The causes of common cyberattacks may no longer be a mystery to state and local governments, but the ability to stymie them remains a challenge.
According to Verizon’s 2022 Data Breach Investigations Report, the public sector experienced the second most attacks following the entertainment industry, and more than 80% of breaches involved the “human element,” including phishing, use of stolen credentials or user error.
“Hackers prey upon the customer service aspect of county employees,” Rita Reynolds, Chief Information Officer for the National Association of Counties, said in an email. When an email comes in from what seems to be their boss, a vendor or even a resident, government staff members may want to answer the sender as soon as possible.
“That desire to be prompt and successful in filling the request can oftentimes result in a county employee maybe not paying closer attention to the authenticity of the email,” she said.
Plain curiosity is another culprit, said Arun Vishwanath, chief technology officer of the cybersecurity research and advisory firm Avant Research Group.
Even if an organization deactivates links sent through email to prevent users from clicking on them, it is likely employees will copy and paste the URL into their browser anyway “because the primary reason for email is sharing data, files [and] links,” Vishwanath said. For instance, just scheduling an interview with GCN required sharing a video call link.
“If I couldn’t click on the link, I would figure out a way to do it,” Vishwanath said. That means agencies must first understand why their staff overlook anti-phishing awareness campaigns or training exercises before they can establish a lasting solution.
Other anti-phishing techniques, such as email banners that warn users of suspicious content or contacts, are commonplace across ..
Support the originator by clicking the read the rest link below.
