EOL IT Services has now merged with tier1 Asset Management Ltd

Are Your Staff Prepared For Social Engineering Attempts To Access Company Data?

by | May 26, 2015 | IT Security

As cyber criminals become more and more aware that targeting middle managers using social engineering tactics actually works, they will do so more often. Attackers are moving away from large scale consumer attacks and opting for more sophisticated attacks that take advantage of middle managers in businesses who are overloaded with emails and other forms of electronic messaging. As a result, it’s important that your employees are aware of this new style of cyber attack.

According to ‘The Human Factor Report 2015’, middle managers click on every 25th malicious email that they receive, and this figure doubles year after year! The report found that those working in sales, finance and procurement were the employees most likely to click on these emails- they clicked on up to 80% more emails than people working in other departments.

Attackers are also fully aware of how and when to best target these users. Most of the clicks on malicious links occurred during business hours, and figures peaked on Tuesday and Thursday mornings, which is typically the busiest time when it comes to receiving business emails. This shows that, when in the midst of checking important business emails, employees may accidentally click on a malicious link. It is clicking these links that leaves confidential company data vulnerable.

However, you can’t just blame your employees for not taking enough care, as the criminal’s techniques develop far quicker than employees can be educated about the previous ones. The criminals know that suing rogue links in emails aren’t as successful anymore, so instead they lure victims in with fake message notifications and corporate financial alerts.

Even Richard De Vere, Antisocial Engineer’s principal consultant admits that he is ‘yet to see a client completely resist a determined attack.’ He says that even though ‘many have come close…they all give away sensitive access, credentials or control in some way.’

De Vere suggests that ‘the only effective defence is training’. He believes that it is only educating employees about what a malicious email looks like and how they should go about dealing with an email they believe to be suspicious. Of course, nearly all of the time, employees would never open an email if they thought it could put their job, or the business they work for, in jeopardy.

According to De Vere, the reality is that ‘attacks will occur and organisations will get compromised’. However, what is most important is that your employees are aware of the path they should take and strategy they should follow if they do come into contact with deceptive emails. It is also important that everyone in the company has access to training so they can learn how to avoid falling victim to these attacks.

[Photo Credit:  n0comment]

Recent Stories

Does AI Fight or Facilitate Cybercrime?

Does AI Fight or Facilitate Cybercrime?

Despite the splash made by ChatGPT at the end of 2022, Artificial Intelligence and Machine Learning have been part of our daily lives for some time. We use smart home devices, chatbots, voice assistants, and Netflix recommendations with little thought as to what’s...

These 5 Sustainable IT benefits will boost your business.

These 5 Sustainable IT benefits will boost your business.

The urgent need to minimise the impact our technology has on our environment stretches far beyond the moral obligation. With the future development of our organisations in mind, if we are to continue to rely heavily on the networked technologies that simplify our...

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

As cybercriminals commonly target software vulnerabilities, the assumption is easily made that cybersecurity threats come in the form of phishing, malware or ransomware. Consequently, corporate cybersecurity strategies can neglect the very foundation of the network,...