Hacker Attacks Up 50%. Cyber Security And Employee Training Can Save Your Business
The rapidly growing pace of hacker activity is now a fact. Recent news events ( hacking of the Lazio Region ) and the pandemic crisis have accelerated the discussion in this regard. The law establishing Acn, the national cybersecurity agency, has just been definitively approved in the Senate in record time.
Public administrations and listed companies are the targets of this new organized and informed crime. Most attacks aim to obtain sensitive data or corporate information assets, which, for economic compensation, are returned. Penalty for non-payment or temporary delay by the victim, publication of data, and the name of the hacked company, thus obtaining inestimable damage for the victim on duty.
But the problem of hacker attacks is related to more than just large companies or government agencies. All companies, even medium-small ones, can be involved and suffer serious damages, such as production stoppages for weeks or the failure of the business itself.
Many realities don’t even realize they’ve been attacked, and when they do, it’s often too late. In fact, cyber attacks can also be commissioned by competitors, and, in this case, it is even more difficult to identify them because the hack itself will never be made public.
What lies behind the cyberattacks is a well-organized criminal scene that is difficult to prosecute at a criminal level due to the many “grey areas” and the legislative differences of the States, which, in this case, also sin by lack of collaboration between them.
It follows that, nowadays, companies can only exempt themselves from the subject.
Fraud, phishing, and malware have increased exponentially during the lockdown, and a progressive sophistication of attacks and organizations between criminal groups has been observed. The increase in the number of systems companies expose has led to a parallel growth in attacks on network appliances, recording an attempt to gain abusive access to remote management systems. We certainly find the increase in smart working among the reasons for this exponential growth.
Last in chronological order is that of the Lazio Region, which was born from a PC of an employee in smart working.
But what are the most common attacks?
Certainly, malware still represents the most widespread threat (42%). Within this category, we also find ransomware with double expansion, which in Italy, in the last year, has led to an increase in cases of data breaches.
Ransomware is used in almost a third of the attacks. Still, among the other attack techniques, we also find phishing and social engineering, closely followed by those launched by exploiting the known vulnerabilities of the corporate network.
Here is the official data provided by the Ministry of the Interior of last year’s attacks and the first half of 2021 on individuals and companies.
What are the solutions to prevent a cyber attack and mitigate the damage?
Surely a different approach, oriented towards the internal knowledge of one’s own vulnerabilities and the assets indispensable for the life (productive and otherwise) of the company reality, and a corporate cultural change are among the basic principles from which to start in order to defend oneself effectively.
Not just hardware and software, then! In fact, the human component determines the success of a security plan or its failure.
In almost 80% of cyber-attacks, human error gives the green light to malware via e-mail or one’s smart working station.
Educating your employees about possible threats and making them aware of the consequences of a cyber attack is the starting point for any good security policy.
Subsequently, it is necessary to foresee the implementation of adequate protection measures, the response, and the ability to recover the measures adopted.
Once the defense measures and the procedural security plan have been set up, you must constantly ensure that data recovery works correctly in your corporate network. This obviously requires considerable effort and is the reason why it is advisable to have this service managed externally. In this way, the corporate security plan will be constantly updated, tested, and tested by professionals who will periodically ascertain the good state of health and safety of the systems.