Cybersecurity awareness training strengthens prevention measures against advanced hacking threats

by Daniel Hofmann, CEO of Hornetsecurity

The healthcare industry was recently hit hard by data breaches due to a ransomware attack that disrupted hospital systems across multiple American states for over a week. Medical providers are being targeted by cybercriminals due to the sensitive information they keep — such as medical files and personal and billing information — which can be lucrative for cybercriminals to use or sell on the dark web. This attack underlines the importance of having proper cybersecurity measures in place, especially amid the rise of generative AI use, which can make ransomware attacks even easier for hackers to execute.

Generative AI has arguably been 2023’s biggest technology news following the release and ensuing popularity of the AI bot ChatGPT late last year. There are many benefits generative AI can offer, but professionals aren’t the only ones being aided by this new tool — cybercriminals are also using it to better take advantage of potential victims.

A cybercriminal’s work is now much easier thanks to generative AI. With only minimal information at hand, such as an email address or phone number, generative AI tools can search the Internet to find additional information such as job title, community affiliations, and more. This data allows hackers to tailor spear phishing emails to the individual, which can then be automatically generated. This makes it far easier to simultaneously create different versions and to fine-tune content based on success rates.

According to Hornetsecurity’s Cyber Security Report 2023, over 40% of all email traffic consists of unwanted messages. Most of these can be considered spam — but about 5% pose a threat. Spear phishing remains the most popular form of cyberattack, and as such, companies should be aware of user habits that leave them vulnerable to these and other attacks. Spear phishing gives cybercriminals the chance to take advantage of victims through personalized emails that can now be generated in a matter of seconds.

Previously, cybercriminals had to invest considerable effort to cover spear phishing attacks. This required “experts” to scour the Internet for information about potential victims. Additional people were also needed to create bait messages or infiltrate the targeted companies and organizations. However, with the rise of generative AI, spear phishing threats are expected to increase as this new technology simplifies this process by completely automating these tasks.

To combat these new techniques, companies must strengthen their cybersecurity defenses through increased IT security measures such as email filters, firewalls, network and data-monitoring tools, regular software patches and two-factor identification (2FA) methods. However, they must additionally focus on their security awareness training protocol, making proper, ongoing training a necessity rather than an afterthought. These tactics help make employees a “human firewall”, which is further enhanced by implementing the “mindset, skillset and toolset” triad.

Mindset: raising employees cybersecurity awareness

Skillset: awareness training that combines e-learning, classroom training or simulations

Toolset: processes and tools that strengthens the security behavior of employees

To implement the actual training, Hornetsecurity created its Security Awareness Service — which sends automated, customized phishing simulations — alongside the Employee Security Index (ESI®). The ESI® enables IT security managers to continuously measure the security behavior of employees as part of the security awareness training program based on the phishing emails they open. This enables the right frequency of phishing simulations per user, as not every user learns and adapts their security behavior at the same speed. To ensure that the training is effective to optimal levels, the simulated spear phishing attacks are sent in an ongoing way, helping to prevent ESI® levels from dropping.

We expect the use of generative AI to become increasingly more widespread, and its abilities should grow as technology advances. Alongside this, cybercriminals will find new techniques to take advantage of generative AI’s power. It is imperative that companies and employees stay ahead of the curve by making cybersecurity awareness a priority. A company is at its safest when employees are knowledgeable about potential spear phishing attempts and the steps needed to prevent a possible hack of sensitive information.