SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Experts warn businesses of escalating cyber security threats

Thu, 21st Nov 2024

In the midst of International Fraud Awareness Week, experts are emphasising the importance of vigilance among organisations and individuals as cyber threats continue to evolve in complexity and frequency. As the digital landscape rapidly changes, the need for heightened awareness of fraudulent activities becomes more pressing.

Aaron Walton, a Threat Intelligence Analyst at Expel, highlights one of the most persistent and lucrative threats facing businesses today: Business Email Compromise (BEC). Walton explains that BEC involves attackers gaining access to business email accounts, which enables them to impersonate employees and potentially compromise financial transactions. Often initiated through phishing emails leading to fake login pages, these attacks allow cybercriminals to harvest credentials and bypass security measures, ultimately enabling them to manipulate email inbox rules in accordance with their fraudulent schemes.

Walton stresses the importance of awareness and prevention strategies, noting that organisations can protect against BEC by deploying technology to detect suspicious emails and encouraging employees to report unusual communications. He advises vigilance when emails request changes to sensitive information, like banking details, even if they appear to come from known sources. "It's crucial to recognise that attackers will exploit compromised accounts and prepare accordingly," he asserts.

Complementing Walton's insights, Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity, underscores the escalating threat landscape. According to Aldridge, the 2024 OpenText Cybersecurity Threat Perspective report has observed a notable rise in infection rates across businesses and consumer devices worldwide, marking the first increase since 2017. Regions including North America, Europe, Africa, and Australasia have all experienced this uptick from 2022 to 2023.

Aldridge identifies the proliferation of phishing scams as a primary concern, serving as a gateway to more extensive fraud operations designed to swiftly extract funds. BEC attacks, mentioned by both experts, remain a particularly profitable method in the fraudster's arsenal. Alarmingly, these attacks are being amplified by the incorporation of deepfake and AI technologies, significantly enhancing their effectiveness.

The retail sector, particularly online marketplaces and e-commerce platforms, also faces significant fraud risks. Aldridge notes the persistence of fraudulent listings, payment scams, counterfeit goods, account takeovers, and fraudulent chargebacks in these arenas. As such, the need for robust security measures and an informed user base is crucial.

Aldridge advocates for increased security awareness within organisations as a means of defence against these threats. This involves training employees to identify and respond to potential attacks promptly and ensuring all communications—whether email, SMS, or traditional postal services—are carefully vetted. Furthermore, Aldridge warns that social engineering tactics may extend beyond digital mediums, encompassing phone calls, voicemails, and video calls.

For individual consumers, Aldridge recommends a series of proactive security measures: maintaining up-to-date systems, using unique and secure passwords via password managers, adopting passkey or token-based authentication methods, and enabling multi-factor authentication wherever possible.

Both experts emphasize the critical role of awareness as the cornerstone of preventing fraud. By prioritising education and implementation of protective strategies, individuals and organisations can enhance their resilience against the ever-evolving tactics employed by cybercriminals.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X