If you’re tasked with securing your organization, your employees are usually one of the first priorities. Malicious actors know that employees are often an easy way to break into a company and many of the most common types of attacks target employees. These can include:
Phishing: Spam emails that try to get an employee to click and download a malicious link or enter their credentials on a site impersonating a legitimate log-in page. Business Email Compromise (BEC): Hackers will send an invoice or a similar kind of email to a key employee who would be able to initiate a wire transfer. It’s an easy way for hackers to siphon cash from a business. Brute Force/Account Takeover: If your employees use weak passwords or aren’t careful with their accounts, a bad actor may be able to find their way into an account, compromising your organization. Social engineering: These can include impersonations of IT, HR, or finance where employees are asked to give up sensitive files or information that can damage an organization.
Many of these attacks have surged dramatically since the pandemic. The Anti-Phishing Working Group (APWG) reported that June 2021 saw over 200K phishing attacks, the third-worst month since