News recently broke that the emails of over 350k clients of the Oregon Department of Human Services (DHS) have potentially been compromised after 9 employees were the target of a spear phishing campaign. It left 2 million emails potentially exposed.
Expert Comments Below:
Jonathan Deveaux, Enterprise Data Protection Specialist at comforte AG:
“It seems no matter how much training and awareness that is provided, the human element remains the weakest link in the cybersecurity chain. The problem is not entirely the employees’ faults, as hackers and attackers are improving their tactics to trick employees into clicking on links infested with malware. A determined attacker may go as far as designing an email to look authentic and even read as if clicking on the link is the right thing to do.
“What is clear is that human activity in cyber-space is still susceptible to data breaches, leaks, or exposure. Therefore, companies need to take a more active approach to safeguard their businesses from cyber-attacks. AI can help determine if emails should be captured and quarantined before even getting to employees’ inboxes. De-identifying sensitive data can also ensure that the data a cyber attacker is usually after has no exploitable value. Continued awareness training, education, and communication can help reduce the likelihood of humans clicking on malware-laced links, even though the possibility is highest among threat vectors.”