Are companies falling behind on cyber security awareness training?
New data from a Waterloo-based cyber security service suggests hackers have shifted their tactics and companies may not be keeping up.
Ryan Westman, senior manager of threat intelligence at eSentire, says spam emails and attachments have been the preferred route for sneaking malware into a target’s computer for many years.
“In 2020, email really dominated as the initial access factor at 66 per cent,” said Westman.
But it seems cyber criminals have found new attack methods.
“So in Q1, Q2 and Q3 in 2023, we’ve seen that browser-based initial access has really exploded to 47 per cent,” he said.
That accounts for nearly half of how all cyber attacks are making their way inside a computer. It comes as hackers have created millions of dangerous links that lead to fake websites.
“So what they’ll do is they’ll poison search engine results and it’ll basically result in someone searching for something like a legal document [being led to a fake site],” Westman said.
He adds that browser-based attacks can be trickier because they’re mimicking things like a Google ad, downloading a Zoom meeting or downloading a program like Adobe.
It seems companies are not keeping pace with these tactics as most continue to focus on identifying phishing emails.
“That’s actually one of the areas that I think the user awareness training needs to improve, is around the browser-based threats,” said Westman.
Some industries are more at risk of having sensitive information sold to other hackers on the dark web.
“Specifically in the case of what we’ve observed over the past year is a group referred to as the Gootloader malware group, they’ve specifically targeted the legal industry by poisoning search engine results for legal documents,” he said.
Just as companies begin learning of these new threats, another one is on the way. Westman said the rise of artificial intelligence could pose significant cyber security risks by 2025 – only adding to the constant game of digital cat and mouse.
HOW TO PROTECT YOURSELF
As simple as it sounds, Westman says an easy way someone can validate the information they’re seeing on a webpage is by reviewing the link they’ve visited.
“A really common thing would be to switch out an ‘E’ for a ‘3’ or a ‘1’ for an ‘L’ and it's very trivial, but it's very easy for a threat actor to stand up a page that looks and feels very similar to something like Adobe or a Zoom,” said Westman.
He also says a straightforward approach would be for companies to update their user awareness training to include browser-based threats.
It’s not the first time CTV News Kitchener has spoken with eSentire about cyber security.
They’ve offered tips for creating a strong password, maximizing cyber security, and even staying cyber safe during the Super Bowl.
CTVNews.ca Top Stories
From essential goods to common stocking stuffers, Trudeau offering Canadians temporary tax relief
Canadians will soon receive a temporary tax break on several items, along with a one-time $250 rebate, Prime Minister Justin Trudeau announced Thursday.
BREAKING Matt Gaetz drops bid for Trump attorney general in face of U.S. Senate opposition
Hardline Republican Matt Gaetz withdrew his name from consideration as U.S. president-elect Donald Trump's attorney general, in the face of opposition from the Senate Republicans whose support he would have needed to win the job.
Mother charged after infant dies in midtown Toronto: police
The mother of an infant who died after being found at an apartment building in midtown Toronto on Wednesday has been charged with failing to provide the necessaries of life.
Here's a list of items that will be GST/HST-free over the holidays
Canadians won’t have to pay GST on a selection of items this holiday season, the prime minister vowed on Thursday.
Manitoba RCMP issue Canada-wide warrant for Ontario semi-driver charged in deadly crash
Manitoba RCMP have issued a Canada-wide arrest warrant for the semi-driver involved in a crash that killed an eight-year-old girl and her mother.
2 arrested during Greenpeace protest outside Stornoway residence in Ottawa
Two people have been arrested following a protest outside Stornoway, the official residence of Canada's leader of the Opposition.
Arrest warrant issued for suspect charged in Toronto airport gold heist
Peel police say a bench warrant has been issued for the arrest of one of the suspects charged in connection with the gold heist at Pearson International Airport last year.
'This is cold': P.E.I. mother upset over decision to remove late daughter's photos from school memorial wall
A high school on Prince Edward Island is removing pictures of its late students from a memorial wall – a decision that has upset one mother whose daughter attended the school.
Son of Norway crown princess detained for one week in rape probe
The son of Norway's crown princess will be jailed for up to one week while police investigate accusations of rape made against him, a judge ruled on Wednesday.