolios is helping criminals build perfect fraud at zero cost and infinite scale. The "Nigerian Prince" is dead. He's been replaced by AI that sits inside your vendor's email for months. It watches your payment cycles. It learns your controller's name. It waits for the perfect moment to swap banking info on a real invoice. It requires vigilance and good processes to not get fooled. Here are a few basic things we do: 1. Banking info changes = full stop. No exceptions. We stop and we call. 2. Never call the number on the new email. That's the hacker's number. We dig up the old contact info and call someone we already know. 3. Hold payment if there is a bank change. Every updated account gets a mandatory hold and a voice callback to the vendor. Two-minute phone call costs you nothing. One bad ACH is an expensive mistake. What else should we be doing?

@DallasAptGP @rogeragrimes You must also be careful of the 3rd party financial portals. They provide a false sense of security.

Unlock ultra-fast, resilient cloud infrastructure! Discover how StorPool with Oracle Virtualization power efficient HCI in our on-demand webinar. Watch now: hubs.ly/Q041JNPh0 #OracleVirtualization #SoftwareDefinedStorage #HCI #CloudInfrastructure #EnterpriseIT

Epic Systems filed a lawsuit accusing data brokers of masquerading as medical facilities in order to pull nearly 300,000 patient records. forbes.com/sites/monicahu… Almost certainly, this has been happening for decades at a far greater scale than this single instance.

Discover how Dustin Group boosted cloud performance, simplified ops, and scaled efficiently with StorPool’s software-defined storage. Read the full case study: hubs.ly/Q03W1_2d0 #StorPool #CloudInfrastructure #SDS #CaseStudy

Check out my latest article: Microsoft Help Desk Phishing Scam linkedin.com/pulse/microsof…

Building a next-gen cloud? StorPool’s experts help you validate hardware, model performance & TCO, and accelerate deployment. Skip trial and error and talk to a specialist today: hubs.ly/Q03Nq3fF0 #CloudInfrastructure #SoftwareDefinedStorage #StorPool #ITStrategy

VIDEO: Listen as our CEO, Karen Gondoly, walks through how Leostream delivers centralized, secure, high-performance access across any environment leostream.com/resources/rein… #RemoteAccess #HybridCloud #ZeroTrust #VDI #VPAM #DigitalWorkspace

Phishing Campaign Impersonates Password Managers By Sending Fake Emails Saying They've Been Hacked And Telling Customers To Download a New (Trojan) Version blog.knowbe4.com/phishing-campa…

China does not play around. 11 scam operators were sentenced to death, plus more were sentenced to jail. The criminals earned over $1.3B in illegal gains by kidnapping, human trafficking, and forcing those who were kidnapped to scam the rest of the world risky.biz/risky-bulletin…

Fake Google Drive alert sent to Gmail user. Tricky because it does have your gmail.com address if you have one, so it could look somewhat legit. But it's not. Google is not giving final warnings!!

What if AI agents could build new agents on the fly and anyone in your enterprise could use them? In our latest @TruthinIT interview, our VP, AI Agents, @vivekhaldar , joins Mike Matchett (Principal Analyst at Small World Big Data) to unpack how Emergence is solving one of the biggest challenges in enterprise AI: the vast volumes of unanalyzed data trapped behind bottlenecks in data science and engineering. Here are some highlights from the conversation: - Build, deploy & reuse AI agents with CRAFT, all through natural language - Dynamic agent creation, with agents that can even generate new agents at runtime - No-code AI that empowers both technical teams and business users to unlock insights once out of reach - Works seamlessly with structured & unstructured data, with built-in compliance and PII redaction - Flexible deployment options: SaaS, VPC, or on-prem For organizations drowning in untapped data, CRAFT delivers a fast, adaptive path from question to insight and harnesses AI for broader business workflows across the enterprise.

From the Forrester Breach Benchmark Report: 67% of orgs suffer one or more breaches EACH YEAR, and the average org suffers almost 3 data breaches a year. Let that sink in! That's how bad our current defenses are. Why aren't we doing something different?? forrester.com/report/2025-br…

Check out my latest article: PayPal Scam From PayPal linkedin.com/pulse/paypal-s… via @LinkedIn

🌱Sustainable business growth isn’t a solo sport. Learn why 🤝 thriving ecosystems matter more than ever in Simon Ninan’s latest thought leadership on The Array: htchivantara.is/47ehO3J

Check out my latest article: If You Think Social Engineering Is Bad, It’s Going to Be Much, Much Worse Soon linkedin.com/pulse/you-thin… via @LinkedIn

Another breach, another reminder: ✅ Was I expecting this? ✅ Is the request unusual? ✅ Can I verify it another way? If not—don’t click. Don’t reply. Report it. Stay skeptical. Stay secure. #Cybersecurity #Phishing #AIThreats buff.ly/X4Xzng7