SURGE IN SOCIAL ENGINEERING SCAMS: Scheming cyber-criminals are ramping up their scamming efforts. According to Ernst & Young LLP., social engineering attacks are on the rise in the workplace.
Interestingly, the assumed tech virtuosos of Generation Z and millennials are less confident in dealing with cyber threats compared to their older coworkers. Despite the digital age Generation Z grew up in, their confidence in identifying online scams is waning. Just 31 percent of Gen Z feel confident in their ability to recognize phishing attempts, and a remarkable 72 percent admit to having clicked on a suspicious link at work. This rate is notably more than that of millennials (51 percent), Gen X (36 percent), and baby boomers (26 percent). These findings come from the EY 2024 Human Risk in Cybersecurity Survey, which polled 1,000 employed Americans from both public and private sectors.
In contrast to traditional forms of hacking, social engineering scams take advantage of human psychology. The most “well-funded defenses” and leading cybersecurity technology is moot if a cyber thief can fool an employee, says Jim Guinn, II, EY Americas Cybersecurity Leader.
Attackers often exploit the helpful nature of employees by pretending to be colleagues in distress. This leads to successful cyberattacks that can disrupt operations, compromise data, and damage reputations. A notable incident in 2023 involved a major resort and gaming giant, where attackers used social engineering to gain access through a help desk call. Even the most experienced security staff can fall victim to these sophisticated tactics. That same year, according to reports, about 60 credit unions experienced some level of outage due to a ransomware attack at a third-party cloud service provider.
Common social engineering attacks include phishing, pretexting, and baiting. Phishing involves deceptive emails or messages that lead to ransomware attacks. Pretexting creates fabricated scenarios to extract sensitive information, while baiting lures victims with enticing offers to click malicious links. These attacks often create a sense of urgency to keep victims off-balance and exploit their desire to help.
While providing a bevy of opportunities and much added convenience, the shift to remote work during the Covid-19 pandemic has problematically increased reliance on electronic communications. This makes employees more susceptible to social engineering attacks. The rapid onset of AI has also enhanced the sophistication of these attacks, with deep fakes convincingly mimicking real people. In addition, widespread adoption of cloud technology has expanded attack surfaces. Any misconfigurations can expose sensitive information, leading to severe breaches and data leaks.
A strong security culture is essential to protect the online integrity of any organization, lest their system be open to infiltration. Employees should be encouraged to report potential threats and integrate security practices into daily activities. Regular vulnerability assessments, upskilling cybersecurity skills, and gamified training programs can enhance security awareness and ward off any malefactors. Continuous training and using failures as learning opportunities are crucial for maintaining robust security.
Security must be an ingrained part of a company’s culture, with everyone playing a role in cyber defense. The ubiquity of remote work, cloud storage, and AI has made the risk landscape “incredibly complex,” Guinn notes. A unified effort is needed to protect against cyber threats.
Article sourced from Wired.com. Read more on our blog page here.