“In 2016, there have been [cyber security] breaches involving 30,000 US Department of Justice employees, 2.2 million patient records from a large oncology practice, 1.5 million Verizon Enterprise Solutions customer records, and nearly 150 million accounts with major email providers including Yahoo, Hotmail, and Gmail.” *
And this isn’t a comprehensive list of attacks by far!
You’d probably be surprised to hear how often you’re the target of cyber security (and more specifically, social engineering) attacks, and what type of attacks you face. The recent uptick in “machine learning” has made it easier and faster for cyber criminals to hone their techniques.
Machine learning is a type of artificial intelligence providing computers with the ability to learn without being programmed – or to learn by example.
For example, “In 2016, we have seen enthusiasts and professional data scientists teach machines how to write Shakespearean sonnets, compose music, paint like Picasso, and defeat professional Go player Lee Sedol.”* Machine learning inspired attacks have risen and the FBI-labeled “Business Email Compromise” (BEC) scams been increasing (starting in 2015).
During a BEC scam, cyber criminals use social engineering to trick a targeted individual at an organization into transferring funds to a fake bank account.
Criminals often sell the data from these types of breaches – and use it to train predictive models to identify future targets. “According to the FBI, more than $3 billion has been stolen, with victims in all 50 states and 100 countries.”
What’s more, experts predict, “In 2017 and beyond, we might even see purveyors of data theft offering ‘Target Acquisition as a Service’ built on machine learning algorithms. [Looking ahead,] the accessibility of machine learning will accelerate and sharpen social engineering attacks.”
Avoid being a victim – be a skeptic, be knowledgeable, be vigilant
To prevent becoming a victim of a social engineering attack, the Department of Homeland Security has some tips. Be suspicious of unsolicited contact from individuals seeking organizational data or information. Do not provide personal information or passwords over the phone. Pay attention to website URLs that use a variation in spelling or different domain (e.g. .com vs .net). Verify a request’s authenticity by contacting the company directly. And finally, maintain anti-virus software, firewalls, and email filters.
In addition, participate in organizational training opportunities – and read cyber security articles, such as those here on our blog or at www.csoonline.com. NextGen Healthcare is committed to fighting social engineering attacks. If you have questions or want more information about machine learning or social engineering attacks, reach out to us.
*Source: McAfee Labs 2017 Threats Predictions Report (published November 2016)