Preventing employees from becoming the gateway for cyberattacks
Employees are increasingly becoming targets for threat actors
It wasn’t long ago that companies were knee deep in paperwork, conducted all meetings in dedicated rooms or had difficulties with communicating with staff across the entire organization. Evidently, technology has transformed the way we work and has shaped the modern workplace. Recently, we have seen another rapid acceleration in the adoption of digital innovations.
In part spurred by the pandemic, organizations have invested in tools to enable remote working, and cloud storage to ensure smooth business operations. While this has streamlined processes and fostered more flexible working practices, it hasn’t come without risk. In fact, this shift to online has meant that employees are exposed to a higher volume of digital interactions. Inevitably, this has resulted in a rise in the accumulative level of cyber risk, according to McKinsey.
One thing is clear, cybercriminals will continue to target employees as long as they are vulnerable to their attack methods, and so it is crucial for organizations to establish a culture of vigilance and educate employees on the cybersecurity landscape and latest threats. This is key to ensuring staff have the knowledge and instincts necessary to be a critical line of defense for the organization.
So how can organizations ensure their employees are well equipped and confident to tackle the latest threats impacting the workplaces?
Is using the cloud safe?
The cloud has significantly transformed the methods by which businesses manage their data and provide accessibility to employees and scalability to the entire organization. Not only does it offer a range of solutions and advantages to businesses such as increased flexibility and agility, but it also helps reduce costs whilst improving efficiency.
However, with more businesses moving their computing and data to the cloud, it can become an attractive target for bad actors. In fact, our recent research shows that cloud security risks continue to rise more and more as employees work from a hybrid model.
When it comes to cyberattacks in the cloud, cyber criminals are known to create a malicious application which they inject into the platform or software. These criminals are then able to access a goldmine of data and sell legitimate account logins to infiltrate and conduct attacks in cloud services used by businesses.
Employees need to be aware of the tactics and methods used by bad actors. Only then, can they ensure that they are able to protect themselves and the organization.
SVP & GM EMEA at Trellix
Beware of phishing emails
Phishing continues to be a popular tactic used by cybercriminals to lure employees into sharing confidential information through fraudulent impersonation or ‘spoofing’ tactics. Cyber criminals use these attacks to scam users and steal their credentials and our research found that more than 90% of cyberattacks are through email – which is why employees must be wary!
Bad actors heavily utilise readily available tools such as Google Translate and can sometimes pose as external IT support or even the CEO leaving unsuspecting employees compelled to follow a fraudulent link in a text or call a scam number. Our research found the use of impersonation has increased by 64% between Q3 and Q4 2022 in phishing attacks.
Phishing emails often target specific individuals in an organization and can result in business email compromise. Employees need to be trained and up to date with the latest behaviors and practices they may need to adopt to stop these attacks in their tracks in order to improve business resilience.
Everyone has a part to play
Cybersecurity in the workplace demands collective responsibility, with businesses fostering a culture of vigilance. This is why, it is crucial to empower and educate employees on the ever-evolving cybersecurity landscape.
Cyber criminals are often successful with their attacks because they target employees who may not have a great deal of knowledge on cybersecurity. Therefore, for organizations to protect their data effectively, they should implement a multi-pronged approach to security. This includes conducting regular phishing awareness training to build a culture of awareness. Additionally, providing comprehensive security training and guidance empowers employees to recognize and respond effectively to potential threats.
Educating employees on these threats can help prevent the organization, the cloud, or crucial data from being compromised by bad actors. Making sure that employees understand the importance of safeguarding assets such as computers and nonelectronic information should be a priority. With the security threat landscape growing more complex each day, organizations need an adaptable protection solution that can flex to the needs of an organization. This will improve the business’ front line of defense and reduce the risk of criminals slipping into the network undetected to exfiltrate data.
Keeping employees in the cyber security loop
Fostering a strong cyber security culture includes the individuals within the organization and recognizing that people make a business secure, not just the technology. Ensuring that the organizations approach to cyber security is manifested in the day-to-day behaviors, understanding threats such as phishing attacks and educating employees on them, can help minimize the potential of attacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Fabien Rech is SVP and GM for EMEA at Trellix.