Thanks to intense media focus on the issue, the end-users of digital products should be much more aware of the dangers of data breaches. Nevertheless, every indication is that cyber attacks such as phishing schemes continue to increase in severity.
In fact, a Proofpoint study revealed the extent to which organizations were feeling the effects in 2021. They surveyed 600 IT security specialists and 3500 employees from seven countries. Proofpoint reviewed 15 million reportedly suspicious emails and data from 100 million simulated phishing attacks. Their findings showed that more companies than ever before fell prey to at least one email phishing scheme. Moreover, tactics including ransomware attacks and business email compromise (BEC) also saw substantial increases.
At the tip of the attackers’ spear was their use of social engineering. This technique targets the behaviors and habits of end-users as opposed to the company’s digital infrastructure. For instance, they frequently lured users to open emails or click on links utilizing attention-grabbing news-related stories about COVID-19, the Netflix show Squid Game, or any other topic that would be relatable.
The remote work phenomenon that the COVID-19 pandemic exacerbated only made it easier for BEC and phishing to occur. To successfully collaborate with other remote workers on their team, employees relied heavily upon social media and conferencing tools. As a result, systems that had once been insular and closely guarded now became vulnerable to malware and phishing attacks via chat, direct messaging, and even phone calls.
Although it might appear that there has been more attention focused on cybercrimes in recent years, this does not seem to be translating into a greater overall security awareness among end-users. For instance, the Proofpoint study showed that fewer participants in 2021 knew the correct definitions of “phishing,” “smishing,” and “vishing.” Moreover, nearly half of those surveyed (42 percent) admitted performing an action that compromised their login credentials or resulted in the downloading of malware.
The organizations that hire these workers are also responsible for these lapses. A mere 37 percent provided training on best practices for working remotely. On a somewhat more encouraging note, the study found that 67 percent of U.S. companies built their tests around knowledge of existing trend threats.
In contrast, only 53 percent of businesses did so globally. For phishing and other digital security concerns to be effectively combated in the long term, both infosec professionals and the end-users they support must put cyber hygiene at the top of their priority lists.