26 September 2023

Weak links: How hackers home in on hapless employees

Start the conversation

Valerie Bolden-Barrett* says new research highlights how hackers target an organisation through its employees, tricking them into opening unknown files or clicking on suspicious links.


Photo: Javier Quesada

Unsuspecting workers open unknown files and click on questionable links when snared by cybercriminals, according to new data from Positive Technologies (PT).

In the report Social Engineering: How the Human Factor Puts Your Company at Risk, PT tested the success rate of certain hacking attempts by imitating hackers’ behaviour, which entailed sending employees emails with links to websites, attachments and password entry forms.

Test results show employees not only routinely open unknown files and click on suspicious links, but also correspond with attackers.

Although most employees (88 per cent) work outside of IT, 3 per cent of security specialists also fell for the hacking tricks.

PT said cybercriminals use fear, hope, greed and other emotions to make their attacks seem more authentic.

They use subject lines such as “list of employees to be fired” or “annual bonuses” to elicit responses.

To reduce the risk of social engineering attacks, PT said employers should hold regular training sessions that test how well employees follow security principles.

PT’s testing shows how easily unsuspecting employees can be cajoled into going on fake websites or giving away passwords.

Employees are, for better or worse, your organisation’s first line of defence against cybercriminals; the right training is key.

As a 2017 Harvard Business Review study shows, hackers don’t need complex technical skills to break into an organisation’s network; they only need trusting employees who will lower their guard and take the bait.

One important note: a Willis Towers Watson study found that 90 per cent of cyber risks were the result of human error and 66 per cent were caused by employees’ negligence or maliciousness.

Only 18 per cent of cyber breaches came from external sources.

Employers need to be as vigilant about securing their systems from internal breaches as well as external causes.

HR can partner with IT to draft security rules for the workplace that are easy to understand and follow.

Once employees are aware of the many schemes and tactics hackers use to get at vital information, employers can create a more solid cybersecurity strategy.

This increased protection also applies to customers, vendors and others who correspond with an organisation.

* Valerie Bolden-Barrett is a business writer and content specialist.

This article first appeared at www.hrdive.com.

Start the conversation

Be among the first to get all the Public Sector and Defence news and views that matter.

Subscribe now and receive the latest news, delivered free to your inbox.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.