In November and December 2015, cyber security managers and practitioners were asked to participate in the State of Cybersecurity: Implications for 2016 survey conducted by ISACA.
Having experienced daily phishing attacks (30%), infections of malicious code (16%) and hacks (10%), 42% of respondents declared that their company is very likely to experience a cyber attack in 2016, as well.
Staff under attack
The most successful types of attack were:
- Phishing – 60%
- Malware – 52%
- Social engineering – 41%
Cyber criminals are particularly aggressive in targeting employees, because they are well aware that staff are a primary vulnerability. Lack of staff awareness training translates to an increased probability of falling for traps and opening the door to intruders. Such attacks come in many different formats: emails, text messages, social media posts, attachments, even phone calls (called vishing). Even if spotting a phishing email is not that difficult (if you know what to look at and what to expect), spotting a social engineering attack is not always that easy.
Social engineering exploits human feelings
Social engineering is a method of manipulating people into performing actions or divulging confidential information. It takes advantage of human feelings, like greed, curiosity, trust, arrogance and impatience, as triggers to obtain information. If you have ever seen a social media post inviting you to fill in a form to get one of the latest smartphones for free, then you’ve seen how easy it can be to get someone’s information. This is a clear example of social engineering: conmen exploit people’s greed to get sensitive data.
Learn to spot the phishing bait
An effective staff awareness training programme helps your organisation minimise the impact of cyber attacks. More and more companies have decided to invest in staff induction and ongoing training to keep their staff alert, vigilant and secure. The Phishing Staff Awareness Course has been developed specifically to help your staff detect cyber threats and reduce the risk of possible intrusion. Starting from a generic understanding of what phishing attacks and social engineering are, case studies, real-life examples and thought-provoking questions guide your staff through the realm of cyber threats and teach how to spot them.