Are companies falling behind on cyber security awareness training?
New data from a Waterloo-based cyber security service suggests hackers have shifted their tactics and companies may not be keeping up.
Ryan Westman, senior manager of threat intelligence at eSentire, says spam emails and attachments have been the preferred route for sneaking malware into a target’s computer for many years.
“In 2020, email really dominated as the initial access factor at 66 per cent,” said Westman.
But it seems cyber criminals have found new attack methods.
“So in Q1, Q2 and Q3 in 2023, we’ve seen that browser-based initial access has really exploded to 47 per cent,” he said.
That accounts for nearly half of how all cyber attacks are making their way inside a computer. It comes as hackers have created millions of dangerous links that lead to fake websites.
“So what they’ll do is they’ll poison search engine results and it’ll basically result in someone searching for something like a legal document [being led to a fake site],” Westman said.
He adds that browser-based attacks can be trickier because they’re mimicking things like a Google ad, downloading a Zoom meeting or downloading a program like Adobe.
It seems companies are not keeping pace with these tactics as most continue to focus on identifying phishing emails.
“That’s actually one of the areas that I think the user awareness training needs to improve, is around the browser-based threats,” said Westman.
Some industries are more at risk of having sensitive information sold to other hackers on the dark web.
“Specifically in the case of what we’ve observed over the past year is a group referred to as the Gootloader malware group, they’ve specifically targeted the legal industry by poisoning search engine results for legal documents,” he said.
Just as companies begin learning of these new threats, another one is on the way. Westman said the rise of artificial intelligence could pose significant cyber security risks by 2025 – only adding to the constant game of digital cat and mouse.
HOW TO PROTECT YOURSELF
As simple as it sounds, Westman says an easy way someone can validate the information they’re seeing on a webpage is by reviewing the link they’ve visited.
“A really common thing would be to switch out an ‘E’ for a ‘3’ or a ‘1’ for an ‘L’ and it's very trivial, but it's very easy for a threat actor to stand up a page that looks and feels very similar to something like Adobe or a Zoom,” said Westman.
He also says a straightforward approach would be for companies to update their user awareness training to include browser-based threats.
It’s not the first time CTV News Kitchener has spoken with eSentire about cyber security.
They’ve offered tips for creating a strong password, maximizing cyber security, and even staying cyber safe during the Super Bowl.
CTVNews.ca Top Stories
![](https://www.ctvnews.ca/polopoly_fs/1.6960763.1720739914!/httpImage/image.jpg_gen/derivatives/landscape_800/image.jpg)
'It's scary': 3 Ontario men lose $373,000 to crypto investment fraud
Three men across Ontario are speaking out after losing hundreds of thousands of dollars to a cryptocurrency investment scam, including one man in Brampton who lost $226,000.
Poilievre says Trudeau a 'human pinata' at NATO, still won't commit to spending goal
Pierre Poilievre says NATO allies treated Prime Minister Justin Trudeau like a human pinata at the leaders' summit this week — but he still won't commit to the alliance's spending goal.
One person in hospital after falling from swing ride at Canada's Wonderland
One person has been hospitalized after falling from a swing ride at Canada's Wonderland.
Black bear 'wreaked havoc' on car after being locked inside, RCMP say
A black bear accidentally got locked in a car in Coquitlam Thursday, destroying the interior before being freed by police.
2 bodies believed to be from B.C. wash ashore Sable Island, N.S.
Nova Scotia RCMP say a boat containing the bodies of two people believed to be from British Columbia washed ashore the Sable Island National Park Reserve earlier this week.
These Picassos prompted a gender war at an Australian gallery. Now the curator says she painted them
They were billed as artworks by Pablo Picasso, paintings so valuable that an Australian art museum’s decision to display them in an exhibition restricted to women visitors provoked a gender discrimination lawsuit. The paintings again prompted international headlines when the gallery re-hung them in a women’s restroom to sidestep a legal ruling that said men could not be barred from viewing them.
No drinking water at McGill University Hospital Centre after major aqueduct failure
The MUHC says it has no potable water at its facilities at the Glen site after a major aqueduct failure.
Ben Affleck and Jennifer Lopez publicly list their house for sale
Ben Affleck and Jennifer Lopez have added a tiny bit of fuel to the fire surrounding their marriage. Amid speculation that the pair are struggling in their relationship after marrying about two years ago, the couple has listed their 12-bedroom, 24-bathroom California home for sale.
Community evacuated in northern Alberta as wildfire creeps closer to highway
A northern Alberta community declared a local state of emergency Thursday after wildfires close to it forced the evacuation of almost 1,000 residents.