Social engineering and phishing: still a top cause of concern in corporate security
Learn the steps to prevent data loss
The Strategic Security Survey report produced by Dark Reading shows that 58% of organizations in 2021 accused phishing of being the primary cause of problems. 53% cited phishing as a direct cause of security incidents, and for 48%, this would be the most likely cause of an incident.
According to Tempest Security Intelligence, a Brazilian cybersecurity company, phishing that has CEO and other high-level executives is the main kind is spear phishing - which occurs from a previous study and data collection on certain users to make a personalized approach, which can culminate in the theft of the credential of one of these executives.
In possession of a CEO's credential, the criminal can, for example, request funds, financial transfers or sensitive information without raising suspicion in an attack known as CEO Fraud. These attacks can reach a high complexity depending on the target and interest.
A recent report released by Tempest Security Intelligence rescues the case of an executive of a UK company who reports a telephone conversation with the CEO of the company's headquarters (based in Germany), who requested the urgent transfer of more than €200 thousand to a Hungarian supplier. According to the deposition, the voice on the phone sounded all like that of the company's CEO; however, the victim talked to a fraudster using a deep fake system.
According to records from IC3 (Internet Crime Complaint Center), the FBI body that centralizes Internet scam complaints and account theft (executive and non-executive) generated financial losses of more than US$ 1.7 billion in 2019. and more than US$ 1.8 billion in 2020. With this issue in mind, there is a consensus among security experts that it is essential for companies to have Security Awareness solutions, including training and awareness of security in the company's routine, to position employees as the front line of business security.
Even so, there is a long way to go. A survey conducted late last year by the National Cybersecurity Alliance found that 64% of respondents had no access to any cybersecurity advice or training.
Image: Pixaby
Steps to increase security
According to Gartner, there are three success factors for a Security Awareness service:
1 - The first is to have leadership aligned with a vision of awareness of the importance of digital security.
2 - The second is results-oriented metrics and behavioural indicators through reports that indicate employee engagement in training.
3 - Finally, there is the effective communication of the business values, a moment of application of the insights obtained in the previous steps.