In 2017, cyberattackers will continue to exploit and severely damage Australian businesses by targeting their people, brands, and customers. According to PricewaterhouseCoopers (PwC), 65 percent of local organisations have experienced cybercrime in the last 24 months. There are no signs this will slow down as attackers become more savvy, more knowledgeable, and more socially manipulative in their approaches, taking advantage of human vulnerabilities and our busy schedules.
Over the course of the next year, we foresee three key techniques scammers will utilise in attempts to outsmart your employees and as a result, negatively affect your brand’s corporate image.
Email is the most used communication medium for nearly every business so it is no surprise that attackers will continue to find new, more effective ways to attack businesses via individual employees and their email interactions. Business email compromise (BEC), for example, has netted attackers billions of dollars and is expected to intensify this year as cybercriminals set out to trick employees by purporting to be someone they are not, over email. This often involves an attacker sending a convincing email, pretending to be the CEO, CFO, or external vendor, and requesting a wire transfer or confidential information.
Make sure you educate your employees and create processes staff can follow if they suspect anything fishy. It’s also important to invest in technology that can detect and classify these fake emails by analysing the reputation of the email sender automatically. Because BEC attacks often do not contain malicious links or attachments, they can fly under the radar of ill-equipped security technology.
This year, small is the new big. Attackers will opt for smaller and more targeted and sophisticated campaigns to send malware through email, rather than rely on the high-volume, “spray and pray” techniques we have observed in recent years. Attackers will research employees’ personal information and activity online and leverage these details to convince them to click a link and/or download a document that subsequently infects their device.
The best way to combat against personalised, socially engineered attacks is to not just create awareness programs but also to deploy advanced email security solutions. They can help identify and quarantine these emails before they ever reach an employee’s inbox.
Nearly every organisation – no matter what size -- has some form of social media footprint that attackers can piggyback off. Proofpoint predicts social scams and phishing will grow as much as 100 percent in 2017, as attackers create fake support accounts to prey on customers seeking assistance. Cybercriminals use these accounts to steal customer login credentials, identity information, and financial data.
Organisations, however, can protect both their brands and their customers from digital risk by ensuring that their social media footprints are constantly monitored and their social teams are made immediately aware of any fraudulent accounts that pretend to be associated with a particular brand. There are mature social media security solutions on the market that can help discover, notify, and remediate issues across all brand accounts within minutes.
In today’s always-on working environments, businesses can no longer plead cybersecurity ignorance. Employee education and transparency are critical, but can only go so far. Advanced security approaches that are both user- and data-centered are the only way forward for businesses wanting to avoid the harsh fallout from skillfully crafted cyberattacks. Australian organisations must proactively protect their brands and their IT infrastructure in the context of modern business processes, accounting for the ways in which employees and customers interact digitally.
For more information and tips, visit https://www.proofpoint.c