Attackers use different tactics to create a sense of urgency. For example, they set false deadlines for tasks, forcing victims to act quickly without thinking, with requests appearing as if they have come from executive / C-level or IT support leaders. Attackers would exploit the human tendency to follow what others are doing, such as using language that is already used in communications between employees. Ultimately, trust is often the gateway that attackers exploit in social engineering, using social media and online forums to harvest personal details.

Vigilance is always key, as new and adapted threats emerge.

This enables cybercriminals to build a profile of employee behaviour, routines and preferences. With this information, attackers can create highly tailored messages, such as emails, texts – and even enticing web links, all of which are designed to manipulate and deceive victims. As a result, what appears to be a harmless message is often the first step in a targeted breach.

To combat these advancements in social engineering techniques, organisations should increase training and awareness for their workforce, ensure there are limited user privileges, implement multi-factor authentication( MFA), and consider adopting a zero-trust model, where no one is trusted by default inside or outside of a network. Businesses should also encourage employees to report any suspicious emails and interactions.

Traditional cybersecurity practices can also help, such as having a comprehensive incident response plan, regular security audits, and following industry specific threat intelligence information to counter new and novel threats. Vigilance is always key, as new and adapted threats emerge.

Therefore, user training and awareness are vital in preventing successful phishing attacks, including gamification exercises that include constructive feedback, helping to strengthen an organisation’ s defences.

LORRI JANSSEN-ANESSI, DIRECTOR EXTERNAL CYBER ASSESSMENTS AT BLUEVOYANT

WWW. INTELLIGENTCISO. COM 29