Cybercriminals use a broad range of malicious tactics to exploit unsuspecting victims. However, some of their methods prove to be more effective than others.
According to the data presented by the Atlas VPN team, social engineering cyberattacks were the primary cause of company breaches in 2020, at 14%, followed by advanced persistent threats, unpatched systems and ransomware. As a result, learning to prevent social engineering attacks needs to be a top priority for businesses.
With social engineering attacks, criminals use a broad range of manipulation tactics to trick victims into giving out sensitive information or making security mistakes, such as revealing passwords, bank information or giving away access to their devices.
The figures are based on the global State of Cybersecurity Survey by ISACA, conducted in Q4 2020. The survey collected data from 3,659 respondents who hold the ISACA Certified Information Security Manager certification. Respondents come from over 120 countries and more than 17 different industries.
Advanced persistent threats were the second most common cause of hacks in 2020. It is a prolonged and targeted cyberattack in which an unauthorized party gains access to a system or network, usually for the purpose of data theft. This attack type was responsible for one-tenth (10%) of breaches affecting businesses in 2020.
Besides cyberattacks, internal security issues were also a significant source of company compromises in 2020. Leaving a system unpatched and vulnerable can invite troubles for an organization, and this was the reason for 9% of all breaches.
Ransomware, a form of malware that encrypts a victim’s files, also did significant damage to businesses last year. Along with unpatched systems, it was responsible for 9% of business hacks.
Other causes behind company breaches in the top five include denial of service attacks (8%), security configurations (8%) and incidents attributed to a third party (7%).
Overall, 35% of organizations claim they experienced an increase in attacks compared to a year ago, with more than one-fifth (23%) of companies stating that threat actors took advantage of the COVID-19 pandemic to disrupt their organization’s activities.
Companies fear cyberattacks will damage their reputation
No company is immune to cyberattacks, and their consequences can be devastating. Naturally, companies are concerned about cyberattack threats.
Corporate reputation is increasingly being recognized as the most important strategic asset in a company’s value creation. Therefore, the No. 1 concern for organizations regarding cyberattacks is the damage to a company’s reputation. A whopping 78% of companies are afraid cyberattacks may harm their company’s image.
Next up is data breaches resulting in customer physical or financial harm. No business would survive without customers. Hence, damage to clients is a major worry for 69% of organizations.
A little under half of companies (49%) are also distressed about cyberattacks on the supply chain or business disruption. The SolarWinds‘ hack, which occurred in early 2020 and affected 18,000 of its clients, serves as a grim reminder of how devastating such attacks can be.
Meanwhile, over a third (32%) of businesses are concerned about losing proprietary trade secrets, followed by damage to professional reputation (29%). Other worries include organization stock price or financial performance (28%), organization job security (24%) and personal job security (20%).
5 tips for avoiding social engineering attacks
Social engineering attacks are highly effective because they use various physiological tricks to take advantage of the victim. However, there are several steps to take to reduce the chances of falling victim to cybercriminals’ schemes.
- Do research. Cybercriminals frequently use a sense of urgency to get a victim to act before they think. If someone receives a highly urgent message, take the time to investigate whether it is credible. For example, a victim can message a specific person via another communication channel to find out if they sent the victim the message or request additional identity proof.
- Secure devices. Ensuring devices are well protected is crucial for preventing any type of cyberattack. Make sure software is always up to date and has the latest security patches, use two-factor authentication where possible, never reuse the same password for different accounts, make sure to have a VPN on whenever browsing online and take advantage of anti-virus software.
- Configure email spam filters. Reduce the chances of falling for social engineering attacks by taking advantage of the spam filter offered by email providers. Set the filtering settings to the highest level to make sure it blocks as many malicious emails as possible. Spam filters use various information to determine whether an email is spam, including sender’s ID, IP address, attachments, link and other email content.
- If it sounds too good to be true, it probably is. If someone received a message about winning a lottery that they never even entered or about a mysterious inheritance left to someone by a person they never heard of before, it is definitely a scam. Always ask whether a certain scenario is realistic before taking any action.
- Keep being informed. Finally, set aside some time to learn about the most recent cyber threats. Then, people will be aware of any new attack methods as they emerge, making them far less likely to fall victim.