After an uncertain and anxious year, there is now a sense that the world is gradually returning to a semblance of normality. Different parts of the world are at various stages of recovery post-pandemic, but in most areas, there are at least signs of optimism that a return to business as usual is not too far away.
But what exactly is 'business as usual' when it comes to cybersecurity and combatting cyber-criminals? The pandemic did not cause any ceasefire in cybercrime – quite the opposite.
HelpSystems research 'Cybersecurity Challenges in Financial Services' at the end of 2020 revealed that 45% of global Financial Services (FS) firms had reported an increase in cyber-attacks since the pandemic first emerged. There is no reason to think that trend would be different in other sectors.
With the world starting to open back up again, it provides an even greater opportunity for cyber-criminals to use social engineering lures to gain access to corporate systems. How much of an issue is social engineering going to be in 2021 and how can organizations protect themselves against this threat?
What is Social Engineering?
Social engineering is an established tactic for cyber-criminals. Because of the nature of how it works – using topical news, events or occurrences to trick or convince people into giving up confidential information – it is a tactic that is constantly evolving and one that is unlikely to go away.
Whatever someone's interests, passions, concerns, or fears, then a social engineering campaign can be constructed to take advantage of that. During the pandemic, it was commonplace to see campaigns that played on people's fears about Covid-19. These lures offered PPE and alternative medicines to keep people safe from Covid-19 and promoted charitable events to raise money for pandemic-related causes.
There are other lures too, such as emails purporting to be from colleagues. This is known as Business Email Compromise (BEC) and relies on gaining people’s trust to extract passwords, financial information or get access to corporate networks and secretly install malicious software. Lures use links, which, if clicked on, can infect a machine with malware and give a criminal control of that computer or files (images, videos, documents) with malicious software embedded. If downloaded, these files will also infect a computer.
Phishing attacks are a subset of social engineering lures and also look highly realistic and trustworthy, and are an increasingly common method of accessing confidential data.
How to Keep Secure Against Social Engineering Lures
Social engineering remains such a widely deployed tactic because it is generally easier to manipulate people into giving up confidential information than to hack their password. An organization may have the most robust and effective cybersecurity solutions on the market. But if its employees inadvertently let cyber-criminals in by clicking links or downloading files, they expose their employer to an array of threats.
That is why training is such an integral element of any effective cybersecurity strategy. Employees are busy and focused on the job at hand. Still, an organization must provide training in identifying social engineering lures and establish processes as to what to do should an employee fall victim to an attack.
Cybersecurity and Social Engineering Lures
But the right cybersecurity solution should not be overlooked when it comes to staying secure against social engineering lures. With email continuing to be such a widely-used communication tool, it makes sense for any organization to deploy advanced email security solutions to mitigate this threat.
Clearswift’s own award-winning solutions help organizations by sanitizing threats such as malicious links in emails and attachments before they even enter the corporate network by disabling URLs and removing any active code. The same applies to any documents downloaded from the web, ensuring the organization is well-protected against any lures encouraging downloads.
This automatic sanitization protects any business from employees accidentally or absent-mindedly clicking on malicious links, which can be ever so easy to do. This is perhaps even more true with many people still working from home, with lines between personal/business time blurred.
Social Engineering Lures in 2021
There is never a shortage of topical news or events for cyber-criminals to use when planning social engineering lures. But with major sporting events set to recommence this year – Euro 2020, Wimbledon and the Olympics are all set to take place this summer – and the return of concerts, festivals, and other live events, 2021 has the potential to be a year of more social engineering lures than ever before.
When you also consider the ongoing vaccine rollouts taking place worldwide as another easy means of gaining people's attention and trust, organizations need to be especially vigilant to remain secure. We offer a powerful combination of products to create a best-in-class cybersecurity solution, protecting against social engineering lures and many other threats.
For a demonstration of our technology in action, request a demo from the team.
Datasheet: Secure Email Gateway
Core Security: Social Engineering Pen Testing