SBS's latest update on Ransomware & Phishing threats
CISOs (or an equivalent title or role) are still the key in protecting organizations from ever-present Phishing and Ransomware attacks.
Does your organization have a CISO? (Chief Information Security Officer)? If it’s a smaller organization or you have a more a traditional structure, probably not.
So, someone needs to step up and act like they are, to fill that critical role. Why? Ransomware and phishing attacks are once again on the rise. Like, ChatGPT? We do too but get this – hackers use ChatGPT/AI to create convincing phishing emails.
How about the annoying CAPTCHA (pick all the flowers you see)? Get this, they’re using CloudFlare’s CAPTCHAs to conceal credential harvesting forms. Plus, cybercriminals are using trusted services like Microsoft SharePoint, AWS and Salesforce to spread phishing and malware. Another tactic, QR codes; hackers use QR Codes in attacks – they now account for 11% of all malicious emails.
Back to CISOs – WFH is awesome right? Sure, but guess what - with the shift to remote/hybrid work – it expands the ‘attack surface’ for many organizations, making cybersecurity more complex and crucial. Why? There are now many more ways for hackers to attack employees (on their WFH laptop, work desktop PC, etc.).
What is one of the biggest vulnerabilities? Human error, this is where CISOs need to step up and keep reminding people about how simple negligence s the biggest culprit.CISOs need keep briefing and updating employees, making them aware of the latest cyber-threats. CISOs play a critical role in making sure their staff understand that they too, can play part in defending against cyber-threats.
Sources:
1. Infosecurity Magazine (CISs seeing increasing Cyber-Attacks): https://www.infosecurity-magazine.com/news/70-cisos-expect-cyberattacks-next/
2. Infosecurity Magazine (phishing attacks): https://www.infosecurity-magazine.com/news/341-rise-advanced-phishing-attacks/
3.Dark Reading (‘Ascension Healthcare Suffers Major Cyberattack”): https://www.darkreading.com/cyberattacks-data-breaches/ascension-healthcare-hit-by-cyberattack