In the ’new normal’, employees in the home office are more threatened than ever by phishing attacks, says Dr. Niklas Hellemann of SoSafe. As an expert, he will be presenting a multi-layered approach to cybersecurity awareness at ISD 2021. Here are a few tips for companies.
Dr. Hellemann, have cyber threats been increasing since the start of the Covid-19 pandemic?
Unfortunately, yes, cyber criminals take advantage of people being more vulnerable in the home office without qualms. The number of phishing attacks skyrocketed shortly after the start of the pandemic. This is what our annual SoSafe study, the Human Risk Review 2021, shows. It is more likely that employees working from home are becoming victims of phishing attacks. The damage of successful attacks has also grown dramatically. Last year, 52.5 billion Euro of damage in Germany alone was due to attacks in the home office, 31 billion more than before the pandemic, a recent study by the Institute of the German Industry (IW) shows. Attacks are becoming increasingly complex, involving not only email but also all other communication channels, such as telephone, messenger and video conferencing.
How can responsible parties avert high damages caused by cybercrime?
To increase IT security, companies must first do their homework on hardware. Once the pandemic began, many people had initially continued to work with private devices at home without paying sufficient attention to security vulnerabilities. In the meantime, IT security officers should have been clearly designated, encryption and VPN should have been installed, and updates for all devices should be ensured. As a next step, employees also need to be trained on how to recognize and deal with threats. Training should also include new remote working software; otherwise, phishing email success rates will quickly go up. In this regard, awareness solutions help very well, and that is why more and more companies are opting for one.
But is it enough to call on employees to be mindful?
Employees should indeed be informed about dangerous situationsHowever, this does not suffice for colleagues to adjust their own behaviour. The danger is very great because cybercriminals are constantly changing their attacks and running them through multiple channels. Training also needs to be delivered through multiple channels, such as phone calls or messenger programmes. Regular short trainings are better than infrequent and long ones – we favour “micro-learning”. The constant confrontation of the employees with the dangers and issues encourages them to be actively aware. By using examples to let them experience for themselves what a possible attack could look like, they develop a gut feeling for potential attacks. If you then look closely and question it, you will see the real attack when it comes.
Thank you very much for the interview, Dr. Hellemann!
Dr. Niklas Hellemann will provide more information about this in his talk The New Normal – a multi-layer approach to cybersecurity awareness on 17 September at 2:30pm at the Internet Security Days. He looks forward to questions and an exciting discussion afterwards. Find out more about the German-language Internet Security Days, online from 15 to 17 September.