How To Stay Alert Against New Cyberattack Methods

Planners need to stay alert against new cyberattack methods. Discover what smishing and vishing are, along with best practices. 

Vishing Smishing Cybersecurity

Cybercrimes have not disappeared. In fact, a cybercrime is committed every 39 seconds. Cybersecurity has simply fallen from the media. Those in cybersecurity continue to create protections, but as fast as they are created, the bad guys find ways to breach them and create new cyberattack methods. 

Topping the list is ransomware, whose victims are municipal governments, schools and other soft targets. The attacks not only focus on those believed to have lesser security in place, but also increase the extent of the attacks to include much or all of the target’s entire network. Ransomware attacks were estimated to cost $11.5 billion globally in 2019 alone and to occur once every 15 seconds. A new strain of ransomware targets servers, but researchers have yet to find how it is delivered to its victims. They caution organizations to ensure cybersecurity policies are current and, more importantly, that employees are trained and updated to help fight cybercrime.

By now, most people have heard of phishing, delivered primarily by email. Now meet smishing—phishing campaigns delivered by text messaging that masquerades as your mobile provider. Scammers send recipients messages telling them to update their billing information and provide a link to a page that appears to belong to the mobile provider. Since these attacks come from a phone number and not an email address, they are more difficult to examine for legitimacy. Currently, the best protection is awareness, and for businesses, training of employees.

While phishing is the most commonly known method of accessing data, others such as pretexting (scammer acquires personal data by telling the victim that certain pieces of personal information are needed to authenticate the victim’s identity); baiting (enticing the victim to deliver personal information with a free music download or other offer); quid pro quo (similar to baiting, which offers a good, quid pro quo offers a service such as claiming to be with the Social Security Administration and, because of a computer glitch, they need the victim to provide their personal information); vishing (scammer impersonates the IRS, with contact being made via telephone); and tailgating (unauthorized person impersonates a delivery person and follows an authorized person into a locked building by asking the person to hold the door open for them and then accesses rooms where data is stored) are on the rise.  

As more people move to cloud servers to store their data, scammers and hackers are moving in that direction as well. Cloud servers offer businesses both functionality and flexibility. Cybercriminals are adopting the cloud for the same purpose, even launching DDoS attacks from it. Whether intentional or not, the cloud also can serve as a platform for employee misuse. While the cloud is not less secure than a company’s IT infrastructure, the increased adoption of cloud servers are targets for cybercrimes.  

Finally, while your employees may be your biggest assets, they can be your worst enemies… and you may be to blame. Whether malicious or accidental, unless all employees are trained to recognize threats, your data may be at risk. If you do not have concise policies and procedures in place for BYOD (bringing your own device, which includes flash drives), the company’s entire network can be at risk for infection and data breach.  

 

Best Practices

1. Never open emails from unknown sources.

2. Do not accept offers from strangers.

3. Lock your computer or device before stepping away from it.

4. Ensure current antivirus protection is installed and updated on all your devices.

5. Never provide information to anyone over the phone.

6. Familiarize yourself with company policies on access to files, spaces and building entry.

 

MaryAnn Bobrow, CAE, CMP, CMM is president of Bobrow Associates Inc. She has more than 20 years of experience in association and meetings management. She is an active member of multiple industry associations, for which she also volunteers. Bobrow also authored chapters for industry-specific books and magazines, and presents webinars for several industry organizations. She is a frequent presenter at industry events as well. Learn more about Bobrow at bobrowassociates.com.