Social engineering, as a method of cyber-security attacks, is very popular and quite widespread, according to a new report by cybersecurity firm Agari. It had polled 200 professionals from healthcare, government, financial services and education sectors.
Six in ten (60 per cent) of security leaders said their organisation either was, or ‘may have been’ a victim of at least one targeted social engineering attack, on the last year alone. Two thirds of those attacks (65 per cent) led to employees’ credentials getting compromised. Financial accounts were breached in 17 per cent of attacks. Almost nine in ten (89 per cent) of respondents said they noticed either a ‘steady pace’ or an increase in both spear phishing and targeted attacks. Almost half (49 per cent) consider their cyber-security solutions below average or ineffective.
A fifth didn’t know if their brands were used in social engineering attacks on their customers or partners.
More than fifth have admitted to having ‘no confidence’ in their business partners’ being able to defend against such attacks. “Most enterprises think that if they train their employees to be aware of malicious emails, it will be enough. However, this is delusional as it’s impossible for anyone to consistently distinguish malicious, social engineering-based emails from legitimate emails,” said Dr. Markus Jakobsson, chief scientist for Agari.
“Email-based attacks using social engineering are enabling cybercriminals to steal corporate secrets, carry out politically motivated attacks and steal massive amounts of money. We expect to see a catastrophic growth of these types of attacks in the future, fueled by both their profitability and the poor extent to which businesses are protecting themselves, unless these organizations begin taking the necessary technology-based countermeasures to prevent these attacks.”
Image source: Shutterstock/GlebStock