The sudden onslaught of Covid-19 caused (and still is causing) untold devastation. But there was another, far stealthier, attack that followed close on the virus’s heels. With employees having to work from home, many companies found themselves floundering in unchartered waters… and the sharks were circling. Threats and vulnerabilities faced by businesses were suddenly amplified and became frighteningly obvious.
As the pandemic tightened its stranglehold on the world, so cyber-criminals began to move in on the unsuspecting – and it seems that many companies were caught napping. As large numbers of employees began working remotely, often using their own devices, cyber security risk and vulnerability potential increased exponentially, making it inevitable that there would be a surge in attacks.
A digital pandemic
In a study done by Mimecast, it was found that in 2020 email-based threats increased by a staggering 64%, along with a 47% increase in email spoofing activity. Even more worryingly, though, was that employees were clicking on three times more malicious emails than they would have before the pandemic broke out.
Shocking? Yes. Surprising? Well, no, not really.
Cyber-criminals are well aware that heightened emotions, including the fear and anxiety that employees were feeling at the onset of the pandemic, can cause people to react to urgent or fear-inducing emails that they wouldn’t normally open. The reality is that a business’s first line of defence when it comes to cyber security is its employees. To get to the root of email security challenges faced by companies worldwide, let’s unpack the ins and outs of social engineering.
The human factor
Although scams have been around for as long as there have been scam artists, the term ‘social engineering’ was only coined in the 1990s. It refers to the manipulation technique of exploiting human psychology in order to gain access to something, either tangible like a building, or intangible such as data. In the cyber world, social engineering has evolved into various different techniques ranging from simple scams, like the popular change of banking details ploy or fake invoices, to sophisticated attacks.
Now more than ever, email is the number one tool for business communication – but it can also be a conduit for cyber-attacks like phishing and spoofing, which can lead to data breaches, malware attacks and massive losses for businesses. Phishing attacks are the most common and have spiked by 63% since the pandemic began but others, like ransomware, are also on the rise. Cyber criminals often use social media sites to track strategic individuals within organisations who could have access to the company’s systems. Spear phishing – targeting a specific individual or company either to steal data or install malware on the victim’s computer – is often a very effective tactic.
It’s not just email that leaves business vulnerable to attacks, though. With employees being completely or largely homebound, popular collaboration tools like Microsoft Teams and Zoom have become extremely useful for many businesses – and sadly for the bad guys too. In fact, 70% of those surveyed were concerned about the risks posed by archived conversations within these collaboration programs.
Adapt or die
Many companies were caught off guard when Covid-19 hit, even those who had some form of cyber security in place. A staggering 79% of respondents admitted that their company experienced either disruption to their business, a financial loss or other setback in 2020 due to their lack of cyber preparedness.
While the pandemic caused many businesses to jack up their cyber security, sophisticated firewalls, the latest antivirus software and multi-factor authentication can only get you so far if your employees are not educated in identifying and dealing with cyber-attacks. After all, it can take just one breach to cause irreparable damage. It’s surprising, then, that even though seven out of 10 respondents agreed that employee behaviour could put their companies at risk, only one out of five companies provide ongoing cyber awareness training.
Education is the first line of defence
Cyber resilience strategies together with cyber security educational programmes are essential to keeping businesses operating. It is no longer business as usual – the pandemic has changed the world irrevocably and ordinary email and web security defences are simply not going to cut it any longer. Security awareness training needs to become an integral part of every business’s arsenal in the fight against cyber-attacks.
One of the biggest risks for a personal data breach are a business’s own employees – if employees do not understand how to manage personal data, there is a greater risk of data breach. At Torque IT we believe that empowering employees through knowledge and education provides the missing link in the war against cyber-crime. Our extensive Information & Cyber Security training courses provide useful tools to help businesses educate their employees – whether IT professionals or not – on cyber security.