- Bye bye, Wi-Fi: this low-cost adapter lets you set up a wired network without running ethernet
- No, AI won't revolutionize shopping - but this will
- How to watch Super Bowl 2025: Every streaming option
- This stylish power station kept my home running during an outage and it's on sale
- I changed these 6 Samsung TV settings to give the image quality an instant boost
Exploring the Vishing Threat Landscape
Voice phishing, also known as vishing, represents a growing threat to organizations worldwide. Keepnet’s 2024 Vishing Response Report illuminates the alarming statistic that 70% of companies are prone to voice phishing incidents, particularly in the Manufacturing & Engineering sectors.
These sectors often encounter substantial financial repercussions, with organizations facing potential losses averaging $14 million annually due to vishing attacks. Keepnet’s report underscores the urgent need for companies to bolster their defenses with targeted training and simulation exercises designed to enhance employee awareness and readiness against these voice-driven scams.
Deepening Understanding of Vishing’s Impact
Voice phishing exploits the human element of business operations, where trust and communication are fundamental. Attackers often use sophisticated AI technologies to mimic legitimate entities, making fraudulent communications seem more authentic.
This manipulation taps into the natural human tendency to respond to urgent requests from what are perceived as trusted authorities. The consequences of such breaches extend beyond immediate financial losses, potentially causing long-lasting reputational damage.
To counteract these risks, organizations must implement comprehensive and continuous training programs. These programs should educate employees on the nature of vishing threats and provide them with the tools and knowledge to respond effectively to suspicious calls.
Why Voice Phishing is Critical
Voice phishing tactics are varied, aiming to:
- Capture login credentials for enterprise systems.
- Initiate unauthorized password resets.
- Facilitate fraudulent financial transfers.
Advanced techniques, including spoofed Caller ID and deepfake audio, enhance the authenticity of these attacks, making them more difficult to detect.
Insights from Keepnet’s Vishing Research
Keepnet’s extensive study, which included over 3,000 calls made through Keepnet’s Vishing platform, revealed significant vulnerabilities across various sectors and roles within organizations.
The Manufacturing & Engineering and Entertainment & Media sectors emerged as particularly susceptible, often due to less rigorous cybersecurity training protocols and resource allocation.
Figure 1: Industry Vulnerability Against Vishing Attacks
Additionally, roles such as Customer Support were identified as high risk, given their frequent external communications.
Figure 2: Department Vulnerability Against Vishing Attacks
Departments such as Customer Support are particularly vulnerable to vishing attacks due to frequent interaction with external parties.
Moreover, departments that show no incidents of vishing could either have robust security measures in place or simply lower exposure to these risks. Nonetheless, the notable rates of non-responses within these departments suggest a potential gap in security awareness.
Moving Forward with Vishing Defense
Given its escalating role in cyber threats, addressing vishing is imperative. Here are several strategies organizations can adopt:
- Tailor training to the roles most at risk, such as customer support and sales.
- Customize training modules to address industry-specific risks.
- Foster continuous learning and vigilance among employees.
- Encourage reporting of suspicious calls through a simplified process.
While vishing remains a potent threat, adopting strategic measures and utilizing effective tools can significantly mitigate risks. For comprehensive insights and strategies, refer to Keepnet’s 2024 Voice Phishing Response Report.
About Keepnet
Keepnet is a unified human risk management platform that includes a suite of phishing simulation and security awareness products designed to train and prepare employees against various forms of social engineering attacks:
- Email Phishing Simulation: Trains employees to recognize and respond appropriately to phishing emails, a common vector for cyber attacks.
- Smishing Simulation: As SMS scams increase, Keepnet’s smishing simulator helps employees identify and avoid SMS phishing attempts.
- Vishing Simulation: The cutting-edge vishing (voice phishing) simulator teaches staff to be cautious of deceptive phone calls.
- Quishing (QR Code Phishing) Simulation: With the rising use of QR codes, the risk of QR code-based phishing grows. Keepnet’s Quishing Simulator educates about this emerging threat.
- MFA Phishing Simulation: Multi-factor authentication is vital for security, but phishing attacks targeting MFA protocols are sophisticated. This simulator prepares employees for such attacks.
- Callback Phishing Simulator: This innovative tool trains employees to recognize and appropriately respond to callback phishing, where attackers manipulate victims into calling back on a malicious number or link.
Behavior-Based Security Awareness Training
Besides these phishing simulations, Keepnet emphasizes the importance of behavior-based security awareness training. This approach ensures that employees know the various types of cyber threats and are equipped with the knowledge and habits necessary to respond effectively.
Recognition by Gartner’s Voice of the Customer
Keepnet’s commitment to cybersecurity excellence is further validated by its recognition in Gartner’s “Voice of the Customer Report.” This acknowledgment highlights Keepnet’s role as a leader in the security awareness industry, committed to developing innovative, user-centric solutions to combat social engineering and enhance organizational security.
About the Author
Ozan Ucar is the founder and CEO of Keepnet. He is passionate about creating and delivering cutting-edge cybersecurity products that continuously protect businesses of any size from cyber threats.
Over 16 years in cybersecurity, Ozan has built and exited two successful startups. In 2008, he developed a new-generation firewall for my first venture. In 2010, he co-founded a cybersecurity consulting and training firm, serving clients globally, primarily in the EU and US.
Ozan’s core competencies include information security, network security, penetration testing, forensics, incident response, and cyber security awareness and education. He holds international ethical hacker certifications and accreditations. He is also a frequent speaker and contributor to national and international conferences, publications, and media outlets on various cybersecurity topics.
With Keepnet, he aims to provide an extended human risk management platform that continuously protects businesses of any size from threats targeting the human element! Contact Ozan on LinkedIn and visit our company website http://www.keepnetlabs.com/
