No matter how strong your agency's technical cyber defenses may be, it's impossible to protect against every cyber threat. Attacks targeted at human employees, such as phishing or other social engineering ploys, have become increasingly sophisticated.
Cybercriminals have long been able to replicate the appearance and tone of a company's communications or spoof the email addresses of trusted contacts and companies. Now they also use artificial intelligence (AI) tools, such as malicious chatbots, to make their attacks even more difficult to spot, according to the recent article in Independent Agent magazine, “AI Changes Phishing Attacks: How Firms Can Protect Themselves," by Leann Nicolo, incident response lead at Coalition, a Big “I" Alliance Blue partner.
AI can also “scrape a business' social media profiles, corporate websites and publicly available data to create emails tailored to specific individuals," Nicolo wrote.
Given that more than two-thirds of all cyber breaches are linked to human error, it is important to stay vigilant against phishing and other types of social engineering attacks. One way to help protect against these risks is to conduct regular security awareness training and phishing simulations with your employees. Coalition has found that employee training programs can reduce cyber risks by up to 60% within one year, according to its latest “SMB Cyber Survival Guide."
Technical access controls remain another important consideration. While requiring strong, complex passwords is critical, employing some form of multifactor authentication (MFA) helps prevent a breach even when passwords—the first factor for access—might be compromised. While MFA may not stop all social engineering attacks, it is one more hurdle between bad actors and sensitive data.
Certain regulators, such as the New York Department of Financial Services, have also begun to roll out or consider broader requirements for the use of MFA or equivalent authentication methods.
Some helpful resources on these and additional cybersecurity issues for members include:
If you have further questions, please contact Carla McGee at Big “I" Alliance, Scott Kneeland and Eric Lipton at the Big “I" Office of General Counsel, or Ginny Winkworth at ACT.