1) Users are the weak link in the chain – The main reason that these types of attacks are so successful is because employees haven’t the proper training and awareness when it comes to phishing. Research shows that 6% of staff never received security awareness training, users should be trained to be suspicious of unexpected emails they receive and any other scam they might find on social media.
2) Businesses are not performing sufficient due diligence – Businesses are not doing enough to reduce the risks that come with phishing and ransomware. They don’t have efficient enough backup processes in place, don’t identify the weakest users that need additional training and don’t have strong enough internal processes to prevent fraud.
3) Criminal organisations are well funded – Criminal funding has grown their ability to develop their technical skills and complete more sophisticated attacks.
4) Cyber criminals are shifting their focus – The amount of stolen card data that you can find on the dark web nowadays has decreased their value, so criminals have shifted their focus on to new ways to earn money. They have found ways to make money in information holders, who they target through phishing and ransomware attacks.
5) Widespread availability of low cost phishing and ransomware tools – Phishing kits and ransomware availability has allowed hackers to get into the market and compete with other criminals.
6) Malware is becoming more sophisticated – Since the first attempt at tricking users into clicking malicious links, time has gone on and criminal’s skills have improved.
A way to fight these attacks and ensure PCI compliance lies in the development of a strategy that surrounds people, processes and technology through raising awareness of these threats to all staff using staff awareness programs or dedicated E-learning courses. Developing processes that help employees take the best course of action in the event of an attack and implementing technology that can stop these attacks from happening.