Investment in cybersecurity is critical for both businesses and government. But when it comes to this topic, there is one element that needs to be considered as a priority and that too often takes a back seat. This is the so-called human factor, the weakest and most vulnerable link in a cybersecurity system. Needless to deny it, one of the main causes of breaches suffered by companies is the employee, in most cases a completely unwitting accomplice of hackers. Mind you, this should not be seen as a criticism of the staff working in companies or PAs, but an element to be taken into account when evaluating infrastructure security. Never more so than in these times is it evident that cybercriminals are focusing their attacks on people rather than systems, exploiting social engineering techniques to launch phishing and malware attacks aimed and retrieve information, identify possible vulnerabilities and gain access to corporate networks. Add to this any distractions in login procedures, the use of overly generic passwords, or the theft of a device where login data was contained in an unsecured form. All of this is amplified by the current emergence that pushes for more and more use of connectivity for work or simply to pass the time. Data analyzing Internet use on a global scale in the last period indicate a growth of up to 30 percent in month-on-month traffic, a value that in normal situations stands at 3 percent growth.
A growing problem
Although there are well-organized smart working facilities it frequently happens that employees have to access the network with personal computers, perhaps not updated to current security standards or with operating systems already compromised by viruses. Let us ask, for example, how many smart working users use the same computer for both work and fun, perhaps with online games. Cyrbercriminals are aware of this, and it is no coincidence that in recent times new cyber attack techniques have been developed that direct users to fake online gaming platforms, from poker to betting, that can infect computers that will later be used for other tasks. Obviously good security systems, such as those proposed by Hypergrid, can analyze and detect any problems and block access to the corporate network if the computer or software is found to be compromised, but care must always be taken.
BYOD Matters
One of the most common issues is access to infrastructure via tablets and smartphones. This is a growing phenomenon in Italy that is referred to as BYOD (Bring Your Own Device) and indicates the use of portable personal tools to do smart work or access data on corporate networks. According to the Cyber Security Report 2020, nearly one-third of organizations worldwide have suffered direct attacks on mobile devices in recent months, a situation that makes it more difficult to avoid a security breach. Smartphones and tablets suffer from greater vulnerabilities, can be compromised with infected applications, and it is also easier from these devices to successfully carry out phishing attacks, not only via email, but by exploiting messaging applications that direct users to fake websites. Not to mention the possible poor security of the Wi-Fi networks to which they are connected within the home through modems or routers protected by outdated firewalls or set with passwords that are too weak. The other big problem is that smartphones and tablets can be stolen (or lost) with ease, and if not properly protected allow access to personal data and passwords of all kinds.
Turn to the experts
When using smartphones or tablets to access corporate networks, it is critically important to use screen-locking features to protect access to the device, use the data encryption systems in the operating systems, and, if available, take advantage of the remote formatting feature to immediately erase data from the stolen or lost device. Of course, alerting corporate cybersecurity officers is also essential. As for the human factor, on the other hand, the best solution is to train staff to make them aware of security issues. Currently, only a fraction of employees are able to detect an attempted hacker attack, even in the simplest cases where simply opening a malicious attachment is enough to endanger the infrastructure. Companies and public administrations can seek advice and counsel from companies experienced in the field such as Hypergrid. As always, structural audits of one’s infrastructure are necessary and become even more important and crucial whenever a system component is replaced or modified or when an employee reports that he or she has suffered a possible cyber attack. By relying on Hypergrid’s team of experts, it is possible to prevent and, if necessary, eliminate possible threats. Vulnerability Assessment, the indispensable procedure for assessing the security of the infrastructure, is even more effective when supported by a Data Recorder service that can record all network traffic and in the event of malfeasance (and possible checks by the Postal Police), identify the source of the problem. We would then like to remind you that Hypergrid is able to organize courses taught by certified professionals according to the needs of the company. For advice or information contact us at: info@hypergrid.it
Devi effettuare l'accesso per postare un commento.