Cyber security practitioners consider social engineering and phishing attacks to be the number one threat to their organization, research by CS Hub has revealed.
In the CS Hub Mid-Year Market Report 2022, 75 percent of respondents cited social engineering/phishing attacks as the top threat to cyber security at their organization, followed by supply chain/third-party risks (36 percent) and lack of cyber security expertise (30 percent).
Phishing and social engineering attacks rely on human error rather than software vulnerabilities, meaning the onus is on employees within an organization to safeguard against these attacks. Additionally, it is imperative that organizations ensure their employees are equipped to identify and report these attacks when they do happen.
Commenting on the results, Jeff Campbell, technology manager and previously CISO at Horizon Power, an Australian power supplier, said: “With the increase in maturity over the years of edge security, the easiest way in is through the weakest link, which generally tends to be individuals. Getting an individual to click on a malicious link or giving away information still yields successful results.”
How to safeguard against social engineering and phishing attacks
Multinational technology conglomerate Cisco notes that social engineering attacks have grown increasingly sophisticated. The company says this is not just because fake websites and emails are becoming increasingly realistic, tricking victims into clicking on links, but also because it has become one of the most common ways for bad actors to get past an organization’s initial defenses to cause further harm and disruption.
To protect individuals and organizations from these attacks, a number of procedures can be put in place. These include:
- Multifactor authentication;
- Email security with anti-phishing defenses;
- Strong password management;
- Employee training to identify and avoid such attacks.