For all the hundreds of firewall rules and network protocols that your security staff may put in place to better safeguard your network, sometimes there’s simply no accounting for the most unpredictable variable of them all: human behavior. Whether it be through social engineering techniques, bad actors within your own organization, or simple human error, hackers around the world are trained on how to take advantage of a company’s employees and staff in order to gain access to a protected network.
A report illustrates how cyber criminals are increasingly targeting retailers and their customers through digital and social channels as retailers leverage new channels for increased revenue opportunities.
When it comes to cybersecurity, no doubt humans are the weakest link. No matter how many layers are added to your security stack, nor how much phishing education and awareness training you do, threat actors continue to develop more sophisticated ways to exploit the human vulnerabilities with socially engineered attacks. In fact, as security defenses keep improving, hackers are compelled to develop more clever and convincing ways to exploit the human attack surface to gain access to sensitive assets.
Cybercriminals are leveraging ransomware threats to extort big money from organizations of all sizes in every industry, but financial services organizations are one of today’s primary targets. It is non-negotiable for financial services companies to maintain the privacy of theirs customers and the security of their confidential data. If a bank or credit union is hit with a ransomware attack, significant backlash is undoubtedly going to ensue – especially if customer data is held ransom for a significant amount of time.
Much like the It (the clown), phishing goes by many names, has become much more adept at preying on the hopes and fears of individuals, and is growing rapidly as criminals learn which techniques are most effective.
Ninety-four percent of large businesses in the U.S. have a cybersecurity policy, according to the 2017 Cybersecurity Survey by Clutch, and most of them have had a policy for more than three years. U.S. enterprises are more likely to have a cybersecurity policy than most global organizations (two-thirds of which lack a formal cybersecurity policy), and policies most commonly include required security software, backups, scam detection and security incident reporting protocols.
If you thought phishing emails were going away anytime soon, think again. According to Symantec’s July Intelligence report, “one in every 1,968 emails” during the 31-day month was a malicious phishing message – the highest rate in the past 12 months.
Until the massive U.S. Target store credit and debit card data breach in 2013, the lasting impact of cybercrimes was a relatively unknown experience to most consumers, and it wasn’t on the top list of HR onboarding topics either.
To combat the problem, the IRS updated its computer files to identify more fraudulent returns, and the major tax preparers have increased their security. However, as individuals’ tax returns are becoming more difficult to manipulate, thieves are taking aim at data belonging to tax return preparers and tax professionals, the payroll community, small employers and human resource departments.
Our August issue cover story features Steve Baker, CSO at State Street Corporation. Also in August, how did a Guidewell Security team member save a life? And learn how digital technology and IoT devices can combat both physical and cyberattacks.