The volume of Cybersecurity – cyberattacks – increased over 100% in Europe, East Asia and Latin America in October and November 2020. Canada and Germany each saw a250% increase. The average ransomware payment in 4Q20 topped $150K. And it’s not just the volume of attacks that’s rising. Attacks are becoming more sophisticated and people are often the ones opening the door.
Cyber Bait Criminals, aka Cyber-criminals, have become experts at social engineering skills, tricking employees into clicking on malicious links that initiate attacks. While security and risk management leaders know that social engineering is a top risk, many still struggle to stop employees taking the bait. Remote work has only increased the risks — with employees facing confusing security policies while using more home networks and personal devices.
Three common challenges to building a defensible Cybersecurity awareness program:
No security control is perfect — but effective controls help manage risk. Our practical advice helps turn employees into controls that detect and resist social engineering attacks.
The initial entry point for a ransomware attack (ingress) often takes the form of a compromised website delivered through a phishing or targeted attack. Remote desktop protocol, bring-your-own-PC, and virtual private network vulnerabilities and misconfiguration are becoming the most common entry points for ransomware attackers. This has been exacerbated by the growth in remote work resulting from the pandemic.