It’s no secret that cybersecurity is an ever-growing issue as phishers and those with malicious intentions continue to evolve. According to Robert LaMagna-Reiter, CISO at First National Technology Solutions, though, the biggest factor is the human element.
“We see it all the time with phishing emails,” he said. “Exploitation of our workforce is probably the biggest threat because you can only educate folks so much.”
He added that the most consistent theme among phishing scams is the way they prey on human emotion.
“They create a sense of urgency or fear, and take advantage of people’s willingness to help,” he said.
Main types of attacks
First National Technology Solutions (FNTS) provides managed security services for organizations, and last month released a report with its findings of trends among attacks leveraged at the services it hosts. According to the findings, cybersecurity threats are increasing in frequency, complexity and scale. Cyber theft, fraud and exploitation cost $2.7 billion in financial losses in 2018, according to FNTS.
FNTS cites research done by the Ponemon Institute that states 77% of attacks in 2017 were fileless attacks, which remain on the rise. Fileless attacks specifically exploit vulnerabilities in software and applications already installed on the computer.
Other popular cybersecurity threats are zero-day attacks, cryptojacking, phishing emails, ransomware and distributed denial-of-service attacks. Zero-day attacks are similar to fileless attacks, and exploit unknown security vulnerabilities in webpages or applications.
Cryptojacking — the unauthorized use of someone else’s computer through insecure web applications and servers to mine cryptocurrency — is on the rise. Nearly 93% of phishing emails contain ransomware, according to FNTS, making it the most popular phishing attack.
Distributed denial-of-service attacks are launched from multiple computers and internet connections to flood the targeted network with traffic, causing a denial of service. According to FNTS, these types of attacks are becoming more frequent and lasting longer.
The biggest motivator behind attacks, according to LaMagna-Reiter, is money. Employees in finance or accounting roles are often targeted for money, or attackers will phish for information to capture credentials and gain access to internal software and applications.
How to combat threats
“The No. 1 thing is we can help educate staff and practice great cyber hygiene,” he said. “Simple hygiene such as making sure device apps are up to date.”
Lamagna-Reiter also recommends having multiple layers of defense, such as multifactor authentication, endpoint protection and email security software, or using security certificate-based email.
According to FNTS’ cybersecurity guide, users should also review app permissions, use a VPN service while on public Wi-Fi, use unique passwords for each website, use secure internet connections for online purchases and check social media privacy settings to ensure that profiles are not open to the public.
Despite identifying the human element as a contributing factor to phishing scams, LaMagna-Reiter also cites it as a way to defend against them. If something seems off about an email, look into it.
He suggests reaching out with a phone call to confirm a sender’s identity, paying attention to signatures, grammar and spelling within the email and taking a close look at the sender’s actual email address. “Trust your gut instinct,” he said. “Trust and verify; don’t take anything at face value.”