With the threat landscape in constant change, Junglemap does a thorough update every year. Joakim Hvalby, Program Manager Information Security and Privacy at Junglemap, lists five new topics worth paying attention to in this year’s edition.
1. Bridge the physical and technical security domain
Information security is not only about what happens within digital systems or in the cloud. The way we handle our devices, charge our phones, share our passwords, handle physical documents, and office security, amongst other things, are also important parts of our information security behaviour. The criminals will look for any open access to your information: Gaining access to an office space, planting key loggers revealing credentials, or retrieving passwords on Post-Its “safely” stored under computer keyboards, are great ways to get access to your information.
2. Development in phishing using QR code
Ever heard of quishing, or QR-phishing? With the frequent use of QR-codes, more and more threat actors use this as an entry point to lure users to fake websites. As more people have gotten used to checking links before they click, the threat actors have started to use QR codes instead. People are often much less used to handling these with a critical eye, and QR codes are more difficult to check if they are safe.
3. Focus on digital footprint – give attackers less information
Our private online habits often effect our work-related digital presence. Answering a quiz on Facebook may seem like harmless fun. But adding private information to your online presence gives threat actors more to work with. People seeking to launch a successful attack are dependent on information about you to launch an attack that is more likely to succeed. The less information they can find, the less of an accurate attack they are able to craft.
4. The AI aspect
AI is the double-edged sword of cybersecurity. On the one hand, it’s allowing threat actors to come up with more sophisticated attacks than ever before. But if used wisely, it can also strengthen cyber security. In this ongoing battle between attackers and cybersecurity experts – end user awareness becomes even more important. A phishing e-mail which previously could easily be identified as malicious because of bad language and generic content not relevant to you, is now increasingly harder to identify because of AI. AI technology can now sweep the internet, compiling publicly available information about you, and use this information to craft a phishing e-mail in your local language without spelling errors. This means that you have to be even more aware than ever before.
5. Remote work beyond the home office
For an increasing number of people, working remotely in 2023 does not mean working from home. With connected devices, people work from the bus, the coffee shop, vacation resorts etc. Very convenient, but this development comes with a new set of security issues. It places an increased responsibility on us to work in a safe manner. Not leaving your devices unattended when going to a restroom whilst working in a café, not spilling company secrets in a work meeting held when on the commute home, and being aware that people might see the information on your screen are some of the behaviours we have to avoid when not working from the office. It’s also important to remember that we have to report all security incidents even though the helpdesk is not just a short walk away, as it is in the office.
Read more about the 2024 edition of Information Security Awareness for all employees here
