Are companies falling behind on cyber security awareness training?
New data from a Waterloo-based cyber security service suggests hackers have shifted their tactics and companies may not be keeping up.
Ryan Westman, senior manager of threat intelligence at eSentire, says spam emails and attachments have been the preferred route for sneaking malware into a target’s computer for many years.
“In 2020, email really dominated as the initial access factor at 66 per cent,” said Westman.
But it seems cyber criminals have found new attack methods.
“So in Q1, Q2 and Q3 in 2023, we’ve seen that browser-based initial access has really exploded to 47 per cent,” he said.
That accounts for nearly half of how all cyber attacks are making their way inside a computer. It comes as hackers have created millions of dangerous links that lead to fake websites.
“So what they’ll do is they’ll poison search engine results and it’ll basically result in someone searching for something like a legal document [being led to a fake site],” Westman said.
He adds that browser-based attacks can be trickier because they’re mimicking things like a Google ad, downloading a Zoom meeting or downloading a program like Adobe.
It seems companies are not keeping pace with these tactics as most continue to focus on identifying phishing emails.
“That’s actually one of the areas that I think the user awareness training needs to improve, is around the browser-based threats,” said Westman.
Some industries are more at risk of having sensitive information sold to other hackers on the dark web.
“Specifically in the case of what we’ve observed over the past year is a group referred to as the Gootloader malware group, they’ve specifically targeted the legal industry by poisoning search engine results for legal documents,” he said.
Just as companies begin learning of these new threats, another one is on the way. Westman said the rise of artificial intelligence could pose significant cyber security risks by 2025 – only adding to the constant game of digital cat and mouse.
HOW TO PROTECT YOURSELF
As simple as it sounds, Westman says an easy way someone can validate the information they’re seeing on a webpage is by reviewing the link they’ve visited.
“A really common thing would be to switch out an ‘E’ for a ‘3’ or a ‘1’ for an ‘L’ and it's very trivial, but it's very easy for a threat actor to stand up a page that looks and feels very similar to something like Adobe or a Zoom,” said Westman.
He also says a straightforward approach would be for companies to update their user awareness training to include browser-based threats.
It’s not the first time CTV News Kitchener has spoken with eSentire about cyber security.
They’ve offered tips for creating a strong password, maximizing cyber security, and even staying cyber safe during the Super Bowl.
CTVNews.ca Top Stories
Canada Post strike: Union 'extremely disappointed' in latest offer, negotiator says
A negotiator for the Canadian Union of Postal Workers (CUPW) says the latest offer from Canada Post to end the ongoing strike shows the carrier is moving in the "opposite direction."
Trump is welcomed by Macron to Paris with presidential pomp and joined by Zelenskyy for their talks
French President Emmanuel Macron welcomed Donald Trump to Paris with a full dose of presidential pomp for the reopening of the Notre Dame Cathedral.
Digging themselves out: With Santa Claus parade cancelled, Londoners make best of snowy situation
Londoners continue to dig themselves out from this week’s massive snowstorm.
Canada's air force took video of object shot down over Yukon, updated image released
The Canadian military has released more details and an updated image of the unidentified object shot down over Canada's Yukon territory in February 2023.
U.S. announces nearly US$1 billion more in longer-term weapons support for Ukraine
The United States will provide nearly US$1 billion more in longer-term weapons support to Ukraine, Defense Secretary Lloyd Austin said Saturday.
Why finding the suspected CEO killer is harder than you might think
He killed a high-profile CEO on a sidewalk in America’s largest city, where thousands of surveillance cameras monitor millions of people every day.
Sask. doctor facing professional charges in circumcision case
A Saskatoon doctor has been accused of unprofessional conduct following a high-cost adult circumcision that included a request for the patient to text unsecured post-op pictures of his genitals.
An archbishop's knock formally restores Notre Dame to life as winds howl and heads of state look on
France's iconic Notre Dame Cathedral is formally reopening its doors on Saturday for the first time since a devastating fire nearly destroyed the 861-year-old landmark in 2019.
Man arrested after 16-hour standoff with Barrie police seeks to be released from custody
The 43-year-old man taken to hospital in distress following a 16-hour armed standoff with Barrie police last month is seeking bail.