60% of IT Pros Say New Hires Are At High Risk From Social Engineering
As both IT pros and consumers are becoming harder to trick, however, cyber criminals are also growing smarter. Today, 98 percent of cyber attacks incorporate elements of social engineering. Also called “human hacking”, social engineering uses psychology to prey on our fears or exploit our vulnerabilities. Used in the context of cyber attacks, victims can be persuaded to download malware or click questionable links that ultimately lead to the breach of sensitive data.
Those who thought IT professionals are immune to these forms of attack would be wrong — 47 percent of IT professionals reported that they had, themselves, been the target of attempted social engineering in the last year alone. Although many of these incidents are ultimately unsuccessful, cyber criminals use this form of attack for the simple reason that it often pays off.
People who are unfamiliar with the intricacies of social engineering are, unsurprisingly, most likely to become victims. That’s why 60 percent of IT pros warn that new hires are at high risk of social engineering. When a new employee finds themselves tricked by social engineering, the entire company can suffer devastating consequences that may range from financial loss and identity theft to extremely sensitive data breaches.
The fact that social engineering attacks are increasingly targeted is especially concerning. In recent times, 60 percent of companies had to deal with social engineering attempts that sought to exploit fears related to COVID-19 by sending emails that appear to come from the CDC and related organizations. Social engineering attacks may also combine hacking or OSINT techniques to craft such a personalized message that it’s hard to believe it could be malicious. One example of this would be the exploitation of rebate tracking websites — the victim would receive a message with information about an item they have recently purchased, and easily click on supposed rebate links.
To combat social engineering attacks and protect the entire organization, employee training is absolutely essential. An organization is, after all, only as strong as its weakest link, and one new hire can unwittingly make a disastrous cyber attack possible.
If you want to find out more about how you can train your employees against cyber attacks speak to us today.