You want to know what to expect from data breaches, phishing attacks, and other calculated methods in 2020? There’s no better source than Experian’s seventh-annual Data Breach Industry Forecast report.
There’s a ton of chatter around what’s going to be the next “big thing” in cyber attacks. And while there will certainly remain a material amount of “more of the same” with, perhaps, a twist of ingenuity on the part of the cybercriminal, there are a few trends the folks over at Experian Data Breach services are strongly advising organisations be mindful of as we move into 2020. These include:
- The use of Smishing attacks as part of identity theft scams. Experian is expecting quite a bit of presidential campaign-related attacks this year. Texts seemingly coming from political campaigns with links may prove to be scams intent on stealing credentials, infecting endpoints, etc.
- BEC expanding to include deepfake audio and video. We’ve covered how this technology can be easily used to mimic an executive. Experian believes we’re going to see this explode in 2020 as part of a social engineering toolkit that can aid those seeking to commit fraud, steal data, gain access, etc.
Users need to be wary of these tactics on an on-going basis throughout 2020. In the case of Smishing, it’s a little easier to tell the user what to look for – poor grammar, misspellings, unsolicited messages, etc. But in the case of deepfakes, the technology is getting so good, that audio can be generated in realtime, allowing a would-be attacker to interact directly with their victim and sound like someone of authority within the company.
Organisations need to elevate their employee’s level of vigilance through Security Awareness Training by educating them on the kinds of attacks used, and why their first thought should be one of scrutiny and not of simply complying with a received request.
Request Your Security Awareness Training Demo
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilise users as your last line of defense.
Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAWPS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: