As businesses navigate a constantly changing landscape of cyberthreats, cybersecurity awareness training, or CSAT, is essential. Examine the piece in which Dr. Shaun offers his defense against cyberattacks during the holidays.
The number of successful cyberattacks always spikes during the holidays. As e-commerce activity accelerates and consumers frantically search for last-minute online deals, many will fall victim to phishing attacks and other scams. Emerging technologies like AI make these attacks even more effective – by helping cybercriminals craft personalized, compelling, and error-free phishing messages. Meanwhile, employees traveling to see loved ones are vulnerable to a wide range of cyberattacks – from the infiltration of unsecured public WiFi to device theft. Beyond warning employees about these immediate threats, companies should work on developing a robust and sustainable culture of cybersecurity year-round.
Cybercriminals love the holidays. As online transactions surge, consumers go hunting for last-minute deals, and employees spend more time out of the office, there are opportunities to steal data and money that don’t exist any other time of the year. It’s tempting for employees to stop thinking about cybersecurity when they’re off work and on their way to see friends and family, and cybercriminals are experts at exploiting that lack of focus.
Employees need to recognize that they are always responsible for keeping themselves and the company safe – during or outside of working hours. The digital line between employees’ personal and professional lives is becoming blurrier all the time, opening up a broad range of attack vectors. As cybercriminals increasingly use emerging technologies like AI to launch more effective attacks, the importance of always-on cybersecurity awareness is only becoming clearer.
By training employees to be on their guard against cyberattacks at all times – whether they’re in the office or at an airport terminal – companies won’t just protect themselves. They’ll also protect employees and their families.
Cyberthreats rise during the holiday season
Cybercriminals take advantage of the spike in e-commerce activity, increased employee travel, and all the distractions that arise during the holidays. Phishing is one of the costliest and most common cyberattacks, and it’s no surprise that these attacks rise dramatically in November and December. Meanwhile, the average number of attempted ransomware attacks jumps by around 30 percent during the holiday season.
A 2021 report found that the number of unique fraudulent domains increased by 157 percent in November, while e-commerce attacks exploded by 200 percent. Successful phishing breaches cost companies an average of $4.76 million dollars, and cybercriminals have never had more tools for launching phishing attacks. One of the most alarming developments is the blistering pace of AI development – cybercriminals can use AI to generate compelling and error-free phishing emails that victims will be more likely to click on. This makes holiday phishing campaigns even more dangerous.
Beyond the barrage of phishing attacks, cybercriminals will exploit security gaps that open up when employees travel – the use of unsecured public WiFi in airports and coffee shops, the habit of leaving devices unattended, opportunities to snoop (both physically and digitally), and so on. These are all reasons why CISOs and other company leaders need to make cybersecurity awareness second nature for employees.
How employees can fend off holiday cyberattacks
Cybersecurity awareness training (CSAT) is critical as companies navigate an ever-shifting cyberthreat landscape. Almost three-quarters of successful breaches involve a human element, and cybercriminals have developed an array of sophisticated social engineering techniques to manipulate victims into providing sensitive information, money, and access. Companies and employees need to be aware of the psychological vulnerabilities that cybercriminals exploit to get what they want.
There are seven major psychological vulnerabilities that cybercriminals leverage to launch social engineering attacks: fear, obedience, craving, opportunity, sociableness, urgency, and curiosity. Several of these vulnerabilities put employees at especially high risk during the holidays. For example, when cybercriminals create fake retail domains in an attempt to lure consumers with huge holiday discounts and other inducements, they’re appealing to the victims’ desire to save money (craving and opportunity).
These phishing schemes often create a sense of urgency by attempting to convince victims that they must “act now” to take advantage of “one-time” offers that “won’t last.” Curiosity plays an essential part, too, as victims want to explore their options – especially when time is running out to buy gifts or make other purchases. AI resources help cybercriminals produce polished emails and other written content that deceive victims into thinking they’re interacting with legitimate entities.
Keeping cybersecurity awareness top of mind is the only way to ensure that employees know how to recognize these psychological tactics and avoid falling victim to them. It’s even more crucial to reinforce cybersecurity awareness before the holidays, as employees will be away from regular work environments and reliant upon networks that may not be as secure.
Creating a culture of cybersecurity awareness
The ultimate goal of a CSAT program is long-term behavioral change. A company hasn’t developed a culture of cybersecurity awareness until responsible online behavior becomes second nature to employees, no matter where they are in the world. Employees are the first line of defense against many of the most destructive and prevalent cyberattacks, and the cybercriminals who launch those attacks never go on vacation.
According to IBM, the two most frequently exploited initial attack vectors are phishing and stolen/compromised credentials. A recent report found that AI password-cracking tools can figure out half of popular passwords in under a minute and almost two-thirds within an hour. Cybercriminals know they have a good chance of hooking employees with phishing attacks and stealing account information while they’re on vacation, and these are often the first steps toward broader attacks on the company.
When employees fail to use a VPN while on public WiFi, cybercriminals are able to spy on them, steal credit card information, and infiltrate their devices and networks in other ways. Cybercriminals will also steal and monitor devices left open and unguarded in public places. Even if employees are doing some last-minute shopping on a secure network, cybercriminals will prey on them with AI-composed phishing messages and other manipulative tactics that take advantage of their psychological vulnerabilities.
These are all reasons why companies have to instill healthy cybersecurity habits that employees will take with them everywhere they go. Once companies secure sustainable behavioral change across times, places, and contexts, they will have a culture of cybersecurity awareness.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!
