Cyber Risks & Liabilities News Bulletin
The Dangers of Spear Phishing
Cyber Crimes and The Dangers of Spear Phishing – While regular phishing campaigns go after large numbers of relatively low-yield targets, spear phishing scams are aimed at specific targets and utilize specially crafted emails for their intended victims. Cyber crime and spear phishing cybercriminals often make use of background information in order to create a credible narrative. They can utilize information found on social media to decide who is best to both target and impersonate.
Spear phishing threats are built by cybercriminals with the goal of penetrating one organization.
There are several dangers, including:
• Stealing sensitive information or valuable intellectual information
• Compromising payment systems
• Hijacking processes for a small number of large payouts via a bank transfer or series of bank transfers
As cybercrime and spear phishing campaigns become more sophisticated, malicious documents are now housed on legitimate sites such as Box, Dropbox, OneDrive or Google Drive, as threat actors know these are unlikely to be blocked by IT.
Spam filters, malware detection and antivirus software can be utilized alongside phishing simulation tests and user education to mitigate spear phishing campaigns.
Remote Working Burnout a Factor in Security Risk
Human error is one of the largest threats to the cybersecurity of an organization. As remote work continues due to the COVID-19 pandemic, Canadian workers are reporting burnout, which can lead to more cybersecurity errors. According to Microsoft’s recent World Trend Index, Canadians are “trending more toward burnout” during the workday, with 47 per cent feeling exhausted versus 39 per cent globally, and 51 per cent feeling stressed versus 42 per cent globally.
When organizations first transitioned to remote work at the start of the pandemic, security and IT teams tended to focus on protecting hastily installed remote work support systems. However, a year later, as systems become more secure, the risk for human error is more of a threat than ever.
Increase in Stress and Distractions
In its Psychology of Human Error report, security firm Tessian found that stress, distraction and workplace disruption led to people making mistakes at work. In fact, 43 per cent of employees reported that they had made mistakes resulting in cybersecurity repercussions for themselves or their company while stressed or distracted.
Increase in Scams
According to a recent report by non-profit Anti-Phishing Working Group (APWG), there has been an increase in online phishing attacks targeting webmail and other cloud-based services since the start of the COVID-19 pandemic. Cybersecurity experts have warned that remote workers are particularly vulnerable to phishing scams.
Increase in Demands
When remote workers are distracted, stressed or suffering from burnout, the cost can be detrimental to organizations. The average ransom demand in Canada has increased by 33 per cent since late 2019, to a current average of $111,605. As online fraud and attempts to steal personal, financial and corporate information continue, it’s more important that ever for organizations to increase cybersecurity awareness and address employee burnout.
Contact KRGinsure for more information on any of your insurance needs.