Cyber criminals are getting smarter at using social engineering to defraud businesses.
New research from US-based cyber security company FireEye, which analysed 1.3 billion phishing emails in Q1 2019, has found three big emerging trends.
Cyber criminals are increasingly using impersonation in phishing attacks, with the rate up 17% from Q4 2018, primarily by imitating well-known brands. Microsoft spoofs accounted for almost a third of the Q1 attacks, plus OneDrive, PayPal, Apple, and Amazon were impersonated. Cyber crims also impersonate CEOs and other senior corporate officers to request changes to bank account information.
A second trend is using HTTPS (hypertext transfer protocol secure) for malicious phishing sites, which jumped 26% in Q1 2019. HTTPS can give a false sense of security, because there’s a misconception the protocol is only identified with legitimate, safe sites.
A third trend is hosting malicious files on trusted, cloud-based, file-sharing sites, such as Dropbox, Google Drive, and OneDrive. That means links don’t look suspicious and can get through email filters.
Gerry Power, Emergence’s National Head of Sales, says social engineering advice is one of the most frequent requests from brokers seeking information for their clients.
Socially engineered theft or ‘hacking the human’ is a trending exposure in Australia and globally today. Most breaches are caused by employees opening phishing emails that have already made it through existing technology defences.
It can take hundreds of days to find out you’ve been compromised. Clicking on one phishing email can enable a criminal to infiltrate a company’s system, escalate their access and privileges, and steal the company’s crown jewels, clean out the bank accounts, or develop fake invoices.
Gerry says many people think they’re adept at spotting scams, but the task is getting harder as cyber criminals broaden their reach and methodologies.
Organisations need better training and education and heightened awareness to get a step ahead. They also need insurance as a last line of defence.
Emergence’s Criminal Financial Loss cover option has been designed to provide cyber insurance protection for financial loss, be it cash, accounts receivable or securities associated with a company’s business being hacked or a social engineering attack causing direct financial loss from an electronic funds transfer to an unintended third party.
A cyber insurance policy is part of every successful business’s risk management framework, but it’s not the first line of defence.
Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack. But no amount of risk management can get you out of the sights of a determined cyber attacker.
FireEye’s report says threat actors are “doing their homework” and developing new variants of impersonation attacks that targeted new contacts and departments within organisations.
Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.
Emergence is the 2019 Insurance Business magazine Underwriting Agency of the Year and a finalist in the same category at the ANZIIF-Asia Insurance Review awards.
Emergence has won the Insurance Business Cyber Product of the Year award in three of the last four years, including 2018.
You can obtain Emergence cyber quotations for clients by accessing the broker portal.
This blog is another cyber education initiative from Emergence.