The Rising Risk of Social Engineering Attacks
Cyber-security has been a subject of increasing importance in the UK for years, but with the coronavirus pandemic forcing many organisations to implement remote work, the threat of cyber-attacks must be taken even more seriously. The use of social engineering by cyber criminals has become far more frequent in recent months.
What Is Social Engineering?
Cyber-criminals conduct social engineering attacks by manipulating people in ways that result in the perpetrator gaining access to property or information that they should not be privy to. Their tactics might include persuasion, impersonation or even intimidation.
Perpetrators may deploy social engineering tactics through a number of different types of cyber-attacks, such as phishing emails, fraudulent online offers or prizes, or telephone scams.
Social Engineering During Lockdown
Most employees working remotely will not have the same level of cyber-security in their homes as an employer would have in its physical workspace. As such, cyber-crime has become an even more ominous threat for organisations of all sizes and across all industries.
The frequency of cyber-attacks has noticeably increased since the beginning of the coronavirus pandemic, and new reports suggest that cyber-criminals are specifically upping their usage of coronavirus-themed attacks. These attacks may come in the form of phishing emails attempting to manipulate recipients into revealing sensitive information by preying on fear or apprehension related to COVID-19.
Given the lack of efficient cyber-security protections as employees work remotely, and the rising threat of social engineering and cyber-attacks related to COVID-19, employers should be especially cautious.
One example of a social engineering attack occurred earlier this year, when a cyber-attack campaign targeted Italian email addresses with a phishing email. This email claimed to have an attachment from the World Health Organization with advice pertaining to the prevention of COVID-19. However, after opening the attachment and following the email’s instructions, malicious software would then be installed on the user’s device, providing cyber-criminals with access to confidential information and the ability to install even more malware.
With employees working remotely, there are far more potential exposures to an organisation’s network and data. Organisations should take the time to assess and address these risks. Precautionary measures that should be highly considered include:
- Provide formal employee training, including guidance regarding specific types of social engineering threats and how to recognise them.
- Limit employees’ ability to access USB ports on company equipment in order to reduce the chance of a virus or malware infecting the device.
- Use layers of protection, such as multi-factor authentication. In the event that a password is compromised, having additional layers that cyber-criminals must penetrate reduces an organisation’s risk.
- Implement a virtual private network (VPN) in order to mask organisational data, such as web traffic.
- Review user accounts and their level of access to sensitive information. Limiting accounts to information relevant to employees’ duties will help limit potential damage in the event that any accounts are compromised.
For more information regarding social engineering, cyber-security and the protection that cyber insurance can offer contact us today.