Are companies falling behind on cyber security awareness training?
New data from a Waterloo-based cyber security service suggests hackers have shifted their tactics and companies may not be keeping up.
Ryan Westman, senior manager of threat intelligence at eSentire, says spam emails and attachments have been the preferred route for sneaking malware into a target’s computer for many years.
“In 2020, email really dominated as the initial access factor at 66 per cent,” said Westman.
But it seems cyber criminals have found new attack methods.
“So in Q1, Q2 and Q3 in 2023, we’ve seen that browser-based initial access has really exploded to 47 per cent,” he said.
That accounts for nearly half of how all cyber attacks are making their way inside a computer. It comes as hackers have created millions of dangerous links that lead to fake websites.
“So what they’ll do is they’ll poison search engine results and it’ll basically result in someone searching for something like a legal document [being led to a fake site],” Westman said.
He adds that browser-based attacks can be trickier because they’re mimicking things like a Google ad, downloading a Zoom meeting or downloading a program like Adobe.
It seems companies are not keeping pace with these tactics as most continue to focus on identifying phishing emails.
“That’s actually one of the areas that I think the user awareness training needs to improve, is around the browser-based threats,” said Westman.
Some industries are more at risk of having sensitive information sold to other hackers on the dark web.
“Specifically in the case of what we’ve observed over the past year is a group referred to as the Gootloader malware group, they’ve specifically targeted the legal industry by poisoning search engine results for legal documents,” he said.
Just as companies begin learning of these new threats, another one is on the way. Westman said the rise of artificial intelligence could pose significant cyber security risks by 2025 – only adding to the constant game of digital cat and mouse.
HOW TO PROTECT YOURSELF
As simple as it sounds, Westman says an easy way someone can validate the information they’re seeing on a webpage is by reviewing the link they’ve visited.
“A really common thing would be to switch out an ‘E’ for a ‘3’ or a ‘1’ for an ‘L’ and it's very trivial, but it's very easy for a threat actor to stand up a page that looks and feels very similar to something like Adobe or a Zoom,” said Westman.
He also says a straightforward approach would be for companies to update their user awareness training to include browser-based threats.
It’s not the first time CTV News Kitchener has spoken with eSentire about cyber security.
They’ve offered tips for creating a strong password, maximizing cyber security, and even staying cyber safe during the Super Bowl.
CTVNews.ca Top Stories
'I got no remorse': Greg Fertuck, convicted of murdering missing spouse, sentenced to life in prison
Greg Fertuck will spend life behind bars with no chance of parole until he is 90 years old, a judge ruled on Thursday at Saskatoon's Court of King's Bench.
'Ford's dry summer begins': All LCBO stores closed as workers go on strike
All LCBO stores are closed on Friday as thousands of workers hit the picket lines after their union and employer failed to reach an agreement.
Britain's Labour on track for landslide victory, exit poll suggests, amid anger with Conservatives
Britain's Labour Party headed for a landslide victory Friday in a parliamentary election, an exit poll suggested, as voters punished the governing Conservatives after 14 years of economic and political upheaval.
Saskatchewan has the lowest hourly minimum wage. How does it stack up to the rest of Canada?
Hourly minimum wages increased in several Canadian provinces this spring with more on the horizon, which economists say will likely impact workers and businesses differently.
Trying to sell or buy a home this summer? What a realtor says you should know
In the first few weeks of summer, the real estate sector is experiencing an upturn marked by more housing inventory, a Canadian realtor says
No Frills grocery stores drop 'multi-buy' offer
As receipts tick ever higher for Canadians at the grocery store and shoppers continue to search for savings, one Canadian grocer has ended a perceived deal.
Hurricane Beryl churns toward Mexico after leaving destruction in Jamaica and eastern Caribbean
After leaving a trail of destruction across the eastern Caribbean and at least nine people dead, Hurricane Beryl weakened as it chugged over open water toward Mexico's Yucatan Peninsula on Thursday, going from the earliest Category 5 hurricane in the Atlantic to Category 2 by the afternoon.
CSIS director David Vigneault stepping down after seven years on the job
David Vigneault says he is stepping down from his job at the head of Canada’s spy agency. The director of the Canadian Security Intelligence Service, who spent seven years at the helm, is leaving the public service altogether.
Biden tells Democratic governors he needs more sleep and plans to stop scheduling events after 8 p.m.
U.S. President Joe Biden told Democratic governors during a meeting at the White House on Wednesday that part of his plan going forward is to stop scheduling events after 8 p.m. so that he can get more sleep, according to three sources briefed on his comments.