{ "id": 2616, "date": "2025-10-24T21:22:31", "date_gmt": "2025-10-24T16:22:31", "guid": { "rendered": "https:\/\/octosafes.com\/?p=2616" }, "modified": "2025-11-11T02:48:42", "modified_gmt": "2025-11-10T21:48:42", "slug": "cyber-risk-humans", "status": "publish", "type": "post", "link": "https:\/\/octosafes.com\/en\/cyber-risk-humans\/", "title": { "rendered": "Cyber \u200b\u200brisk & Humans" }, "content": { "rendered": "

Phishing Explosion in Canada<\/strong><\/h3>\n\n\n\n

The most vulnerable link in cybersecurity: humans<\/h4>\n\n\n\n
    \n
  • We see that in 2025, cybercriminals will target individuals more than systems with increasingly credible, personalized and localized phishing campaigns and the exploitation of human psychology for scams.<\/li>\n<\/ul>\n\n\n\n

    Problem:<\/strong> Today, phishing accounts for more than 70% of attack vectors in Canada (source: CCC \/ Canadian Centre for Cyber \u200b\u200bSecurity).<\/em><\/p>\n\n\n\n

    Worrying increase in phishing<\/h4>\n\n\n\n
      \n
    • Some recent figures:\n
        \n
      • More than 47% of phishing attacks reported in 2024 compared to 2022<\/li>\n\n\n\n
      • Most targeted sectors: Healthcare, education, municipalities, SMEs<\/li>\n\n\n\n
      • More than 90% of incidents due to the compromise of professional emails begin with simple phishing emails<\/li>\n\n\n\n
      • Phishing campaigns are increasingly targeting Quebec and local public organizations<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n

        Why Phishing Works<\/h4>\n\n\n\n
          \n
        1. Social engineering\n
            \n
          • Attacks are now contextual and personalized (Example: Fake Canada Post notice, Fake email from Management, or fake HR summons)<\/li>\n<\/ul>\n<\/li>\n\n\n\n
          • The post-pandemic context\n
              \n
            • With teleworking, information overload, and email management, people click faster and validate less.<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n
            • Human error remains unpredictable\n
                \n
              • Despite annual training, a tired employee may click at the wrong time. No technical tool can prevent 100% of errors in judgment.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n

                Real, fictional but probable case study<\/h4>\n\n\n\n

                In March 2024, a small business in Laval received an email that appeared to be from its equipment supplier. An accounting employee clicked on a link leading to a fraudulent login page and then entered her credentials. Within 48 hours, the cybercriminals had:<\/p>\n\n\n\n

                  \n
                • Accessed internal messaging<\/strong><\/li>\n\n\n\n
                • Edit bank details on PDF invoices<\/strong><\/li>\n\n\n\n
                • Wired $74,000 to a foreign account<\/strong><\/li>\n<\/ul>\n\n\n\n

                  Consequence: The shock was both financial and psychological because the company was not covered by cyber insurance, nor did it have an incident response plan.<\/em><\/strong><\/p>\n\n\n\n

                  Key recommendations<\/h4>\n\n\n\n
                    \n
                  1. Train Differently:\n
                      \n
                    • Interactive phishing simulations (no PowerPoint training)<\/li>\n\n\n\n
                    • A positive error culture (don’t blame, but learn)<\/li>\n\n\n\n
                    • Frequent, concrete, role-based reminders<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                    • Activate the right tools:\n
                        \n
                      • Multi-Factor Authentication (MFA)<\/li>\n\n\n\n
                      • Advanced anti-phishing filters (AI\/Contextualization)<\/li>\n\n\n\n
                      • Privilege segregation to prevent phishing<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                      • React quickly:\n
                          \n
                        • One-click internal alert procedures<\/li>\n\n\n\n
                        • Ready-made incident contact list (IT, Legal, Cyber \u200b\u200bAdvisor)<\/li>\n\n\n\n
                        • Regular testing of the incident response plan<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n

                          Cybersecurity is not only a matter of using security tools (firewalls and others) but it is also a human, cultural and organizational issue.<\/strong><\/em><\/p>\n\n\n\n

                          The 5 reflexes to avoid a booby-trapped email<\/h4>\n\n\n\n
                            \n
                          1. Check the sender carefully\n
                              \n
                            • Carefully observe the displayed names and the full address<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                            • Being suspicious of urgency or fear\n
                                \n
                              • Example: \u201cYour account will be suspended in 24 hours.\u201d\n
                                  \n
                                • \u201cImmediate action required\u201d<\/li>\n\n\n\n
                                • NB: Fraudsters want to force you to act quickly. It is advisable to take 10 seconds to breathe and check.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                                • Never click on a link without hovering over it first\n
                                    \n
                                  • Check links to see the actual URL\n
                                      \n
                                    • Long, weird, or distorted URLs = red flag.<\/li>\n\n\n\n
                                    • Example: www.banque-canada.net.secure-login.ru<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                                    • Beware of unexpected attachments\n
                                        \n
                                      • Especially *.zip, *.exe, *.iso, *.html\n
                                          \n
                                        • Even a Word or PDF file can contain a malicious macro.<\/li>\n\n\n\n
                                        • NB: Check with the sender through another channel (Example: Telephone)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                                        • Trust your instincts and signal\n
                                            \n
                                          • If anything seems abnormal, check and report it\n
                                              \n
                                            • Avoid clicking and responding<\/li>\n\n\n\n
                                            • Report the message to the IT department or security officer<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n

                                              Important: Always enable MFA on all accounts and keep software up to date as this can be considered the first line of attack blocking<\/strong><\/p>\n\n\n\n

                                              Good anti-phishing reflexes<\/h4>\n\n\n\n
                                                \n
                                              1. Always verify the sender<\/li>\n\n\n\n
                                              2. Take 10 seconds before clicking<\/li>\n\n\n\n
                                              3. Review links before clicking<\/li>\n\n\n\n
                                              4. Don’t download anything unexpected<\/li>\n\n\n\n
                                              5. Report any suspicious messages<\/li>\n<\/ol>\n\n\n\n

                                                Good reflex:<\/strong> Pause \u2013 Think \u2013 Check \u2013 Report<\/p>\n\n\n\n

                                                <\/p>", "protected": false }, "excerpt": { "rendered": "

                                                We see that in 2025, cybercriminals will target individuals more than systems with increasingly credible, personalized and localized phishing campaigns and the exploitation of human psychology for scams.<\/p>", "protected": false }, "author": 1, "featured_media": 763, "comment_status": "closed", "ping_status": "closed", "sticky": false, "template": "", "format": "standard", "meta": { "footnotes": "" }, "categories": [ 1 ], "tags": [], "class_list": [ "post-2616", "post", "type-post", "status-publish", "format-standard", "has-post-thumbnail", "hentry", "category-uncategorized" ], "_links": { "self": [ { "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/posts\/2616", "targetHints": { "allow": [ "GET" ] } } ], "collection": [ { "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/posts" } ], "about": [ { "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/types\/post" } ], "author": [ { "embeddable": true, "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/users\/1" } ], "replies": [ { "embeddable": true, "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/comments?post=2616" } ], "version-history": [ { "count": 5, "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/posts\/2616\/revisions" } ], "predecessor-version": [ { "id": 2789, "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/posts\/2616\/revisions\/2789" } ], "wp:featuredmedia": [ { "embeddable": true, "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/media\/763" } ], "wp:attachment": [ { "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/media?parent=2616" } ], "wp:term": [ { "taxonomy": "category", "embeddable": true, "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/categories?post=2616" }, { "taxonomy": "post_tag", "embeddable": true, "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/tags?post=2616" } ], "curies": [ { "name": "wp", "href": "https:\/\/api.w.org\/{rel}", "templated": true } ] } }