Network

Vishing is Evolving

Vishing is EvolvingThe phishing tactic using voice calls, known as vishing, is increasing in use and evolving. A recent study found that almost half of organizations surveyed were targeted by voice call phishing or social engineering in the past year. Robocalls and attacks on mobile phones are starting to be challenged by mobile carriers. Most of us have experienced “Spam Risk” on a mobile phone over the past year. Criminals are adapting to the new restrictions and targeting organizations instead of individuals. Unlike individuals, businesses have to answer their phones in order to serve a customer base. Criminals know this and are taking advantage of vishing tactics at the organizational level.

Another change is voice call attacks are evolving from robocalls to more targeted spear phishing attacks. Criminals are doing research on businesses and employees and targeting individuals instead of calling thousands of numbers with an automated tool. Criminals use software to crawl the internet looking for open-source information on social media and other websites. When they have enough information to form a picture of habits and character, they contact the employee to start building a relationship. The criminal may impersonate a customer, vendor, or employee within the same business.

98% of cyberattacks use some element of social engineering. The study found phishing was not limited to voice calls. 32% of phishing attempts were made over text message or SMS, and 16% were made over collaboration tools like WebEx or Microsoft Teams. As the telecommunication industry responds to criminal activity, hackers will continue to evolve their tactics. Voice phishing calls utilize the same concepts used in all phishing attacks. Criminals usually try to create a sense of urgency, so the employees don’t have time to ask questions. They may pretend to be a vendor asking for a billing information or a coworker asking for a password so they can quickly get a job done. The study cited employee education as the greatest defense against evolving attack vectors.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Physical Security, Recent Posts, Small Business

Three Types of UPS (Uninterruptible Power Supply) – Back to Basics Podcast

Jack talks through the three types of UPS devices, and their benefits and application.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Physical Security, Small Business

Why Do Employees Break Cybersecurity Rules?

Employees Break Cybersecurity RulesRansomware is the number one cybersecurity threat to businesses of all sizes, and the metrics show that ransomware attacks continue to increase quarter after quarter. Cybersecurity has received mainstream headline attention with the Colonial Pipeline ransomware attack last year along with a number of other high-profile attacks on everything from city governments to the world’s largest meat producer. Business leaders are focusing and spending more on cybersecurity, and with the war in Ukraine, the US government is communicating directly with industries that control American infrastructure about cybersecurity.

With all of this new focus on cybersecurity, why do employees continue to break the rules, and open businesses up to attack? A new study by the National Science Foundation digs into this question.

The study followed 330 remote employees in a wide variety of industries and focused on adherence to cybersecurity policies, and stress levels of the employee. The study found that over a two-week work period 67% of employees reported they violated company cybersecurity policies at least once. The percentage averages about once in every 20 job tasks.

When asked why the employee did not follow cybersecurity policies the overwhelming three responses were, “to better accomplish tasks for my job,” “to get something I needed,” and “to help others get their work done.” Only 3% of responses reported malicious or retaliatory intent.

The employees reported they were more likely to knowingly violate cybersecurity protocols when they were stressed. The stresses cited were family, job security, and the stress of the cybersecurity protocol itself.

Cybersecurity training normally assumes the employee is either not aware of a protocol or is not following the protocol because of malicious intent. The study shows there is in fact a middle ground between these assumptions. Employees are more likely to understand the protocol, but purposefully do not follow it for productivity reasons or to help another employee.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business