Cybercriminals are turning their attention towards employees of IT companies, using them as entry points into the company’s own infrastructure
Cybercriminals are turning their attention towards employees of IT companies, using them as entry points into the company’s own infrastructure.
IT staffers receive an average of 40 targeted phishing attacks every year, according to a July 2021 report by cybersecurity firm Barracuda Networks. The company analyzed more than 12 million phishing and social engineering attacks impacting more than 3 million mailboxes at 17,000 organizations, between May 2020 and June 2021.
Phishing attacks are cybercrimes where an attacker tries to coerce the victim to visit malicious links, which can then be used to install malware on their devices. They are usually carried out using emails, text messages, or even phone calls. Social engineering, on the other hand, involves the psychological manipulation of a victim to trick them into giving away sensitive information.
The report said that old methodologies of email protection that relied on rules, policies, allow or block lists, signatures, and other attributes of traditional email security are no longer effective against the growing threat of socially-engineered attacks.
The average organization is hit by 700 social engineering attacks every year and one out of every 10 such attempts is aimed at compromising business emails, according to Barracuda’s report.
Attackers can target employees outside of the finance and executive teams to find the “weak links" in an organization, said Don MacLennan, senior vice president, engineering and product management, email protection at Barracuda. “Targeting lower-level employees offers them (cybercriminals) a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked," he said.
“The rapid shift to remote work witnessed a tremendous disruption of security programs," according to Prashant Bhatkal, security software sales leader, IBM technology sales.
Organizations were focused on bringing their business online, making security an “afterthought", which led to a “record high" in data breaches in India during the pandemic, Bhatkal said.
To their credit, organizations are taking the matter of security seriously. “Securing identities has become a core tenet of security, as identities can create walled gardens in the face of fading organizational perimeters and increasing workforce mobility. So, it helps in establishing a digital trust with your employees, your customers, partners, and vendors," said Gurpal Singh, associate research manager at International Data Corporation (IDC), a market research firm.
Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.
Never miss a story! Stay connected and informed with Mint.
our App Now!!