“To make your organization more secure, the answer is, was and always will be in people.”
Jenny Radcliffe is the Founder and Director of Human-Centered Security, a social-engineering-focused cybersecurity firm.
Radcliffe is known as “The People Hacker”. She is hired by organizations to target their staff members with social engineering, and to leverage psychology and emotions to find vulnerabilities in the human side of their operations.
When the pandemic struck, Radcliffe saw malicious actors take advantage of the chaos and leverage pandemic-themed social engineering within their campaigns.
Here’s what Radcliffe saw.
Criminals take advantage of the chaos
Radcliffe knew that criminals would see COVID-19 as an opportunity.
She was right. As soon as the pandemic struck, and workers were sent home, she saw scammers and con artists rush to take advantage of the situation.
Criminals used every possible means of contact to reach their victims. Radcliffe saw a surge in phishing emails, spear phishing emails and smishing texts – all with a new pandemic flavor that used COVID-19 as a pretext to capture their victim’s attention.
For criminals, the timing was perfect. Their victims were already in a heightened emotional state. They were already flooded with communications. And they were separated from their colleagues and security staff.
Soon, Radcliffe saw a surge in the success of these attacks.
Closing today’s human-centered vulnerabilities
While the initial chaos of the pandemic has calmed down, workers are still at home and remain vulnerable to social engineering attacks.
Radcliffe offers a few pieces of advice to organizations looking to close these new human-centered vulnerabilities.
Educate your staff on what a threat looks like.
Give them a clear point of contact to report potential threats.
And make sure they know they won’t be blamed if they are the one compromised.
To dive deeper into Radcliffe’s story, and to learn more about what happened when the world stayed home, explore world-at-home.tanium.com.