Is your human resources department more vulnerable to cyber crime?

Cybercriminals see HR departments as a weak link in an organization's systems, a report by Verizon finds.
29 May 2018

Is your HR department safe from cyber-crime? Source: Shutterstock

Today we are seeing the increasing adoption of emerging technologies by individuals, companies, and governments.

While these technologies come with many advantages, they’re also the reason many new-age virtual vulnerabilities and threats exist today, and each brings massive risks for businesses.

A look back at the WannaCry ransomware attack last year ago reveals the profound impact cybercriminals can have.

The attack affected millions of individuals, thousands of companies, and bought with it disruptions to critical services.

While big attacks such as WannaCry have alerted more people to become aware of the risks involved with data, companies fail to prepare.

According to The Verizon 2018 data breach investigation report released last month, cybercriminals are increasingly targeting HR departments within organizations.

HR departments are becoming a popular target for cybercrime. Source: Shutterstock

The report, currently in its 11th edition, analyzed over 53,000 ransomware incidents and over 2200 cybersecurity breaches from 65 countries and 67 organizations.

Among the findings was the discovery that ransomware attacks have doubled since 2017 and are increasingly targeting businesses critical systems.

HR departments are being targeted in order to steal data regarding employee wages and taxes in order to be misused for tax frauds and rebates. Last year 170 of these instances were reported compared to 61 in the year prior.

The increase of “pretexting”

Furthermore, it was found that instances of “pretexting” – a social engineering technique in which the perpetrator creates false situations to obtain sensitive information – has gone up over five times in the last year.

It was reported that financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all beaches investigated.  Emails were the main entry point for 96 percent of these cases.

According to the report, cybercriminals are increasingly exploiting the ‘human factor’ and targeting non-IT staff- who they believe to be the most vulnerable and easy to manipulate.

Bryan Sartin, executive director of security professional services at Verizon, explained:

“Employees should be a business’s first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are essential. It only takes one person to click on a phishing email to expose an entire organization.

“Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on a brand, reputation, and the bottom line.”

It is clear from the report that the number of attacks on critical business systems is increasing at a very fast pace. In order to help your business mitigate against these risks, you must ensure your security procedures are up to scratch.