Those who thought IT professionals are immune to these forms of attack would be wrong — 47 percent of IT professionals reported that they had, themselves, been the target of attempted social engineering in the last year alone. Although many of these incidents are ultimately unsuccessful, cyber criminals use this form of attack for the simple reason that it often pays off.
People who are unfamiliar with the intricacies of social engineering are, unsurprisingly, most likely to become victims. That’s why 60 percent of IT pros warn that new hires are at high risk of social engineering. When a new employee finds themselves tricked by social engineering, the entire company can suffer devastating consequences that may range from financial loss and identity theft to extremely sensitive data breaches.
The fact that social engineering attacks are increasingly targeted is especially concerning. In recent times, 60 percent of companies had to deal with social engineering attempts that sought to exploit fears related to COVID-19 by sending emails that appear to come from the CDC and related organizations. Social engineering attacks may also combine hacking or OSINT techniques to craft such a personalized message that it’s hard to believe it could be malicious. One example of this would be the exploitation of rebate tracking websites — the victim would receive a message with information about an item they have recently purchased, and easily click on supposed rebate links.
To combat social engineering attacks and protect the entire organization, employee training is absolutely essential. An organization is, after all, only as strong as its weakest link, and one new hire can unwittingly make a disastrous cyber attack possible.
Because the vast majority of cyber criminals rely on social engineering, and employee training is the best line of defense, every business should take this training as seriously as it would their firewall or penetration testing. New employees may be especially vulnerable, but it would also be prudent to remember that trends in cyber crime evolve constantly. Making employee training against social engineering a core part of company culture, and running training sessions at least quarterly, goes a very long way toward shielding a business from these psychological attacks.
If you want to find out more about how you can train your employees against cyber attacks speak to us today.