INTERVIEW
THE RISE OF SOCIAL ENGINEERING ATTACKS DUANE NICOL, CYBERSECURITY AWARENESS EVANGELIST AT MIMECAST, TALKS ABOUT THE NEW SOCIAL ENGINEERING TACTICS THREAT ACTORS USING TO GAIN ACCESS TO DATA.
H
ow are cybercriminals exploiting human behaviour? Cybercriminals tend to capitalise on basic human nature, for example by sending emails to people announcing that they’ve won a prize and simply need to click on a link to redeem it, or by sending fake offers on highvalue items in mails that look like they come from legitimate brands. These types of attacks are effective even when end-users are aware of the potential risks. In Mimecast’s latest Brand Trust research, 82% of consumers in the UAE and 80% in KSA said they understand the risks of phishing and 81% in both markets agreed anyone can be a victim of cybercrime. However, three-quarters (75%) in the UAE and more than half (57%) in KSA admitted to still opening a phishing email, and twothirds (67%) of UAE and half (48%) of KSA respondents said they received a phishing email forwarded from a friend or family member. Our natural excitement at winning a prize or gaining access to an amazing deal on a product or item we really like creates gaps for cybercriminals to exploit. Our research found that the most common phishing emails or texts that people in the UAE receive include notices of prize winnings (39% in UAE 20
CXO INSIGHT ME
OCTOBER 2021
and 58% in KSA), too-good-to-betrue special offers (26% in UAE and 27% in KSA) and, unsurprisingly in light of the pandemic, notices that the person now qualifies to receive the COVID-19 vaccine, reported by 28% of respondents from the UAE. Although only 12% reported the same in KSA. In addition, messages from trusted suppliers such as banks or insurance
ONCE IN, THE CYBERCRIMINAL CAN DO UNTOLD DAMAGE TO THE BANK’S NETWORK, ACCESS CONFIDENTIAL FILES, IMPERSONATE KEY STAKEHOLDERS WITHIN THE ORGANISATION, COMMIT FRAUD ON A MASSIVE SCALE AND EVEN INFECT THE NETWORK WITH MALWARE THAT COULD TAKE SERVICES OFFLINE AND LEAD TO CATASTROPHIC FINANCIAL LOSSES AND SEVERE DAMAGE TO THE BANK’S REPUTATION.
firms that highlight supposed issues with the security of one’s account or issues with account payment are also common. Around one third (30% in UAE and 34% in KSA) of respondents to our research have received phishing mails about someone supposedly trying to access an account, while 27% in UAE and 36% in KSA received a message telling them to check their account immediately. Unfortunately, many consumers simply react to the message by clicking on the link provided and give the cybercriminals a welcome gap to exploit, with sometimes devastating consequences for the consumer and often their employer. Do you see an increase in phishing attacks during this pandemic? Cybercriminals thrive on disruption and confusion, and with the initial impact of the pandemic and its subsequent lockdowns, organisations across the region have experienced higher volumes of attacks across all types. As organisations start transitioning workers back to the office on a full-time or part-time basis, threat actors again sense an opportunity to capitalise on uncertainty by launching waves of phishing, ransomware and impersonation attacks. In Mimecast’s State of Email Security 2021 report, three-quarters
