There’s one big assumption about cyber attackers that we regularly refute: “It can’t happen to me.” At this point, most businesses do recognize the serious nature of the cyberattack threat. Yet other assumptions about cyberattackers may also make your business vulnerable. Educate your employees about these four main misconceptions. Raising their awareness can help secure your systems against social engineering attacks.
Start with the assumption that any technology is 100 percent safe. This is as misguided as the idea that your business won’t be a victim of a cyberattack. Some employees may believe that Google and Microsoft activity is always secure. That’s not the case.
Google and Microsoft have massive market shares, and it makes sense that bad actors target their cloud storage and content distribution. Once they’re in, they have ample opportunity to scam people.
Another false assumption is that threat actors go in blind with a scatter-shot approach. In fact, many social engineers do their research first. They learn what they can about your employees, your org chart, and what your business does. This helps them to develop more credible attacks.
Cybercriminals take the time to build rapport before initiating an attack. They may send unassuming conversational emails first, which helps them lull your people into seeing them as a trusted source. After establishing false security, criminals make an urgent request or plea for help.
Counter these misconceptions too
Cyberattackers may also make their play over the phone. So, don’t assume that your online interactions are the only thing to protect. There are hundreds of thousands of “vishing” threats every day. The bad actor may send an email without any malicious links or attachments, but there’s a number to call. If your employee calls in, they’ll talk with a convincing criminal. The bad actor might act as a call center or customer service agent.
Also warn employees against the assumption that responding to an existing email is always safe. It is much easier than they might think for someone to hijack a colleague or client’s email inbox. Then, the criminals use a pre-existing email thread to send a malicious attachment or URL, or use the connection to ask the employee to perform some action for the threat actor.
Finally, emphasize the point that anything is fair game. Cybercriminals will attack anyone, in any way they can. This includes leveraging current events, pop culture, and even international health crises. One campaign exploited victims by offering early access to Season 2 of the streaming success “Squid Game”, and during COVID lockdowns, hackers offered free masks or free tests to get people to download infected files.
There is money in cybercrime – a lot of it. The bad guys are highly motivated and always looking for new ways to exploit human weaknesses. Discuss cybersecurity assumptions with your employees and put protective measures in place to secure your IT. Our experts can help.