Last week, Proofpoint published its 2022 Social Engineering Report, and its findings highlight that people are still our best defence against cybercrime (and that security awareness and education remain a key control).
The better we can train people to spot malicious activity, the more likely they will defend organisations against cyber-attacks
Threat actors have become increasingly sophisticated with their social-engineering tactics. They no longer only randomly target large groups of people. They also target specific individuals, trying to hold conversations to build rapport and trick people into clicking a link, opening an attachment in an email, downloading software or giving away sensitive information such as passwords and bank details.
Cybercriminals exploit human behaviours and interests and leverage peoples’ emotions as a weapon to get them to interact.
The CERT NZ Q1 2022 Cyber Security Insights report published in May 2022 also confirms phishing and credential harvesting remains the number one reported incident in New Zealand. Phishing relies on social engineering to get someone to fall for a trick. But, for people to fall for it, emails need to be relevant and convincing and, ideally, not set off any alarm bells.
As phishing campaigns get more and more targeted and sophisticated, security awareness and education programs have to level up, too.
Cybercriminals are leveraging current topics such as Covid 19 and Ukraine relief efforts. Still, they also use well-known brands and organisations such as Google and Microsoft, government agencies and banks to succeed. CERT NZ has even seen localised phishing emails written in Te Reo Māori along with attackers using different channels in their attack chains, such as the telephone and a computer.
Do you need some help with your security awareness and education program?
Educate and train people to be your strongest defence against cybercrime – not the weakest link.
Reach out to us today!
