One type of cyber-attack that has recently become a more frequent threat is that which uses social engineering.
Cyber-criminals conduct social engineering attacks by manipulating people in ways that result in the perpetrator gaining access to property or information that they should not be privy to. Their tactics might include persuasion, impersonation or even intimidation.
Perpetrators may deploy social engineering tactics through a number of different types of cyber-attacks, such as phishing emails, fraudulent online offers or prizes, or telephone scams.
Most employees working remotely will not have the same level of cyber-security in their homes as an employer would have in its physical workspace. As such, cyber-crime has become an even more ominous threat for organisations of all sizes and across all industries.
The frequency of cyber-attacks has noticeably increased since the beginning of the coronavirus pandemic, and new reports suggest that cyber-criminals are specifically upping their usage of coronavirus-themed attacks. These attacks may come in the form of phishing emails attempting to manipulate recipients into revealing sensitive information by preying on fear or apprehension related to COVID-19.
Given the lack of efficient cyber-security protections as employees work remotely, and the rising threat of social engineering and cyber-attacks related to COVID-19, employers should be especially cautious.
One example of a social engineering attack occurred earlier this year, when a cyber-attack campaign targeted Italian email addresses with a phishing email. This email claimed to have an attachment from the World Health Organization with advice pertaining to the prevention of COVID-19. However, after opening the attachment and following the email’s instructions, malicious software would then be installed on the user’s device, providing cyber-criminals with access to confidential information and the ability to install even more malware.
With employees working remotely, there are far more potential exposures to an organisation’s network and data. Organisations should take the time to assess and address these risks. Precautionary measures that should be highly considered include:
For more information on social engineering and cyber-security, contact us today.
To find out more about cyber insurance and social engineering contact Willis IRM on 02890329042 or use the form below.