The psychological manipulation of people into performing actions or divulging confidential information from their businesses is increasing and this represents a more subtle, perhaps cunning, form of cyberattack.
Considering current issues relating to cybersecurity for Digital Journal is Alon Levin, VP of Product Management at browser security company Seraphic Security.
According to Levin: “Each October, Cybersecurity Awareness Month reminds companies of all sizes that their cybersecurity posture must be a priority in a world plagued by cyberattacks and malicious cybercriminals targeting vulnerable enterprises.”
As to how this manifests in terms of immediate threats, Levin finds: “According to a recent study, only 50 percent of small U.S. businesses have a cybersecurity plan in place, 32 percent haven’t changed their cybersecurity plan since the pandemic popularized remote and hybrid operations, and less than half of businesses feel that they are financially prepared to handle a cyberattack in 2022.”
Levin adds: “Additionally, 20 percent of cyberattacks in 2022 are a result of social engineering.”
In this context, the term ‘social engineering’ refers to a broad range of malicious activities accomplished through human interactions. These approaches use psychological manipulation to trick users into making security mistakes or giving away sensitive information.
As to how to safeguard organisations against these attack forms, Levin advises: “To protect against targeted attacks that organizations continue to experience in a time of remote and hybrid work and ever-evolving phishing tactics, companies must take the first step by protecting their employees’ web browsers.”
The approach also considers being mindful of changing risk factors. Here Levin calls out: “The growth of remote work is driving the increased use of browsers for business tasks. Globally, 16 percent of companies are fully remote, while about 62 percent of workers aged 22 to 65 claim to work remotely at least occasionally, according to a recent study. Web application attacks are involved in 26 percent of all breaches, making them an extremely popular attack vector. The wrong link can compromise a browser, affecting the entire machine and eventually the entire network.”
There are different ways that links can be assessed, the important thing is doing so in the first place. Levin says: “In order to determine if a website or link is trustworthy or not, businesses need to be able to examine the structure and behaviour of web pages.”
He adds that: “Businesses require a system that enables them to analyse real-time telemetry in order to detect and prevent threats without depending on any external feeds. In sticking with this year’s theme of the people, neither a tool nor a high degree of education can stop a user from visiting a dangerous link— users can only be safe with the proper understanding of social engineering attacks and full protection of the browser.”
