GRC in Malta: Governance and ESG – Navigating the Intersection between Profit and Purpose
by Ganado Advocates
5th April 2024
‘Social Engineering’ could be considered an art, as it entails creativeness and great imagination. Unfortunately, unlike beautiful artifacts, this art aims for the manipulation of human mind.
Influencing a human target, to perform the desired task or to divulge valuable information, requires skills, responsiveness and overall, an artistic behavior with a proper mindset. It aims to succeed weaknesses exploitation, with material impact to those which lack subject knowledge. However, if a fraudster is not equipped with such ‘charismas’, guidance on how to manipulate is available at the bad actors’ chart forums, like the darknet, where hacking services are also facilitated via specialized Software as a Service (SaaS) applications.
But let’s go from the top, what is Social Engineering? Blandly, it is the science of people Hacking. A term that came with the rise of cyberspace, which paved the way to blossom into what it is today. An average person at present may be familiar with the term given the cyberspace terminologies, however, excluding the elderly which until recently had no interaction with the internet. The elderly group has become the focus target for Hackers, with no signs of remorse, which highlighted even more the criticality of the subject.
As per the Federal Bureau of Investigation (FBI), ‘US citizens lost over $10 billion due to phishing calls by illegal Indian call centres in 2022. Most of the victims of these fraud calls from Indian phishing gangs were elderly US citizens above the age of 60 years who lost over $3 billion’.
As a response to the above, whilst recognizing the criticality of the subject, organizations invest on the personnel training. Infocredit Professional Education is one of the vocational training centers with specialization on Risk Related Seminars and facilitates customized seminars that aim to set the proper security culture to any individuals and company employees.
Evidently, as Covid-19 exponentially accelerated the dependency of people to the Internet, it triggered a great opportunity for hackers to exploit. Especially at present, where today’s network systems have grown stronger and not so easy to infiltrate. The bad actors are forcing to pursue back doors to security systems, while they manage to obtain assistance through the manipulation of human mind, that directly or indirectly controls internal systems and sensitive information.
Employees have become one of the biggest threats to an organization, despite the arrays of protections set in place, and the implementation of security standards including ISOs’. Consequently, social engineering is mainly used to succeed ease of malware infections, targeting data breaches or the control of information, which dramatically at an average takes months for companies to realize. Data breaches in 2019, while indicating a 33% increase from 2018, in the 1st quarter of 2020 rose to 273% with a trend that continues beyond 2021. Domestic and international losses are attributed to Business email compromises (BEC fraud) in the range of tenths of $ Billions.
Human risk is therefore an organizational issue, where security awareness is of the utmost importance to maintain, thus must encompass an appropriate security culture. A culture which is required to be continuously cultivated and monitored, as it never reaches full perfection given the dynamic environment of cyberspace. Training platforms have been developed and offered through SaaS applications, where company administrators are provided with tools to compose fake phishing emails aiming to test their employees’ knowledge, awareness, and thus reinforce them to sustain such attacks.
So, helpful for awareness and deterrence, is to know or remind some of today’s social engineering methods:
However, the challenge of enduring the above attack scenarios remains difficult, as it is continuously cultivated, refined, and redesigned to manipulate successfully human characteristics, like the curiosity, respect for authority, ignorance, greed, naiveness, and so on.
What are some of the signals that trigger suspicions, or tips to consider?
So where do we take it from here? It all starts with the basics. Education and awareness at all levels is key, on what social engineering is, latest trends and how it can affect us, our organization, or the overall society. Any relevant trainings need to be repeated at intervals to remind that the threat is always here and needs to be contained; it’s near everyone, we could be next, and should never let the guards down and be vigilant.
As for the landscape of Cybersecurity, it has become extremely volatile, stressful, and scary. Also, it is distant and almost unreachable by law enforcement, which do not seem to catch up to the fraudsters’ innovations, since the cyberspace environment is complicated with jurisdictional barriers and extreme monitoring difficulties.
Following are some of the major myths one should be reminded of, with respect to cybersecurity, and should not acknowledge the following statements:
In conclusion, always be aware and stay alert, the threat is imminent and can become personal.
About Infocredit Group
Infocredit Group is a leading provider of business intelligence and risk management solutions, including Credit Risk, AML/CTF regulatory compliance, Due Diligence and KYC.
Aiming to help businesses manage their risks emerging from credit exposure and regulatory compliance it offers a range of innovative, cost-effective, API-driven solutions, in affordable and efficient packages.
With a team of experts in the fields of Credit Risk Management, Debt Recovering, Call Center Services, AML/CTF compliance, KYC, Due Diligence, Fraud Prevention, ID Verification, ESG (Environmental, Social Governance) and Vocational Training, offers state-of-the-art customer-oriented solutions that meet the specific risk management needs of any organization.
With offices in Cyprus, Malta and UAE, with a presence in Greece and Romania, its services and solutions cover the international market for more than 50 years.