The landscape of cybersecurity threats is rapidly evolving, with attackers refining their phishing methods to exploit human vulnerabilities.
Recent findings from ESET’s APT Activity Report highlight a concerning trend: threat actors are employing sophisticated social engineering techniques to establish relationships with potential victims before deploying malicious content.
North Korean Threat Actors Lead the Charge
North Korea-aligned groups, including Deceptive Development, Kimsuky, and Lazarus, have been at the forefront of this shift.
These groups have been observed using elaborate pretexting methods, such as fake job offers and interview requests, to build trust with their targets.
Once a relationship is established, the attackers deliver malicious packages disguised as legitimate documents or software.
The Rising Cost of Human Error
The human element continues to be a significant factor in data breaches.
Verizon’s 2024 Data Breach Investigations Report reveals that 68% of breaches involved a non-malicious human element, with phishing and pretexting accounting for 73% of these incidents.
The financial impact of such breaches is substantial, with IBM’s Cost of a Data Breach Report 2024 estimating the average loss due to phishing at USD4.88 million per breach.
Countering the Threat with Awareness Training
To combat these evolving threats, organizations are turning to cybersecurity awareness training.
ESET has responded to this need with the launch of its Cybersecurity Awareness Training program, designed to educate employees about current cyber threats and help businesses meet compliance and insurance requirements.
The training adopts a story-driven approach, engaging employees in understanding common bad habits that can endanger an entire company.
It also provides insights into the mindset of threat actors, explaining how they exploit social media profiles and other publicly available information to target individuals.
As the cybersecurity landscape continues to evolve, the importance of human-focused defense strategies cannot be overstated.
By combining technological solutions with comprehensive employee training, organizations can significantly reduce their vulnerability to these increasingly sophisticated phishing attacks.
