Are companies falling behind on cyber security awareness training?
New data from a Waterloo-based cyber security service suggests hackers have shifted their tactics and companies may not be keeping up.
Ryan Westman, senior manager of threat intelligence at eSentire, says spam emails and attachments have been the preferred route for sneaking malware into a target’s computer for many years.
“In 2020, email really dominated as the initial access factor at 66 per cent,” said Westman.
But it seems cyber criminals have found new attack methods.
“So in Q1, Q2 and Q3 in 2023, we’ve seen that browser-based initial access has really exploded to 47 per cent,” he said.
That accounts for nearly half of how all cyber attacks are making their way inside a computer. It comes as hackers have created millions of dangerous links that lead to fake websites.
“So what they’ll do is they’ll poison search engine results and it’ll basically result in someone searching for something like a legal document [being led to a fake site],” Westman said.
He adds that browser-based attacks can be trickier because they’re mimicking things like a Google ad, downloading a Zoom meeting or downloading a program like Adobe.
It seems companies are not keeping pace with these tactics as most continue to focus on identifying phishing emails.
“That’s actually one of the areas that I think the user awareness training needs to improve, is around the browser-based threats,” said Westman.
Some industries are more at risk of having sensitive information sold to other hackers on the dark web.
“Specifically in the case of what we’ve observed over the past year is a group referred to as the Gootloader malware group, they’ve specifically targeted the legal industry by poisoning search engine results for legal documents,” he said.
Just as companies begin learning of these new threats, another one is on the way. Westman said the rise of artificial intelligence could pose significant cyber security risks by 2025 – only adding to the constant game of digital cat and mouse.
HOW TO PROTECT YOURSELF
As simple as it sounds, Westman says an easy way someone can validate the information they’re seeing on a webpage is by reviewing the link they’ve visited.
“A really common thing would be to switch out an ‘E’ for a ‘3’ or a ‘1’ for an ‘L’ and it's very trivial, but it's very easy for a threat actor to stand up a page that looks and feels very similar to something like Adobe or a Zoom,” said Westman.
He also says a straightforward approach would be for companies to update their user awareness training to include browser-based threats.
It’s not the first time CTV News Kitchener has spoken with eSentire about cyber security.
They’ve offered tips for creating a strong password, maximizing cyber security, and even staying cyber safe during the Super Bowl.
CTVNews.ca Top Stories
BREAKING Suspect shot after multiple people stabbed in downtown Vancouver: police
A 'number of people' were stabbed in downtown Vancouver Wednesday before a suspect was shot by police, authorities say.
DEVELOPING As police search for suspect, disturbing video surfaces after U.S. health-care CEO gunned down in New York
UnitedHealthcare CEO Brian Thompson was killed Wednesday morning in what investigators suspect was a targeted shooting outside a Manhattan hotel where the health insurer was holding an investor conference.
'Utterly absurd': Freeland rebuffs Poilievre's offer of two hours to present fall economic statement
Deputy Prime Minister and Finance Minister Chrystia Freeland has rebuffed Conservative Leader Pierre Poilievre's offer to give up two hours of scheduled opposition time next Monday to present the awaited fall economic statement as 'utterly absurd.'
Minister 'extremely concerned' after Air Canada announces change to carry-on bags
Air Canada plans to bar carry-on bags and impose a seat selection fee for its lowest-fare customers in the new year.
Canadian appears in U.S. court in decades-old cold case
Robert Creter made his first court appearance since his extradition to the United States from Winnipeg. He's the prime suspect in the murder of 23-year-old Tami Tignor – a cold case dating back to 1997.
French government toppled in historic no-confidence vote
French opposition lawmakers brought the government down on Wednesday, throwing the European Union's second-biggest economic power deeper into a political crisis that threatens its capacity to legislate and rein in a massive budget deficit.
Why are some Canada Post outlets still open during CUPW strike?
As many postal workers continue to strike across the country, some Canadians have been puzzled by the fact some Canada Post offices and retail outlets remain open.
Woman who stowed away on plane to Paris placed on flight back to U.S.
A Russian woman who stowed away on a Delta Air Lines flight from New York to Paris last week is on her way back to the United States.
Warm, wet winter expected in much of Canada, say forecasters
Federal forecasters expect a warmer-than-normal start to winter in most of Canada, with more precipitation than usual in parts of the country.