Human Error Is A Hacker's Dream

Uploaded on 2023-02-07 in TECHNOLOGY--Hackers, FREE TO VIEW

With targeted and increasingly sophisticated phishing scams continually on the rise, the ever-evolving world of digital communication presents the optimal backdrop from which fraudsters can readily strike. 

The Different Forms Of Phishing  

Employees may be able to spot the more obvious phishing emails as they tend to have a couple of common themes; they either look completely innocuous or they tap into fear, for example “your bank account has been hacked”. Hackers will often tailor emails to topics relevant at the time and they will certainly tailor it to seen relevant to an organisation. A seemingly urgent email from someone imitating a senior member of staff is relatively simple to execute as this information is online for all to view.
 
People often expect to only be exposed to phishing through scam emails, leading them to wrongly assume the legitimacy of phone calls and divulge information. In a recent global report by Mutare, over 47% of businesses reported that they had experienced some form of voice phishing, or vishing, in the last 12 months. 
 
Vishing occurs when someone phones you with the intent of deceiving you into sharing personal data with them. As a method of phishing, it came before email but has been making a resurgence in recent years. Large organisations are often targeted and should be extra cautious in terms of employee training and have complete clarity on which information employees are allowed to pass on over the phone. 
 
Multifactor Authentication (MFA) fatigue attacks is a strategy used to get around multi-factor authentication and usually take the form of fake emails repeatedly requesting access information from someone. This can lead to the recipient eventually getting so frustrated they either turn it off or hand over security codes. 
 
MFA fatigue attacks are relatively new, sophisticated methods, however in reality they make up only a small percentage of attacks. Phishing emails are still the most common threat, and, in these instances, it is a numbers game; the hacker will send hundreds or thousands of phishing emails to an organisation looking for that one click, playing the odds and hoping they can get past the barriers for at least one individual.  

Human Behaviour - A Vital Piece Of The Puzzle 

Human behaviour plays a vital role in ensuring organisations and people stay safe and protected from the threat of phishing. In the phishing space, human behaviour is critical. Ensuring everyone in your organisation has had regular training so they know the signs to look out for, as well as having a level of consciousness about their own data security are key.
 
You can also subscribe to various threat intelligence services which keep records of all the current known ‘scams’ so you can set up systems to weed them out and filter before they even get through to inboxes. However, keep in mind that you can’t filter everything.  

Andrew Parsons is UK partner and cyber security expert at international law firm Womble Bond Dickinson

You Might Also Read: 

Will The Insider Threat Intensify During The Recession?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Hit Thousands of Computers
SMBs Are Taking Cybersecurity More Seriously »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber adAPT

Cyber adAPT

Cyber adAPT offers a leading network threat detection platform (NTD) to the enterprise and ODM/OEM markets.

Cybercom Group

Cybercom Group

Cybercom offers strategic advice, testing & quality assurance, security solutions, system development, integration, management and operation services.

Alliance for Cyber Security (ACS)

Alliance for Cyber Security (ACS)

An alliance of all major players in the field of cyber security in Germany with a mission to strengthen Germany’s resistance to cyber-attacks.

Computest

Computest

Computest security testing services include Mobile app security, Vulnerability assessments, Attack & penetration testing, Security awareness training, Network security assessments.

SWAT Systems

SWAT Systems

SWAT Systems is an IT support and cyber security managed service provider.

Nihon Cyber Defense

Nihon Cyber Defense

Nihon Cyber Defence’s mission is to provide robust solutions, services and support to governments, corporates and organisations in order to protect them from all forms of cyber warfare.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

KDM Analytics

KDM Analytics

KDM Analytics software products automate the NIST risk management framework (RMF) assessment for operational technology (OT) systems.

SecAlliance

SecAlliance

SecAlliance is a cyber threat intelligence product and services company.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

Secfix

Secfix

Secfix helps companies get secure and compliant in weeks instead of months. We are on a mission to automate security and compliance for small and medium-sized businesses.

FTI Consulting

FTI Consulting

FTI Consulting is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.