Social engineering attacks were responsible for the majority of business breaches in 2020

Cybercriminals use a broad range of malicious tactics to exploit unsuspecting victims. However, some of their methods prove to be more effective than others.

According to the data presented by the Atlas VPN team, social engineering cyberattacks were the primary cause of company breaches in 2020 at 14%, followed by advanced persistent threats, unpatched systems and ransomware.  As a result, learning to prevent social engineering attacks needs to be a top priority for businesses.

With social engineering attacks, criminals use a broad range of manipulation tactics to trick victims into giving out sensitive information or making security mistakes, such as revealing passwords, bank information, or giving away access to their devices.

The figures are based on the global State of Cybersecurity Survey by ISACA®, conducted in Q4 2020. The survey collected data from 3,659 respondents who hold the ISACA Certified Information Security Manager® certification. Respondents come from over 120 countries and more than 17 different industries.

Advanced persistent threats were the second most common cause of hacks in 2020. It is a prolonged and targeted cyberattack in which an unauthorized party gains access to a system or network, usually for the purpose of data theft. This attack type was responsible for one-tenth (10%) of breaches affecting businesses in 2020.

Besides cyberattacks, internal security issues were also a significant source of company compromises in 2020. Leaving a system unpatched and vulnerable can invite troubles for an organization and was the reason for 9% of all breaches. 

Ransomware,  a form of malware that encrypts a victim's files, also made significant damage to businesses last year. Along with unpatched systems, it was responsible for 9% of business hacks.

Other causes behind company breaches in the top five include denial of service attacks (8%), security configurations (8%), and incidents attributed to the third party (7%).

Overall, 35% of organizations claim they experienced an increase in attacks compared to a year ago, with over one-fifth (23%) of companies stating that threat actors took advantage of the COVID-19 pandemic to disrupt organization’s activities.

Companies fear cyberattacks will damage their reputation

No company is immune to cyberattacks, while their consequences can be devastating. Naturally, companies are concerned about cyberattack threats.

Corporate reputation is increasingly being recognized as the most important strategic asset in a company's value creation. Therefore, the number one concern for organizations regarding cyberattacks is the damage to a company's reputation. A whopping 78% of companies are afraid cyberattacks may harm their company’s image.

Next up is data breaches resulting in customer physical or financial harm. No business would survive without customers. Hence, damage to clients is a major worry for 69% of organizations.

A little under a half of companies (49%) are also distressed about cyberattacks on the supply chain or business disruption. SolarWinds' hack, which occurred in early 2020 and affected 18,000 of its clients, serves as a grim reminder of how devastating such attacks can be.

Meanwhile, over a third (32%) of businesses are concerned about losing proprietary trade secrets,  followed by damage to professional reputation (29%). Other worries include organization stock price or financial performance (28%), organization job security (24%), and personal job security (20%).

Statistics also indicate that 83% of UK businesses face high risk of phishing attacks.

5 tips for avoiding social engineering attacks

Social engineering attacks are highly effective because they use various physiological tricks to take advantage of the victim. However, there are several steps you can take to reduce your chances of falling victim to cybercriminals' schemes. 

1. Do your research. Cybercriminals frequently use a sense of urgency to get you to act before you think. If you receive a highly urgent message, take the time to investigate whether it is credible. For example, you can message a specific person via another communication channel to find out if they sent you the message or request additional identity proof.
2. Secure your devices. Ensuring your devices are well protected is crucial for preventing any type of cyberattack. Make sure your software is always up to date and has the latest security patches, use two-factor authentication where possible, never reuse the same password for different accounts, make sure to have a VPN on whenever browsing online and take advantage of anti-virus software.
3. Configure your email spam filters. Reduce your chances of falling for social engineering attacks by taking advantage of the spam filter offered by your email provider. Set the filtering settings to the highest level to make sure it blocks as many malicious emails as possible.  Spam filters use various information to determine whether an email is spam, including sender's ID, IP address, attachments, link, and other email content.
4. If it sounds too good to be true, it probably is. If you received a message about winning a lottery that you never even entered or about a mysterious inheritance left to you by a person you never heard of before, it is definitely a scam. Always ask yourself whether a certain scenario is realistic before taking any action.
5. Keep yourself informed. Finally, set aside some time to educate yourself on the most recent cyber threats. You will then be aware of any new attack methods as they emerge, making you far less likely to fall victim.