Today, most companies have realized the importance of cybersecurity and started to provide regular cybersecurity training to employees. But despite this training, people still fall victim to phishing.
People Still Fall Victim to Phishing: How So?
Due to the coronavirus epidemic, many companies moved their businesses online. This required most employees to adapt to new conditions. Hackers did not neglect to take advantage of this turmoil and carried out many attacks against people working from home. Most of the attacks targeted employees rather than the digital tools used by the company. That is, instead of trying to infiltrate software or devices, hackers chose to steal employee credentials, login credentials like username and password. This type of social engineering phishing attacks increased considerably in 2020.
According to research, almost 20 percent of employees fall victim to such phishing attacks, despite the measures taken and cybersecurity training. The data were obtained as a result of phishing simulations involving employees from 98 countries. According to another piece of information obtained in the same research, almost seventy percent of the employees who clicked the link in the phishing e-mail entered their personal information on the phishing site. In 2020, these rates increased significantly compared to 2019. This data is critical for companies. In other words, it was revealed in the study that, despite the training, phishing awareness did not increase. On the contrary, it decreased.
So What Is The Reason For This? Why Do People Still Fall Victims To Phishing?
1. Phishing packs make attacks easier.
Phishing packs are a very new concept for all of us. These packages allow even someone with very little knowledge of the cyber world to launch a phishing attack. Phishing packages contain the code necessary to create a phishing website and other tools used in the attack. With these tools, it becomes effortless to organize an attack. The attacker can trigger the attack simply by sending an e-mail to his victim. Amateur hackers usually carry out these attacks, but even that is enough to increase the number of attacks.
2. Hackers are improving themselves and their attacks day by day.
If the number of phishing attacks continues to increase in this way, it seems that the attacks will evolve and become difficult to detect. In other words, all users and all devices face the possibility of attack every second. All these developments show that companies’ policies against attacks will also have to adapt to these developments. Difficult times await both employees and customers of companies that cannot adapt to the new and developed environment.
3. Hackers have too many financial resources.
As time went on, cybercriminals improved themselves and acquired many financial resources. These financial resources include organizations that plan large-scale attacks and funds to invest in these attacks. Investors who want to fund the attacks are investing money in these funds or organizations. As financial resources have expanded, hackers can now turn to new areas such as social media. By using social media, they can catch users off guard. Also, according to new research, hackers have invested the most in artificial intelligence technology in recent years. The number of attacks using AI technologies has increased significantly.
4. The required training is not given to the employees.
With the new increase in phishing attacks, cybersecurity awareness and security training are on the agenda. But companies still do not do their part. Many companies take the issue of phishing and ransomware lightly. On the contrary, since phishing and ransomware attacks directly target employees, it is a serious problem. Especially with the coronavirus epidemic, the psychology of the employees deteriorated, and the rate of victims of such attacks increased. Since employees are the door that opens companies to the outside, they should receive the necessary training.
5. Companies don’t put enough effort into protecting themselves.
Even if the employees’ awareness is increased with cybersecurity training, we should take other methods to protect the company seriously. Companies need to make backups, use antivirus programs, and create structures that will increase cybersecurity in the company to protect themselves better. Backing up can save lives, especially because hackers enter the company’s system and encrypt files from ransomware attacks. If the necessary backup is not made, the company has to pay serious amounts to hackers. Even if they give due importance to phishing simulations and security training, most companies do not invest in systems that will protect the security of their social networks. This can cause serious problems. Especially companies where BYOD policies are not implemented properly are badly affected by the attacks.
People Still Fall Victim to Phishing: What to Do?
1. Educate your employees effectively by using both Cyber Security Awareness and Phishing Simulation tools.
2. Protect your company not just by employee training but by using protective tools like Email Gap Analysis and Threat Intelligence.
Protect yourself using our anti-phishing solutions against phishing attacks.
“This post is originally published at www.phishing.org.uk”
Teknoloji Haberleri