In this blog, we frequently focus on how organizations can protect against malicious insider threats. However, we haven’t forgotten about external threats. Today, we want to dive into the rise in malicious external threats and how organizations can best protect their workforce and company data.
It’s not unusual for hackers to develop new and sophisticated ways of stealing data, and last year many cyber security experts issued warnings around the rise in online shopping because of the pandemic. While we transition to a new normal, the same advice applies: cybercriminals tend to capitalize on key events where online shopping increases—and Mother’s Day could be such an event.
Malicious actors don’t observe holidays. They work 24/7, using any opportunity to catch organizations and employees off guard. Organizations must utilize insight into employee behavior exhibited throughout the year, including around major holidays, to ensure that they don’t inadvertently expose important data and assets to theft by malicious threat actors.
To help organizations better protect themselves this Mother’s Day, I sat down with the rest of the DTEX i3 team to discuss what we’ve been seeing leading up to this holiday and what employee behaviors can lead to risk. The biggest vulnerability we observed: employees using corporate devices for personal use, including e-commerce-related activities.
It’s often expected that employees will shop or perform non-work related research in between their work tasks. In general, organizations can expect a minimum of 3-8% of their employee base to perform online shopping activities on a corporate asset on a monthly basis. Because of this, those employees are highly susceptible targets for external threat actors and from a security perspective this isn’t ideal. External threat actors can utilize scams, email attacks and other methods to compromise organizational security.
A primary way for organizations to protect against this increased risk is to combine unique human insights and actionable intelligence into workforce cyber intelligence and security strategies.
Typically, advertisers develop targeted campaigns around major holidays or local events as users are much more inclined to react and interact to the message—such as “top 10 gifts for Mother’s Day.” Approximately 60 days ahead of Mother’s Day, we observed a clear increase in online activity with individuals receiving emails, banner ads, and social media promotions. There also tends to be an increase in searching for discount codes and coupons. These campaigns and increase in searches provide an opportunity for external actors to capitalize on vulnerable employees. While it may seem obvious to those who work in cyber security, conducting internal security training on how to spot scams and phishing attempts can help protect and inform employees who may not otherwise know what to look for.
These small steps can go a long way to protect enterprises from malicious external threats. Check out our resources page for more insights to keep your organization protected throughout the year.
After all, the difference is human.