The importance of Cyber Security Awareness Training

Following the pandemic cyber security has become more important than ever before. With staff being forced to work from home with little to no notice, with weak cyber security measures in place affecting micro to medium companies alike. One of the largest and fastest growing form of attack is social engineering.

Social engineering exploits human loopholes, whereby an attacker finds a weak link in an organisation and tries to break it. The techniques used are similar but listed below are the top five to watch out for and make known to staff.

1 – The Boss: This attack would come via email, often leading with an attention-grabbing subject.  The attacker can sometimes know of current ongoing company affairs such as external deals etc. They may target a junior employee invoking urgency or similar emotions leading to the victim promptly responding with credentials or account details. Always ensure through induction that your new employees are aware of these types of cyber-attacks as they can be the main target for attackers, with attackers sending phishing emails to extract user credentials of the new employees.

2 – A Quick Favour: This form of attack can be in-person, where the attacker having built a connection with the target, asks for small favours like gaining access to the bathroom then graduating to gaining access to protected areas of the building. Perhaps saying things like; “Can you help unlock this door I left my key card at home” or “Could you print a document for me as I’m yet to receive my key card and I need to get something for the boss”.

3 – Under Pressure: After the hacker has formed a relationship with a victim, they would apply time pressure via email to the victim by saying they have a presentation in 5 mins and their login details are not working. The victim feels they need to complete that task so they are not to blame for the attackers’ failures.

4 – Feeling Connected: This is where the attacker tries to build a connection with the victim, they may publicly have similar interests to the victim and even go as far as attending the same conference or restaurant to build a like for like relationship. Once a communication channel has been established the attacker would then abuse the friendship/trust by starting to ask for sensitive information relating to the victims work network etc.

5 – An Incentive: This is an old trick but still highly effective as attackers are always evolving the subject. This form of social engineering is done at specific times of the year, i.e., a week before pay day or the famous HMRC tax return email/tax return. The hackers take advantage of the victims weakness, this form of engineering can be sent out to millions of people at the same time.

In conclusion, the best way to deal with social engineering is to educate and carry out drills monthly or quarterly. These drills should be unexpected. There needs to be awareness training with everyone onboard and in agreement to intentionally make cyber security part of a company’s standard work protocol. It is easy to lay blame on the less technical staff, but technical staff can also be manipulated in this way.

CyberLab provides Cyber Security as a Service which focuses on security flaws like these and ensures that all the employees of a company are aware of these kind of attacks and threats. We provide knowledge-based solutions such as bespoke training modules and drills which helps improve your organisations cyber security posture and reduce the risk of a successful cyber attack.