With COVID-19 and remote working, 2020 created the perfect conditions for social engineering.
In October 2020, the Ponemon Institute report, Cybersecurity in the Remote Work Era: A Global Risk Report, reported that the most frequent attacks since the onset of COVID-19 involved credential theft (56%) and phishing/social engineering (48%).
As a relentless headline issue that affected everybody and caused drastic upheaval to our day-to-day lives, COVID-19 provided a perfect theme for social engineering attacks.
For example, fake emails from delivery services that included attachments for the address of a warehouse where people could pick up a shipment that did not reach its destination. Or bank phishing attacks with emails offering benefits and bonuses to customers because of the pandemic. The emails contained a file with instructions or links to get more details.
At the same time, the overnight shift of large numbers of employees to remote working increased the threat target area for cyber attacks as more devices were placed outside the protection of the corporate network.
Both of those trends are likely to continue this year, possibly even longer.
Social engineering attacks are popular with cybercriminals because they’re relatively easy to deploy and can bypass the sophisticated security systems that prevent other types of attack.
Instead of trying to find a technical flaw in your company’s security and trying to exploit it, social engineering can trick your employees into launching the malicious content themselves.
The simplicity of social engineering is part of its effectiveness, but it also means prevention measures can be simple too.
If it takes a person to click on an email to launch an attack, all it takes to prevent it is for the person not to click on it.
Your business can create a human firewall if your employees are provided with the right training and awareness. Teach them what to look for when they get an email asking to click on a link or a phone call asking for information. Caution is the watchword.
It can be tempting to overlook employees and put most of your security efforts into software and hardware to keep threats from reaching workers. But consider the different ways they connect to the internet and the range of potential sources of attack: email, Facebook, LinkedIn, Twitter and other web pages.
If you neglect employee education, you’re leaving them vulnerable to attack if your security technology doesn’t stop the attacks getting through.
Thankfully, there are simple ways for employees to identify most social engineering or phishing attacks, such as hovering the mouse over links, verifying URLs and paying closer attention to email addresses or domain names.
Newly remote workers have had a lot to learn. Their usual working pattern has been disrupted, the systems they use are different and their environment has changed. Many of them have lost the social engagement they had with colleagues in the office and are working in isolation in a bedroom or kitchen.
The monotony of that isolation presents an opportunity for cyber criminals and social engineering attacks. Physical social interaction has been replaced with digital social engagement which could open up a new path for social engineering attacks.
There are several ways to protect against social engineering attacks:
We can help you address the wide range of cyber risks that your business faces, including phishing awareness, penetration testing, and unified endpoint management.
Learn more about securing your workplace.
Around the globe, our network reaches 184 countries.
We provide the underlying transport network, the virtual overlay, and the platform to prioritise everything.