When technology alone is not enough
Most companies invest a significant portion of their budgets in technology to protect their ICT infrastructures, but only few of them give proper weight to the biggest weakness: the user. A company can have the best technologies, but if an employee falls into the trap of a hacker, the defenses of the entire system will be useless.
The cybersecurity course organized by DOS Group SA, in partnership with Openpop SA, allows you to raise your users’ awareness of risk, make them aware of the main attack strategies and then recognize them in a timely manner. Our goal is to increase the security of your company through increased user awareness. In this way, the risk of cyber attacks on companies is drastically reduced.
How do cyberattacks take place?
The real world has accustomed us to prevent possible attacks by using small precautions such as closing the front door, removing the keys from the dashboard of the car and avoiding too dark alleys. Each of our daily actions, whether voluntary or involuntary, is made to protect us and the same should happen in the virtual world, which is not so virtual. With the increase of remote work, accomplice also to the pandemic and the various restrictions, the number of openings made available to anyone in our vicinity has increased, both in technological and environmental terms. Gestures that we consider to be harmless, such as leaving a PC unattended for even a few minutes, therefore carry the same risks as leaving the front door open.
Why is it important to sensitize employees?
Most breaches suffered by companies are caused by staff because not sufficiently prepared to identify an attack. This lack of risk awareness causes users to unwittingly become accomplices to cybercriminals, often performing trivial actions such as opening a malicious file or a link received via email. And it is precisely this naivety that drastically lowers the company’s defense levels. Studies have shown that almost half of attacks on companies are carried out through phishing or social engineering, practices aimed at manipulating the user to steal confidential information.
23% of data breaches are caused by human error
One cyber attack occurs every 39 seconds
(Università del Maryland)
28% of data breach victims are small businesses
34% of healthcare orgs were hit by ransomware in 2020
In the case of phishing attacks, cyber criminals send millions of emails containing trojans or links to a compromised site. The purpose of the attacks can be various. For example, the victim who falls into the network, triggers an attack mechanism whereby company data is encrypted and ransom demands are made in order to decrypt it. In other cases, the goal is identity theft for extortion or money laundering.
An attack based on social engineering is much more sophisticated and usually targets a specific company. For this type of crime, it is essential to collect information, which can be obtained directly and unknowingly by company personnel with simple techniques and seemingly harmless questions.
It is clear why this kind of attacks disregard the defense tools that can be used from the technological point of view such as firewall and antivirus, as they are mainly exploited human weaknesses and as such, they become more effective the lower their awareness is. Specific training and knowledge of the main techniques are fundamental elements to increase the company’s defenses, because only learning to manage these and other situations can reduce risks.
In partnership with