User awareness training is an excellent proactive option to assist email gateway administrators and engineers in staying on top of campaigns and potential breaches .
FEATURE
Email compromise still accounts for around 90 % of breaches that occur within business on a daily basis , something that , in most instances , can be blamed on user error .
“ New and evolving threats are landing in users ’ mailboxes daily , particularly within the hybrid workforce context , often using phishing campaigns that rely on clever techniques and panic to get users to click on links and share credentials or sensitive information , such as banking details ,” said Gideon Viljoen , Pre-Sales Specialist : ICT Security at Datacentrix , a leading hybrid ICT systems integrator and managed services provider .
“ US wireless network operator , Verizon , confirms in its Data Breach Investigations Report 2023 that 74 % of data breaches ( three out of four ) involve a human element , with people being involved either via error , privilege misuse , use of stolen credentials or social engineering .”
Social engineering is a lucrative tactic for cybercriminals , the report says , especially given the rise of those techniques being used to impersonate enterprise employees for financial gain , an attack known as Business Email Compromise ( BEC ).
The median amount stolen in BECs , it reveals , has increased over the last few years to US $ 50,000 , based on Internet Crime Complaint Center ( IC3 ) data , which might have contributed to pretexting incidents – a specific type of social engineering attack – nearly doubling this past year . With the growth of BEC , enterprises with distributed workforces face a challenge that takes on greater importance : creating and strictly enforcing human-centric security best practices .
Fighting fire with fire : User training and next-gen technology essential
“ With a rapidly evolving landscape , changing attack strategies and new compromise techniques being introduced daily , it is imperative that users are trained and kept up to date on the latest campaigns and techniques being used ,” said Viljoen .
“ This is the most effective way of ensuring a more secure environment , with users acting as a ‘ human firewall ’ for organisations and being able to spot , report and block compromise attempts . User awareness training is an excellent proactive option to assist email gateway administrators and engineers in staying on top of campaigns and potential breaches .
User awareness training is an excellent proactive option to assist email gateway administrators and engineers in staying on top of campaigns and potential breaches .
“ And further to this , a collaborative workforce between machines and humans is key to successfully stem the attack on organisations , with the use of AI ( Artificial Intelligence ) additionally providing a smarter , faster approach to protecting against email phishing and breaches .
“ AI is being used increasingly to run phishing campaigns and information collection , doing the heavy lifting on behalf of threat actors . A good example of this is how AI-powered chatbot , ChatGPT , has been used to help lessskilled cybercriminals to write malware and launch cyberattacks .”
Viljoen continued : “ So , having a technology in place to combat this is a necessity and businesses cannot rely on www . intelligentciso . com
37