Phishing threatens state and corporate cybersecurity
Thursday, February 16, 2023
Significance
One group is based in Russia, the other in Iran. The advisory highlights how little some of the primary tactics and techniques used by cybercriminals and state intelligence agencies have evolved over the last decade. It also underlines the difficulty of curbing such attacks.
Impacts
- Tactics used by cybercriminals and state hackers will continue to converge as both run up against tighter corporate cybersecurity.
- Similarities between criminal and espionage tactics will complicate attribution and cyberinsurance covering state-linked attacks.
- Tighter cybersecurity controls risk increasing employee fatigue with more complex protocols, and causing operational disruption.
- Workarounds to access links and attachments, such as forwarding messages to personal accounts, create new vulnerabilities.
- Corporate cybersecurity will need to assume the certainty of human error, but remedial measures such as training have an imperfect record.
Related articles
