Intelligent CIO Middle East Issue 59 | Page 27

HUMAN ERROR IS OFTEN SEEN AS A MAJOR CAUSE OF SECURITY INCIDENTS – IN FACT WE REPORTED THAT NEARLY A QUARTER OF THE BREACHES ANALYSED IN OUR 2020 DBIR WERE DUE TO THIS . organisations having far higher click rates – over 50 % in some cases . A phishing simulation performed on approximately 16,000 people in late March ( the early weeks of shelter-in-place for many states in the USA ) found that almost three times as many people not only clicked on the phishing link , but also provided their credentials to the simulated login page than in pre-COVID-19 tests late last year . This heightened emotional response is completely understandable when COVID- 19-related terms are involved and are being exploited by cybercriminals .
TRENDING
IT departments are being challenged to secure company assets on the corporate network while the majority of the workforce is out of the office . This has widened the number of remote targets for cybercriminals to target .
• Use of ransomware is spiking : We saw that several incidents reviewed within the COVID-19 dataset involved the use of ransomware . These involved the copying and posting of data ( either partially or entirely ) publicly online . Of the nine malware incidents in the COVID-19 dataset , seven were confirmed breaches demonstrating a spike in ransomware usage .
• Phishing emails play on emotions : Phishing has always been a popular cybercrime tactic . Prior to COVID-19 we flagged that credential theft and social attacks such as phishing and business email compromises were at the root of the majority of breaches ( over 67 %). Combine this attack success with uncertainty , fear and the need for COVID-19 information ,

HUMAN ERROR IS OFTEN SEEN AS A MAJOR CAUSE OF SECURITY INCIDENTS – IN FACT WE REPORTED THAT NEARLY A QUARTER OF THE BREACHES ANALYSED IN OUR 2020 DBIR WERE DUE TO THIS . organisations having far higher click rates – over 50 % in some cases . A phishing simulation performed on approximately 16,000 people in late March ( the early weeks of shelter-in-place for many states in the USA ) found that almost three times as many people not only clicked on the phishing link , but also provided their credentials to the simulated login page than in pre-COVID-19 tests late last year . This heightened emotional response is completely understandable when COVID- 19-related terms are involved and are being exploited by cybercriminals .

Comprehensive security strategies can help steer in these unchartered waters
Businesses around the globe have continued to focus on serving their employees and customers as a priority throughout the pandemic . Armed with insights into the evolving tactics used by cybercriminals during this period and comprehensive security strategies – such as Managed then you will understand why phishing emails containing the words COVID , CORONAVIRUS , masks , test , quarantine and vaccine were found to be widely used within this time period . We saw phishing emails unrelated to COVID-19 had a slightly lower click rate ( with a median of 3.1 %). The phishing emails that were linked to COVID-19 had a somewhat higher median at 4.1 % and showed more
Security Services , identity solutions and , most importantly , ongoing employee education – we can set a more productive course to help create a more secure business environment and maintain business momentum . • www . intelligentcio . com INTELLIGENTCIO
27