IT staffers receive an average of 40 targeted phishing attacks every year [1] as Cybercriminals are turning their attention towards employees of IT companies, using them as entry points into the company’s infrastructure.
Ransomware hackers demand $70 million to unlock computers in the widespread attack. Phishing attacks are cybercrimes where an attacker tries to coerce the victim to visit malicious links, which can then be used to install malware on their devices. They are usually carried out using emails, text messages, or even phone calls. On the other hand, social engineering involves the psychological manipulation of a victim to trick them into giving away sensitive information.
The report said that old methodologies of email protection that relied on rules, policies, allow or blocklists, signatures, and other attributes of traditional email security are no longer effective against the growing threat of socially engineered attacks.
700 social engineering attacks every year
Attackers can target employees outside the finance and executive teams to find the “weak links” in an organisation. Targeting lower-level employees offer them (cybercriminals) a way to get in the door and then work their way up to higher-value targets. Therefore, it is crucial to ensure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.
The shift to remote work witnessed a tremendous disruption of security programs. Organisations were focused on bringing their business online, making security an “afterthought”, which led to a “record high” in data breaches in India during the pandemic.
Organisations must continue the training and awareness of IT and cybersecurity seriously. Securing identities has become a core tenet of security, as identities can create walled gardens in the face of dwindling organisational security borders and increasing workforce mobility.
How to create a customised security awareness program?
At the Global IT-, Cyber- & Computer Security Day on the 30th of November 2021, 12 experts will guide on establishing a digital trust with employees, customers, partners, and vendors.
At the Cyber- and Computer Security Day, we focus on issues that affect information systems with different malicious attacks such as spyware, virus, social engineering etc. You will be motivated to know more about the intuitive and automated systems-level approach that:
- Determine the overall security characteristics of an information system
- Develop designs for treating security issues in the IT governance systems
- Adopt controls to cyberspace, especially cyber criminality, to help lower their level of vulnerabilities to an acceptable level throughout the application of a cybersecurity action plan
More details can be found here. The Agenda is available here, and it is possible to register here.