Human Error Is A Hacker's Dream

Uploaded on 2023-02-07 in TECHNOLOGY--Hackers, FREE TO VIEW

With targeted and increasingly sophisticated phishing scams continually on the rise, the ever-evolving world of digital communication presents the optimal backdrop from which fraudsters can readily strike. 

The Different Forms Of Phishing  

Employees may be able to spot the more obvious phishing emails as they tend to have a couple of common themes; they either look completely innocuous or they tap into fear, for example “your bank account has been hacked”. Hackers will often tailor emails to topics relevant at the time and they will certainly tailor it to seen relevant to an organisation. A seemingly urgent email from someone imitating a senior member of staff is relatively simple to execute as this information is online for all to view.
 
People often expect to only be exposed to phishing through scam emails, leading them to wrongly assume the legitimacy of phone calls and divulge information. In a recent global report by Mutare, over 47% of businesses reported that they had experienced some form of voice phishing, or vishing, in the last 12 months. 
 
Vishing occurs when someone phones you with the intent of deceiving you into sharing personal data with them. As a method of phishing, it came before email but has been making a resurgence in recent years. Large organisations are often targeted and should be extra cautious in terms of employee training and have complete clarity on which information employees are allowed to pass on over the phone. 
 
Multifactor Authentication (MFA) fatigue attacks is a strategy used to get around multi-factor authentication and usually take the form of fake emails repeatedly requesting access information from someone. This can lead to the recipient eventually getting so frustrated they either turn it off or hand over security codes. 
 
MFA fatigue attacks are relatively new, sophisticated methods, however in reality they make up only a small percentage of attacks. Phishing emails are still the most common threat, and, in these instances, it is a numbers game; the hacker will send hundreds or thousands of phishing emails to an organisation looking for that one click, playing the odds and hoping they can get past the barriers for at least one individual.  

Human Behaviour - A Vital Piece Of The Puzzle 

Human behaviour plays a vital role in ensuring organisations and people stay safe and protected from the threat of phishing. In the phishing space, human behaviour is critical. Ensuring everyone in your organisation has had regular training so they know the signs to look out for, as well as having a level of consciousness about their own data security are key.
 
You can also subscribe to various threat intelligence services which keep records of all the current known ‘scams’ so you can set up systems to weed them out and filter before they even get through to inboxes. However, keep in mind that you can’t filter everything.  

Andrew Parsons is UK partner and cyber security expert at international law firm Womble Bond Dickinson

You Might Also Read: 

Will The Insider Threat Intensify During The Recession?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Hit Thousands of Computers
SMBs Are Taking Cybersecurity More Seriously »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Paessler

Paessler

Paessler is a leading worldwide provider of network monitoring software.

Stratogent

Stratogent

Stratogent does IT and Cybersecurity operations. We specialize in high-touch and high-change IT environments, especially in the biotech and pharma industry verticals.

Zimperium

Zimperium

Zimperium offers enterprise class protection for mobile devices against the next generation of advanced mobile attacks.

Cyber8Lab

Cyber8Lab

Cyber8Lab provides cybersecurity training programmes simulating real world cybersecurity incidents such as web defacement, malware, phishing, digital forensics analysis and wireless intrusion.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (formerly iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

Corvus Insurance

Corvus Insurance

Corvus' mission is to create a safer, more productive world through technology-enabled commercial insurance.

Cyberens

Cyberens

Cyberens provide cybersecurity consulting services in IT sectors relating to defense and space, banking, industrial control systems and IoT.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

Moss Adams

Moss Adams

Moss Adams is a fully integrated professional services firm dedicated to assisting clients with growing, managing, and protecting prosperity.

Support Link Technologies (SLT)

Support Link Technologies (SLT)

Support Link Technologies are an IT Solutions Company committed to achieving customer satisfaction through excellent customer service.

Data Pie Cybersecurity

Data Pie Cybersecurity

The Data Pie Cybersecurity Consulting offers a 360° around protection for your IT security. Security awareness solutions and consulting.

Secfix

Secfix

Secfix helps companies get secure and compliant in weeks instead of months. We are on a mission to automate security and compliance for small and medium-sized businesses.

Baselime

Baselime

Baselime, the cloud-native observability platform. Resolve issues in your cloud application before they become problems.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.