Cyber attacks continue to haunt business circles, nationally and internationally.
In the first quarter of this year, Portugal was the target of around 3.000 cyber attacks, according to our partner Kaspersky.
We have already mentioned the fact that 2022 is proving challenging in terms of cybersecurity, especially with regard to ransomware attacks, the most popular form of malware, and phishing.
But Kaspersky has identified a new trend, which is based on an attack where cybersecurity testing tools are employed in order to weaken companies with this type of cyber attack. The “ransomware” uses a program that prevents users from accessing the system, demanding the payment of a ransom.
In fact, cyber attacks have several phases, such as the study of the victim’s network, the attack of the internal assets, the lateral movement through the network and the extraction of information. The ultimate goal is undoubtedly the encryption of data, preventing the use and consequent interception of operations.
The truth is that these attacks started triggering in 2020, due to Covid-19, which boosted the digitalization of organizations. According to the Risks and Conflicts Report 2021 (Cybersecurity Observatory – CNCS), the most notorious situations were related to the increase in malware distribution and phishing/ smishing attacks, being the most common and successful attacks in recent times.
We have seen an increase in the frequency of attacks, where in 2021, every 32 seconds, someone was attacked online, and 61% of security breaches involved theft of credentials, namely passwords.
Israel is one of the most concentrated countries in this scope, centralising 40% of world investments in the cybersecurity area. Experts from this country confess that Portugal, and other European Union countries, are being daily targets of cyber-attacks, continuous computer offensives against hospitals, universities, media, ministries, among other markets.
Our Israeli partner, Checkpoint, confesses that Portugal is one of the most vulnerable countries in Europe, in all kinds of virtual attacks, from ransomware to botnet offensives or against mobile networks.
Managers have taken notice of these imminent digital dangers and have chosen to invest technologically in cybersecurity. However, they neglect one of the most important parties in this whole process: the people, the companies’ employees.
People within the organisation are often both the first line of defence and the greatest vulnerability. For example, an attack directed at an employee, which is impervious to the various detection and prevention tools, may be enough to compromise confidential information and personal data of employees, customers and partners, with the possibility of causing incalculable reputational damage.
The three basic pillars of organisations are people, processes and technology. As more investment has been made in the technological side, it is time to invest in people, providing a change of mentality that is more directed towards risk, equipping employees with such knowledge that allows them to be the first line of defence. It is crucial, then, to invest in an organisational culture that values cybersecurity.
It is a reality the new challenges that have arisen for managers and employees, demonstrating the need to outline strategies and ensure the right tools to manage the company more efficiently, while ensuring the security of the organization. Besides security, another trend is sustainability.
However, the growth and evolution of an entity should not overcome security issues. In other words, every action of technological innovation , must be accompanied with adequate protection and security solutions, in order not to allow an opening for hackers.
In view of this information, and according to experts, the key word for solving these cybersecurity problems is undoubtedly prevention.
It is understood here the importance of training in this sense, a field where ActiveSys stands out, through technological consultancy services, which promote training and awareness in the area of security.
ActiveSys provides some of the main tips to keep you protected against recurrent cyber attacks:
- Equipment and Systems Update;
- Network Protection;
- Training;
- Use of Cloud Technology;
- Data Monitoring;
- Use of Backups;
- URL Care;
- Special Attention to Personal Equipment;
- Guaranteeing the Security of the Network and Services;
- Paying Attention to Trends;
- Avoid Free Wi-Fi Networks;
- Multifactor Authentication;
- Private Mode Navigation.
Cybercrime is real and it is imperative that a good security policy is in place.
ActiveSys is the ideal expert support to help your company properly implement good security practices. Please do not hesitate to contact us.