Phishing is consistently the top infection vector for cyberattacks because it works so well, according to Gary Davis, McAfee’s Chief Consumer Security Evangelist. Davis told the Tech Nation podcast that attackers are fully aware that targeted spear phishing attacks will get them into an organisation if they put in enough effort.
“They know that if they write it well enough and it looks like it’s from somebody you know and trust, that you’re going to do the action they’re looking for, which is gonna enable them to get access to the information they’re trying to get access to,” Davis said.
He added that these attackers have more than enough incentive to constantly improve upon their techniques, since this is how they earn a profit.
“They’re in it to make money, right?” he said. “It’s a for-profit business, for lack of a better word. So, they’re always gonna be trying to figure out more effective ways to dupe people into, to either dupe people or just take advantage of people without their knowledge, and do it for as long as they can.”
Davis concluded that most people are complacent about social engineering attacks until they’re directly affected by one. It’s often difficult to take a threat seriously unless you see it in front of you.
“Nobody wants to be a victim of scam or identity theft,” Davis said. “Nobody ever wants to be a victim. We empathise with victims, ‘cause we can put ourselves in their shoes, and it, and that’s unfortunately one of the challenges in our space is, I think a lot of the reasons why people aren’t better about things like password hygiene and, you know, checking their credit history and stuff like that, is because, well, they don’t think it’s going to happen to them, they think it’s going to happen to somebody else.”
Organisations need to make their employees aware of the fact that they will be targeted by these attacks. Cyber security awareness training can give your employees experiential knowledge of social engineering attacks before they fall victim to one. McAfee has the story:
Find out how affordable cyber security awareness training is for your organisation. Get a quote now.