DUBAI — Currently, the most common method for cyber attackers to infiltrate organizations is through social engineering. At its core, social engineering isn’t about someone cracking code over their glowing keyboard in a dark room. It exploits an individual’s vulnerabilities, preying on human nature to deceive people into granting these attackers access.
Despite many believing they would never succumb to such attacks, the reality is that we all can be more susceptible at different times. Anyone experiencing heightened emotions can be easily duped into making security errors, providing unauthorized access to sensitive information, or even divulging that information themselves.
Take Valentine’s Day, for example. In the Middle East, this day has become a catalyst for cyberattacks, with attackers trying new methods to target victims, such as phishing emails masquerading as a florist or sharing links to Valentine’s gift offers on social media. Like romance, these scams are not confined to February 14, but that’s when victims are most vulnerable.
Even those with a special someone can experience heightened emotions around Valentine’s Day. If you’re excited about celebrating a milestone in your relationship, or you’re anticipating a surprise, you may be more inclined to click on that gift card offer without verifying its legitimacy.
While love, loneliness, and excitement are easily exploitable emotions, any factor impacting someone’s emotional state can make them a target. Recently, criminals in the region have exploited the vulnerabilities of the unemployed, with an uptick in those posing as fake job recruiters or placing fraudulent ads online.
Mitigating the Risk
Organizations can protect against these attacks in several ways. The risk inevitably rises with the use of non-business apps on corporate devices, leading some to adopt policies that completely restrict access to personal apps on business devices. The recent surge in AI has prompted many companies to consider blocking ChatGPT and other generative AI tools on their systems. However, a blanket ban on all non-business apps can foster a restrictive culture, hinder innovation, and signal distrust towards employees.
Enterprises can adopt a less intrusive method that utilizes intelligent tools and includes security teams routinely monitoring HTTP/HTTPS traffic, with a more flexible approach that leverages cloud technology in a single-pass architecture. They can employ multiple security measures, such as Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Threat and Data Loss Prevention (DLP).
Focus should also be on education and raising awareness, training users to stay vigilant right before they click a link or access an unauthorized application. Highlighting personal risks, not just the impact on the business, is crucial for helping individuals recognize their susceptibility. Using real-life examples of how attacks can affect—and originate from—people’s personal lives can enhance understanding of potential targeting methods.
Encouraging Partnership
Regardless of the measures an organization implements, completely preventing employees from clicking on malicious links is unfeasible, and the greatest risk often lies in users concealing cyber incidents, especially those resulting from social engineering attacks where they might feel personally at fault.
In the event of a compromise, quick action to mitigate the attack is essential, thus blaming the victims is counterproductive. The goal should be to cultivate a culture of cooperation where the workforce is engaged in the security process, rather than promoting a climate of fear. Educating employees within a framework of partnership can significantly reduce the chances of cybercriminals exploiting human vulnerabilities, helping to prevent emotional and financial heartbreak this Valentine’s Day and in the future.
Paolo Passeri is Cyber Intelligence Principal at Netskope.
The opinions expressed are those of the author and may not reflect the editorial policy or an official position held by TRENDS.