2019: Phishing is still alive and evolving!
Social engineering was always a less technical way to get into a system, but not the less effective way. The right question asked to the right person will give you much more than hours of cracking away at a password protected file.
Computer speeds have increased, technological advances and new methods gave us some of the best anti-virus and anti-malware software we could ever hope for. We have systems that can detect almost any threat
This, in turn, has advanced our competition as well, who are now using much more advanced forms of phishing, gone are those spelling mistakes, gone are those awkward introductions and more facts are present than ever in that mail regarding your company. Malicious attachments have started to decrease while the number of malicious links has increased. These are not limited to phishing, there are ads, pop-ups and fake competitions doing the rounds as well, all trying to direct you to those links. Firewalls struggle to keep up with the list of URLs that are safe and those that are malicious. Compromised legitimate sites now also host some of the malware making it even harder to detect.
All of this is targeted at your employees to disclose something, somewhere that can be beneficial in their exploit of your company. For all the bells and whistles we have, all of this gets circumvented to get the knowledge of those employees.
That is why it is crucial for any and every company to conduct regular training regarding cybersecurity threats, knowing what to look out for, knowing who to contact when something suspicious happens. The attacks will increase as the global economy suffers.
Be vigilant when it comes to your employees and know that educating them can be more valuable than losing a few hours of production a month.