Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementSecurity Education & Training

How to cut the line on increasingly phishy hackers this tax season

By Almog Apirion
tax-papers-on-desk.jpg

Image via Pixabay

March 30, 2023

Tax season has begun, and both hackers and the IRS are on the hunt for employees’ personal information. However, cybercriminals will be getting crafty, using attack methods including SMS scams, whale phishing and spear phishing to lure victims into giving away sensitive information. As more employees integrate their personal devices into their work environments than ever before, organizations are increasingly vulnerable to high-risk identity-based attacks. 

So, as the 2023 tax season continues, how can CISOs bolster their security posture amidst the accelerated use of personal devices among employees and the identity-based cyberattacks that follow suit?

Through the adoption of modern, zero-trust defense strategies, enterprises can reduce their high-risk identity attack surface and maintain full visibility and control to pinpoint access for every employee to every device, in any location. Let’s dive into this topic further. 

Hackers are becoming increasingly pervasive

Each year, tax season becomes a prime target for cybercriminals to deploy clever social engineering attacks on unsuspecting employees. In fact, the number of reports of suspicious activity in 2022 has jumped to over eight million, up from two million in 2021. As a growing number of personal devices connect to digital enterprise assets — ranging up to four devices per employee on the network — the chances of organizations’ infrastructures being compromised have exponentially increased, and hackers aren’t letting up. In fact, they’ve been increasingly pervasive this past year by deploying campaigns on devices ranging from phones to laptops and gaining access to corporate networks.

The acceleration of stolen credential attack methods shows that nowadays hackers aren’t breaking in; they’re logging in. With record numbers of users continuing to fall victim to complex social engineering campaigns, business leaders must focus on deploying high-risk identity management strategies, including modern zero-trust approaches that take the responsibility of security out of users’ hands, and gain full access, visibility and control over their digital environments.

Employees are not all security experts

As many industry professionals know, encouraging employees to question potentially malicious messages that attempt to access their personal data is an important part to combatting common social engineering attempts. Especially as 13% of employees have reported receiving more than 15 suspicious messages in the last three months, according to a Capterra report.

However, many recent attack methods are evading and evolving past the educational training employees are currently receiving. As an example, large, third-party software programs were recently stated to have major security gaps, especially regarding identity verification methods. These vulnerabilities place the millions of employees using these programs at risk of potentially devastating attacks on their organizations’ infrastructure. Also, new AI tools, like ChatGPT and Bard, allow cybercriminals to automate and enhance their human-centric cyber-attack methods.

The evolving nature of social engineering attacks, and the unpredictability of third-party vulnerabilities place an imperative on security leaders to adopt a zero-trust mindset, shifting security responsibilities out of users’ hands and into their own.

Solicitors aren’t welcome in a zero-trust environment

With the biggest threat to organizations' security nowadays being the human element, businesses must take an innovative approach to combatting the complexities of human-centric cyberattacks. One modern solution is through the deployment of zero-trust defense strategies, as leaders can safeguard sensitive personnel data and prohibit unauthorized access to critical assets within their perimeter. By comparing one's infrastructure to a home, we can see how modern zero-trust procedures allow for full oversight and management.

When one thinks about securing their own home, the first thing that comes to mind is most likely locking their windows and doors, but how many rooms inside the house are locked? In a zero-trust environment, all room doors, closets and drawers are locked, and users need their specific keys to open one. The deployment of a zero-trust framework ensures users are verified during every digital transaction, and they only have keys to the rooms they’ve been authorized access to. Whether it’s an older home or a remodel, modern zero-trust solutions ensure the protection of all systems running legacy and newer applications. 

Advanced zero-trust architectures also enable continuous security and monitoring of any visitors at the home. This includes full access and oversight over third parties using the network, such as suppliers, partners and customers. Through modern zero-trust strategies, security teams can quickly grant or restrict access to external parties, authenticating every identity that attempts to access any organizational asset. Additionally, security teams are provided with real-time auditing and session recording abilities to ensure no user is trusted, even as they roam through the house.

Reducing the attack surface in an era of ever-connecting devices

Each tax season, more and more vulnerable employees are being taken advantage of online. This puts the infrastructures of many organizations at risk of damaging cyberattacks. Hackers are given greater opportunity to use malicious identity-based attack methods across an increasing number of appliances as more personal devices are granted access to sensitive corporate networks.

To better protect important employee information and corporate assets from cyberattacks, security leaders need to think outside the box and find new ways to deal with the complexity of attacks that are continuously evolving. By increasing the adoption of zero-trust practices, businesses can enhance the security of their tech stack and safeguard sensitive employee information through capabilities including continuous user validation, authorization and monitorization of all internal and external users.

KEYWORDS: cyberattack data breach response phishing attack spear phishing taxes zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Almog Apirion is CEO and Co-Founder of Cyolo, a company dedicated to introducing the first real zero trust solution, a safer architecture that allows organizations to securely connect all users to their working environments. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • employee remote work

    Securing the remote "workcation" from cyberattacks

    See More
  • Tax and budget documents

    Is your financial data safe this tax season?

    See More
  • Zero-trust-freepik

    US security must start with zero trust

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing