Connect with us

Business

Social Engineering Tactics Are Evolving, Enterprises Must Keep Pace to Mitigate

By Jack Garnsey, Subject Matter Expert – Email Security, VIPRE Security Group

Social engineering attacks by cyber criminals are not only relentless, but they are rapidly evolving with new tactics being deployed too. However, phishing remains the preferred social engineering tactic. This is demonstrated by research that has processed nearly two billion emails. Of these, 233.9 million emails were malicious – showing that cybercriminals are increasingly adopting foul links that require ever more investigation to uncover. This is possibly because current signature-based investigation tools are now so effective and ubiquitous that threat actors are forced to either engineer a way around them or get caught.

Furthermore, the research detects these malicious emails due to content (110 million) and due to links (118 million) – almost evenly split between these. Following content and links, malicious emails were also discovered due to attachments, standing at 5.44 million.

Common approaches to social engineering

Criminals are using all manner of approaches for social engineering. They are using spam emails to fraud, especially business email compromise. With the use of AI technology such as ChatGPT and others, phishing emails are becoming even harder for people to identify. The tell-tale signs of poor sentence construction, spelling mistakes, lack of subject context and so on, no longer exist.

PDF attachments as an attack vector is gaining favour with criminals. Majority of devices and operating systems today have an integrated PDF reader. This universal compatibility across all platforms makes it an ideal weapon of choice for attackers looking to cast a wide net. One reason is because malicious hackers can make us think that there’s payment-related information inside. Once opened, the PDF potentially contains a link to a malicious page or releases malware on to the PC. Criminals are using malicious PDFs as a vehicle for QR codes too.

Stealing passwords is another commonplace phishing technique. Many of us will recognise emails urgently alerting us to update the password for the applications we use on a daily basis in our professional and personal lives. An example is a password update request from Microsoft – “Your Microsoft Office 365 password is set to expire today. Immediate action required – change or keep your current password.”  In fact, Microsoft was the most spoofed name in Q3 of 2023.

Heard of callback phishing? Cybercriminals send an email to an unsuspecting employee, posing as a service or product provider. Instilling urgency, these emails prompt the individual to “call back” on a phone number. So, when the user calls them, they are duped out of their information over the phone, or they are given “sign in” links to verify information and end up losing sensitive data in the process. The absence of malicious files within the content of either the email or attachments makes it easier to slip past the radar and evade detection.

A relatively new trend that is gaining momentum is the utilisation of LinkedIn Slink for URL redirection. To allow its platform users to better promote their own ads or websites, LinkedIn introduced LinkedIn Slink (“smart link”). This “clean” LinkedIn URL enables users to redirect traffic directly to external websites while more easily tracking their ad campaigns. Clearly a useful feature, the problem is that these types of links slip through the net of many security protocols and so have become a favourite of social engineers.

Education, education, education

All hands on deck, the saying goes! In that vein, a comprehensive strategy is needed to ensure protection – from timely patching, archiving or backing up data, monitoring and auditing access controls and penetration testing through to properly configuring and monitoring email gateways and firewalls and phishing simulations.

However, underpinning all this must be regular security education and awareness training to ensure that employees are always up-to-date on knowledge and vigilant against the newest social engineering techniques that criminals are deploying to fraud them with. It helps to embed a cybersecurity conscious culture and security-first attitude in the workplace.

A key focus of the education and training programme must be on motivating employees to take an active role in threat detection and protection. Good cyber hygiene knowledge is about giving employees peace of mind that their organisation and job are secure, but also that they have the knowledge to protect their friends and loved ones.

Employees need regular training reinforcement throughout the year if they are to be expected to remember and apply best practices over this time. Single, annual courses or classroom sessions are not sufficient given that people forget training shortly after these sessions. If adult learning best practices and techniques, such as spaced learning, are not implemented as part of a security awareness training program, then it will not succeed.

Additionally, targeted training must be designed for role types – far too often, a broad-brush approach to cyber training and education is undertaken, making it a tick-box exercise. For example, a company’s risk and compliance team needs cyber training that takes into account the demands of regulatory bodies, business development teams need to know all about incident reporting, the product development department must be trained on how best to secure the software supply chain, security teams must be trained on advances in threat detection, end users must understand how to spot a phishing email or deepfake, and so forth. Training that is tailored specially for business leaders is equally important.

There is no end in sight when it comes to social engineering attacks. End users of technology are constantly under attack, vigilance supported by security education and knowledge to help intuitively spot social engineering is a critical defence – be that in the form of deceitful emails, malicious QR codes and links, or any other such techniques.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Enhancing sustainable commitments in retail banking

Source: Finance Derivative

Mikko Kähkönen, Head of Payment Cards Portfolio at Giesecke+Devrient

Today, more consumers are keeping environmental pledges from banks at the forefront of their financial decisions, and those banks that fall behind their competitors on sustainable action are risking the loss of customers, particularly among the younger generation. This shift highlights a growing expectation from consumers for their banks to make and uphold sustainable commitments, signalling a change in consumer priorities where environmental responsibility is increasingly seen as essential, not just an optional extra. Giesecke+Devrient research shows that as many as 64% of Gen Z consumers would be happy to switch banks if their current provider didn’t meet their expectations.

However, sustainable commitments must be authentic to avoid any accusations of greenwashing. Unfortunately for the banking sector, consumer trust is being strained as greenwashing incidents have risen by 70% around the world. Banks can’t simply make claims that can’t be backed up; pledges must be supported by evidence. There’s a number of practical steps they can take to prove their credentials.

Banking on the evolution of cards

The bank card has increasingly become a physical symbol of the relationship between consumer and bank. As such, banks have taken steps to ensure that it is designed with sustainability in mind. Many are now created with recycled PVC material, commonly up to 100%, with a lower carbon footprint.

Some banks are elevating their sustainable credentials by utilising cards that are made from plastic collected in oceans and coastal regions, helping to clear up the world’s beaches. Alongside this, others are issuing cards made of polylactic acid sourced from (inedible) corn starch. This is a fully renewable biomass that could be industrially composted.

Sustainable cards can then encourage further sustainable initiatives. We’re more often seeing issuers now actively taking part in local conservation, community development and educational projects around the world to help benefit the planet. Communicating these efforts to customers can help reinforce sustainable credentials and leave tangible evidence that proactive action is taking place.

Contributing to the circular economy

Powering the sustainable credentials of issued cards is one aspect, but it’s also vital that banks encourage their customers to do the right thing with them once they expire and they need to be discarded of. We’re already seeing prominent banks making progress in this area. UK retail bank, Santander, has launched a pilot scheme in branches and ATMs that encourages customers to return their outdated credit and debit cards for recycling, for example.

The collected cards are then turned into plastic pellets to be used elsewhere, for instance to make outdoor furniture, sponsored by Santander, for local communities. As more banks opt for card recycling, consumers will be empowered to dispose of their old or expired cards in a green way and help to reduce ecological footprint.

Into the digital world

Outside of card innovations, retail banks can add to their credible green claims with digital solutions. As an example, the card issuance process has typically involved paper letters, with additional PIN letter, that are posted out to customers to activate their payment cards. Instead, an ePIN service can enable customers to instantly access their PIN via their choice of a mobile app or SMS message, reducing paper waste and waiting times.

There are also innovations taking place in terms of QR codes and augmented reality (AR) solutions to enable digital marketing offerings. This means that printed collateral doesn’t need to physically sent out in the post. The more that these types of communications are sent out digitally, the more that consumers see a tangible commitment to sustainable practices.

Banks can even take an additional step by deploying third-party partners to track the CO2 footprint involved with every purchase or payment. By opting for organisations that have a solid track record in green practices, such as supporting product certifications and information on eco-products and their claims, they can make steps to compensate for each transaction carbon footprint.

Contributing to the green story

To ensure they don’t come under any criticism regarding their environmental claims, banks and financial institutions have the opportunity to adopt sustainable practices that align with their customers’ expectations for eco-friendly commitments in both their physical and digital services. They can introduce banking cards made from recycled or entirely compostable materials, eliminating plastic waste.

Digitally, banks can minimise unnecessary paper use by employing online applications to simplify the process of delivering PINs. By innovating in these domains, they can fulfil their environmental responsibilities and establish that essential trust with consumers, contributing positively to the planet’s wellbeing.

Continue Reading

Business

Successfully dealing with the unintended consequences of change

by Daniel Norman, Change Management Consultant at Symatrix

Most people dislike change. We are drawn to stability and established routines and feel unsettled when anything happens to disrupt the ‘status quo’. It’s bad enough when the local supermarket moves the bread section – but when the company we work for introduces a new digital system that completely changes how we work, it feels like ‘the sky is falling in’.

When change happens within businesses, there may initially be some resistance from employees: whether it be in the form of avoiding new systems, skipping training, clinging to old methods, or even quitting altogether. Change in business is a constant, however, and it is usually driven by a desire for improvement, and typically over time, becomes the new normal.

Good change management is all about smoothing this process of transition and that means engaging with people and helping them to seamlessly switch to a new model or ways of working.  Change management is not just concerned with implementing new systems or processes; it is just as much about listening intently to colleagues, customers, and stakeholders.

It’s working with people to get things right, building a deep understanding of the challenges we and our colleagues face, and shaping the vision for a future that resonates with people. Change is most successful when everyone feels they have a part to play in moving things forward. And that’s true of all change initiatives, large and small.

Finding a way forward

When it comes to managing change, it’s important to recognise that everyone will have their own journey; they’ll work through things at their own pace, and that’s more sustainable than pretending we’ll all arrive at the same point at the same time.

 It’s also important to focus on creating a supportive environment, or the right conditions for people to adapt, with as little friction as possible. The goal is to establish conditions that minimise friction and foster a collective sense of purpose. This philosophy is crucial in creating a environment conducive to individual and organisational growth.

Getting the planning process right

When planning for change, it’s essential to consider both the intended and unintended consequences. Just as technological advancements like social media have transformed communication but also introduced challenges such as misinformation and mental health concerns, organisational changes can have extensive, unforeseen impacts. A thorough exploration of current operational practices, beyond process maps or managerial assertions, is therefore, always a vital feature of any effective change management approach.

For that reason, it can often be a mistake to pull out those process maps the team updated 12 months ago or rely on the word of line managers that will tell you ‘this is how we operate’ without taking into consideration the work-arounds or simplifications that employees have developed over time.

Teams will naturally evolve, and patterns of work; ways of doing things that aren’t written down, will always be there. A good change manager must always be cognisant of that. Even small changes, like when a key person in the team changes roles, can have a big impact.

To manage change well, it’s important to talk to the people who will be most affected by it. This helps change managers to plan and effectively execute the change journey. By ignoring these key considerations, organisations risk their change strategy stalling from the outset and the opportunity for operational efficiencies may therefore never be fully realised.

Throughout the process, it is crucial to continuously monitor and measure the impact of change on all key stakeholders. One effective way of doing that is by embracing the principle of change curves: a popular model organisations can use to understand the different stages people and the organisation go through when a change occurs.

An effective strategy involves mapping stakeholders against this curve, whether as individuals or groups, during project check-ins. This approach can help project leaders gauge the current position of every team member on the curve, the impact of the project’s upcoming phase on them, or their colleagues, and additional support measures that could be implemented. Such an assessment facilitates a more tailored and effective change management strategy, ensuring stakeholders are adequately supported throughout the transition.

Not everything will run like clockwork, of course, no matter the change management approach that is put in place. Challenges, setbacks, and opportunities for improvement are inherent to any process, but proactive anticipation and planning for potential worst-case scenarios and unintended consequences significantly enhance our ability to support our colleagues and teams effectively. This strategic foresight is crucial in managing transitions smoothly and realising the intended benefits of initiatives.

A positive route ahead

Change, especially in business, are inevitable and often aimed at fostering improvement and growth. However, the journey through change is deeply personal and varies from one individual to another. By acknowledging this, creating a supportive environment, and engaging with all stakeholders, organisations can navigate the complexities of change with minimal resistance and maximum efficiency.

Effective change management, therefore, is not just about the technical implementation of new systems but about genuinely listening to and working with people to adapt and thrive in new circumstances. It’s about understanding the nuanced ways teams operate, the unofficial shortcuts and workarounds they’ve developed, and considering the broader implications of change beyond immediate operational efficiencies. Through a thoughtful approach that anticipates challenges and values stakeholder input, organisations can not only manage change but turn it into a catalyst for positive transformation and growth.

It is clear then that while people may inherently dislike change, with the right conditions, support, and leadership, the transition can become a journey of collective progress and innovation. Change, managed well, can transform the initial discomfort into an opportunity for development, making the once feared ‘sky falling in’ scenario a launchpad for reaching new heights.

Continue Reading

Business

Embedded finance: What consulting firms need to know

By Michael Pierce, VP of Sales at Toqio

Consulting firms are the architects of change in the business world, offering insights and solutions that guide companies toward growth and success. They navigate the intricate landscape of markets and industries, providing invaluable advice to their clients. In this evolving milieu, an opportunity is arising as embedded finance enters the scene, creating a unique and prospectively vital synergy between consultants and platform providers.

Embedded finance, especially within the scope of B2B enterprises, is a hot topic right now among consultancies and the outlook seems to be quite positive.

To date, much of the initial traction in embedded finance has been in the consumer sector, with products such as no- or low-interest financing, buy-now-pay-later (BNP), and others. On the B2B side, there is an increasing amount of mobilization. In recent months we’ve seen incumbent banks either entering the banking-as-a-service (BaaS) market or enabling their services through open banking partnerships, while strategy firms are busy advising corporate entities on the potential routes they can take. Early adopters have already made embedded finance a cornerstone of their digital or financial transformation programs: MVPs and proofs of concept have been on the rise.

As we all peer forward, the market is starting to look for scalable use cases to take advantage of these massive, predicted opportunities. Companies are searching for solutions that go beyond the hype.

For consulting firms, the messaging remains positive. The fundamentals of embedded finance drive strong service revenue. Even more importantly, the business cases for their clients stack up as well. Numerous opportunities are on the table when consultants incorporate embedded finance platforms into their projects, including increased revenue, improved retention rates, access to a wider range of data for better decision-making, and many more.

Adaptability delivers excellent results

Embedded finance helps to break down barriers faced by many companies when trying to access affordable financial services. By integrating financial services directly into the supply chain, companies can enjoy many benefits, such as liquidity management, credit accessibility, risk mitigation, and many others. That’s one of the reasons why embedded finance platforms are proving to be the latest addition to the consultant’s toolkit. They offer a wide array of solutions that enable businesses to integrate financial services into their products and services. What makes embedded finance platforms especially appealing to consultants is their adaptability and scalability.

Consulting firms understand the need for versatile solutions capable of addressing various business requirements. Versatility and adaptability are key, giving consultants the flexible tools they need to deliver on time and within budget.

Embedded finance platforms are a natural extension of consulting firms’ capabilities as they offer a comprehensive range of financial solutions that integrate perfectly into existing business processes. This alignment provides consulting firms with several advantages, such as  enhanced client services, data-driven insights, streamlined processes, scalability, and versatility.

A match made in finance

The compatibility between consulting firms and embedded finance platforms is readily apparent. Consultants excel at diagnosing business issues and embedded finance platforms provide a precise prescription for financial enhancements.

There is an extensive list of benefits that consulting firms can get from platforms like this. Diversifying their business is just one of them as embedded finance platforms augment the services that consultants offer. They allow consultants to present clients with solutions for intricate business ecosystem operations, such as payment processing, receivables management, and liquidity optimization.

Partnering with an embedded finance platform can also open up new revenue streams as well as being able to scale the solutions built with more agility. Consultants can use them to address the unique needs of projects of any size, whether working with an SME or a multinational enterprise.

The relationship between consulting firms and embedded finance platforms isn’t just about expanding services, it’s about offering integrated financial solutions that improve efficiency, profitability, and competitiveness. This partnership drives results. In a world where businesses seek comprehensive solutions, embedded finance platforms empower consulting firms to address complex financial challenges effectively.

Continue Reading

Copyright © 2021 Futures Parity.