Human-targeted attacks are becoming increasingly virulent in 2023, and this demands that companies and individuals re-evaluate their vigilance.

These statistics only scratch the surface of the problem. The challenge lies in navigating the increasing wave of social threats to protect both organisations and individuals. Cybercriminals continually evolve and enhance their tactics, further complicated by the emergence of Artificial Intelligence (AI) and automation in cybercrime. These technologies not only empower organisations in terms of security but also enable cybercriminals to improve their own methods. AI allows cybercriminals to automate various stages of an attack, including reconnaissance, target selection, vulnerability scanning, and exploitation. AI-powered tools can quickly identify potential targets, assess their weaknesses, and launch attacks at scale, increasing the efficiency and speed of their operations.

In 2023, AI has demonstrated impressive language communication abilities. Scammers’ emails are no longer riddled with errors, and social engineering attacks have become less obvious due to these advanced tools. Attackers can now scale their efforts, targeting larger groups while employing new social engineering techniques. Aware of individuals’ growing awareness, attackers utilise more sophisticated methods and create compromising situations that attract unsuspecting users.

Identifying and defending against such attacks will only become more challenging for individuals, especially with the rise of hybrid and remote working, which increases the frequency of targeting remote workers and the supply chain. Moreover, the increased adoption of Internet of Things (IoT) devices adds to the complexity.

Reliance on digital devices and online services for work and personal activities has significantly expanded the attack surface for cybercriminals. Many individuals and organisations have embraced cloud-based services, which, if not properly secured, will introduce new security risks. Moreover, people themselves are a significant vulnerability due to now operating outside of the traditional borders of the corporate network.

People are susceptible to social engineering tactics due to a lack of awareness and understanding of cybersecurity best practices. They often fail to follow security protocols, use weak passwords, remain uninformed about the latest threats, and lack access to training and insights for effective security management. In this environment, it is crucial for both companies and individuals to become more aware of the risks. Companies must prioritise training, awareness programmes, and testing, while individuals should educate themselves about the risks and the potential long-term consequences of a simple mistake.

Every individual in every organisation should be familiar with cybersecurity best practices, such as creating strong and unique passwords, avoiding password reuse, regularly backing up data and the major fatal error most make, don’t click on links from unknown emails. Companies need to ensure their systems and software are always up to date, including patching, having tooling to identify zero-day threats and vulnerabilities. They should also collaborate with reliable security vendors who can provide real-time data and telemetry about who and what is connected to their network or application, and how these are being used.

These initial steps lay the foundation for a robust Human Risk Management (HRM) programme and a security-first culture within the business. HRM programmes effectively mitigate the risks associated with human error by providing regular security awareness training, establishing clear security policies and procedures, and integrating security into performance evaluations. When combined with top-down leadership and a commitment to continuously improving security practices, this fosters a culture of security and reinforces the importance of individual behaviours.

Looking ahead, companies must prioritise these security habits and best practices to proactively address threats and minimise risks. While no security system is flawless and mistakes can happen, this approach and a trusted security service provider ensure preparedness even in the face of worst-case scenarios.