Introduction
60% of IT Pros Say New Hires Are At High Risk From Social Engineering
Even the least tech-savvy consumers are quickly becoming aware of important steps they can take toward greater cybersecurity. Today, fewer and fewer people will fall into clumsy traps in which they are invited to — for instance — “click this link to collect your lottery winnings of $5 million”.
As both IT pros and consumers are becoming harder to trick, however, cyber criminals are also growing smarter. Today, 98 percent of cyber attacks incorporate elements of social engineering. Also called “human hacking”, social engineering uses psychology to prey on our fears or exploit our vulnerabilities. Used in the context of cyber attacks, victims can be persuaded to download malware or click questionable links that ultimately lead to the breach of sensitive data.
How Social Engineering is Evolving
Those who thought IT professionals are immune to these forms of attack would be wrong — 47 percent of IT professionals reported that they had, themselves, been the target of attempted social engineering in the last year alone. Although many of these incidents are ultimately unsuccessful, cyber criminals use this form of attack for the simple reason that it often pays off.
People who are unfamiliar with the intricacies of social engineering are, unsurprisingly, most likely to become victims. That’s why 60 percent of IT pros warn that new hires are at high risk of social engineering. When a new employee finds themselves tricked by social engineering, the entire company can suffer devastating consequences that may range from financial loss and identity theft to extremely sensitive data breaches.
The fact that social engineering attacks are increasingly targeted is especially concerning. In recent times, 60 percent of companies had to deal with social engineering attempts that sought to exploit fears related to COVID-19 by sending emails that appear to come from the CDC and related organizations. Social engineering attacks may also combine hacking or OSINT techniques to craft detailed and personalized messages that make it hard to believe it could be malicious. One example of this would be the exploitation of rebate tracking websites — the victim would receive a message with information about an item they have recently purchased, and easily click on supposed rebate links.
How to Protect Your Organization
To combat social engineering attacks and protect the entire organization, employee training is absolutely essential. An organization is, after all, only as strong as its weakest link, and one new hire can unwittingly make a disastrous cyber attack possible.
Because the vast majority of cyber criminals rely on social engineering, and employee training is the best line of defense, every business should take this training as seriously as it would their firewall or penetration testing. New employees may be especially vulnerable, but it would also be prudent to remember that trends in cyber crime evolve constantly. Making employee training against social engineering a core part of company culture, and running training sessions at least quarterly, goes a very long way toward shielding a business from these psychological attacks.
If you want to find out more about how you can train your employees against cyber attacks, speak to us today.
Get in touch with us
Secutor Cybersecurity is a trusted partner comprised of industry leading experts in the fields of Cybersecurity and Governance, Risk and Compliance. We partner with our clients to deliver on-demand solutions tailored to expertly navigate the regulatory demands of their specific industries.
Our proven track record of successfully exceeding client expectations is achieved through the combination of our methodical approach, advanced technologies, subject matter experts, and synergy with client team members.
Secutor is your team of world-class problem solvers with vast expertise and experience delivering complete solutions keeping your organization protected, audit-ready, and running smoothly.
