As cybercrime becomes a major illicit global business, companies have to take active measures to defend themselves from increasingly sophisticated and relentless hacks. Here are a few of the critical facts that should inform your cybersecurity strategy as we enter a new era of large-scale industrial cybercrime:
-
The vast majority of successful breaches involve some kind of social engineering – when a hacker manipulates an employee into providing access to secure networks and systems. This type of cyberattack doesn’t have a high barrier to entry (in terms of technical skill or resources) and it has repeatedly proven to be extremely effective, which is why it will remain the tactic of choice for many cybercriminals.
-
Hackers can also learn how to use more advanced social engineering techniques such as business email compromise (BEC), which refers to the infiltration of a legitimate email account to deceive the victim’s contacts. BEC scams are the costliest type of cyberattack, according to the FBI.
-
Social engineering attacks are often executed with coercive tactics such as threats or a false sense of urgency. Employees should always be on their guard against “emergency” messages or demands to take action immediately. They should be especially wary of any message which asks them to bypass standard verification procedures (on wire transfers or access to privileged information, for instance).
- As with previous years, there were more victims of phishing schemes in 2021 than any other type of cyberattack. Phishing is a strategy that cybercriminals often deploy to acquire credentials and launch more sophisticated, financially destructive attacks. Employees can be taught how to resist phishing attacks by recognizing warning signals such as links that don’t lead where they’re supposed to, altered email addresses and domain names, and suspicious attachments. Companies can gather data on their employees’ ability to make these determinations with phishing tests and other forms of assessment.
The seizure of Hydra demonstrates that the cybercriminal economy is growing rapidly and becoming more systematic all the time. Companies need to take action now to prepare themselves for the inevitable explosion of cybercrime over the next few years, and this process should begin with the education of their employees.