Cybercriminals are evolving their phishing methods, employing more sophisticated social engineering tactics to deceive their targets.
Recent findings from ESET’s APT Activity Report highlight a concerning trend where threat actors are establishing relationships with potential victims before deploying malicious content.
This shift in strategy makes it increasingly challenging for employees to identify and avoid phishing attempts.
North Korea-aligned groups, including Deceptive Development and Kimsuky, have been observed using fake job offers and interview requests to initiate contact with targets.
Only after building rapport do they deliver malicious payloads.
Similarly, the Lazarus group has been impersonating recruiters on professional networks, distributing trojanized codebases disguised as job assignments with the aim of cryptocurrency theft.
The Human Element: A Critical Vulnerability
The human factor remains a significant vulnerability in cybersecurity. Verizon’s 2024 Data Breach Investigations Report reveals that 68% of breaches involved a non-malicious human element, such as falling victim to social engineering attacks.
Phishing and pretexting via email accounted for 73% of these breaches, with pretexting surpassing traditional phishing in frequency.
These human-centric breaches are not only prevalent but also costly.
According to IBM’s Cost of a Data Breach Report 2024, the average business loss due to phishing has reached USD4.88 million per breach, making it the second most expensive type of attack after malicious insider incidents.
Mitigating Risks Through Awareness Training
To combat these evolving threats, organizations are turning to comprehensive cybersecurity awareness training.
ESET has launched its Cybersecurity Awareness Training program, designed to educate employees about current cyber threats and help businesses meet compliance and insurance requirements.
This training adopts a story-driven approach, engaging employees in understanding common bad habits that can endanger the entire company.
It also provides insights into threat actors’ mindsets, explaining how they exploit social network profiles to guess passwords or impersonate targets.
The ESET training program is part of a broader prevention-first approach, which aims to shrink the attack surface while reducing the complexity of cyber defense.
By combining employee training with multilayered security solutions like ESET PROTECT, organizations can better prepare themselves against the ever-evolving landscape of cyber threats.
As phishing techniques continue to advance, it’s clear that a well-informed workforce is crucial in maintaining a strong cybersecurity posture.
By investing in high-quality awareness training, businesses can empower their employees to recognize and thwart even the most sophisticated social engineering attempts.
Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup ->Â Try for free
