Last Updated: 6 Sept June 2022
What the C-suite needs to know to secure their digital footprint.
Quiet quitting is making headlines on social media channel as the research and frustration are real. Your employees are either on the verge of burnout or not engaged to go above the bare minimum. This is true for more and more organizations who grapple with the ripple effects of the Great Resignation.
There is no doubt that without people-centric leadership driving change from the top down in building and maintaining a healthy culture, what we are experiencing will just be the tip of the iceberg. One of the invisible risks which is already materializing in the workforce is the spice in social engineering attacks.
A survey of 850 IT and security professionals located in the U.S., Canada, U.K., Germany, Australia and New Zealand found almost half, 48 percent, had been victims of social engineering and had experienced 25 or more attacks in the past two years. Social engineering attacks cost victims an average of $25,000 – $100,000 per security incident, the report states. Hackers today leverage a variety of techniques and social networking applications to gather personal and professional information about an individual to find the weakest link in the organization
It is no secret that a distracted workforce, an unengaged workforce and a stressed out workforce leads to easy preys for criminals to execute their cyber scams and frauds on your employees. Whether it is opening your front door by stealing passwords and gaining access to your organizational cloud architecture as business email compromise continues to be a global leading cause for cyber breaches. Or hacking into people’s professional devices through unsecured Wi-Fi spots, bypassing your VPN and getting access to your shareholder and stakeholder data which is managed through an Excel file.
Cyber criminals leverage endless creative ways to ensure they get a foot in the door, to prepare their ransomware attacks and other methods of data hijacking for malicious purposes.
The processes and technology will help you to a certain extent and serve as your first line of defense. But it is your employees that will act as your last line of defense and the question will always be: what can you do to make them care about securing your digital footprint?
The impact of weak ransomware resilience
Just hearing the word ransomware can send shivers up our spine, and many organizations are perhaps still in denial that it would ever happen to them. Ransomware is here to stay. As we continue to embrace digitization of our economies and societies, and as security conflicts keep perpetuating cyber warfare and cripple critical infrastructure networks around the globe, the gap between awareness and preparedness must be bridged.
Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
The consequences of ransomware can be devastating in business disruption, financial loss, litigation, and liability due to lack of due diligence. A weak employee experience will only add salt to the water by increasing human vulnerability to social engineering attacks.
A resilient employee experience matters
Cyber criminals prey on emotions of fear, stress, distraction to execute ransomware, in particular human operated ransomware. These are human emotions and require a human approach to help people transform vulnerability into empowerment.
“Forty-eight percent of people will exchange their password for a piece of chocolate, 91 percent of cyberattacks begin with a simple phish, and two out of three people have experienced a tech support scam in the past 12 months. What do all of these have in common? They use social engineering: when an attacker preys on our human nature to defraud. Also in common, these small, very human actions have led to billions of dollars of loss to global business.” Microsoft Source.
These 15 case studies of real-life social engineering hacks will help you understand how principles of persuasion, deception and scamming continue to increase the human surface attack. Principles of persuasion are used to get a foot into your organizational networks. The four stages of ransomware attacks all have a human factor, cannot be ignored.
Securing one’s user environment is no longer a nine to five job, but it must become a way of life where security transforms into a habit. Cyber criminals also use social engineering techniques to target family members by gaining information or creating spoofed accounts. This increases their success rate in installing malware or executing spear phishing attacks for preparing the ground for ransomware. Building an organizational culture and creating a psychological safe culture where employees can share any concerns, fears or questions early is of essence. A culture of shame can be your biggest roadblock to building a healthy security posture.
Roadmap for building human resilience
On Sunday 6th, March at 7 pm Brussels CET where I will break down human resilience strategies to help you build emotional firewalls against ransomware attacks.
I covered the building blocks of the ransomware stages, how ransomware is enabled through social engineering techniques and why humanizing ransomware resilience is at the heart of managing business at a time when cyber crime is soaring.
Top Insights from the session
- According to psychology, people are trained to not necessarily question authority. Instead, we are conditioned to respond and follow it, especially when using labels such as expert, CEO, Dr. etc.
- People tend to mimic what the majority of the group seems to be doing.
- People feel more at ease with people who share the same mindset, personality, and behaviors. Criminals and scammers develop a business case based on open-source intelligence, aka your data you put on social media to build rapport with their victims.
- Distracted employees are a leading cause for falling prey to social engineering attacks.
- Gartner predicts that in less than two years, CEOs will be held personally liable for cyber breaches within their organization.
- C-suite case studies in illustrating the link between emotional intelligence and mitigating ransomware risk.
01:33 Introduction Humanizing Ransomware Resilience
03:13 What’s in Store Today
05:35 Principles of Persuasion in Social Engineering and Their Use in Phishing
10:11 – Real life Case Studies of Social Engineering Hacks
15:27 Ransomware Stages
18:38 Empathy maps to humanize ransomware resilience
28:11 Your Roadmap to Human Resilience
3 Different Ways I can help you
What if you could learn more without booking a discovery call with a stranger who, in your map of the world, is going to try to sell you something? Highly agree!
That’s why I developed a virtual value proposition, explaining briefly in videos what problems I help my clients solve in three different ways.
- Access both virtual and in-person experimental learning trainings focused on building human resilience. Custom scenarios specific to your industry and sector.
- Need a little more help? My individual or group coaching plans can help you learn to lead your team through uncertain times and take them from chaos to clarity.
- My consultancy services in strategic stakeholder engagement and communication will help you drive employee resiliency as a transformational change program.
I also believe in talking less and listening more, but your time is precious. Why would you give me your time if you don’t know if I would be able to help you. Hey, I don’t even know, as I am not every business’ cup of tea either. But what I do know is that if you sign up for my free resiliency course below, you will become clear quickly if you want to go to the next stage and see if we have business chemistry.
I invite you to click on my value proposition, explore my offerings and course, and decide whether you are ready for the Discovery Call step where we both decide if Thrive with EQ is the right fit.