In the world Economic Forum's latest global risk report, it security gaps are an important part of classifications.
The question at this level is what steps should be taken to anticipate the problem and to plug it if possible.
This article will also interest you: Computer security: firefighters from a French community victims of cyberattack
In a rather simplistic approach to computer threats, it should be noted that the majority of computer attacks start with email. For all malware that is in circulation, their negative impact depends on the action of a user for that to be. On the hackers' side, tactics have changed. Indeed, they rely much more on human weaknesses. Their actions rely much more on phishing or social engineering companions, much less on sophisticated techniques. The plan is very simple: to push the targeted people to commit the blame themselves often by providing them with the necessary access.
"Today, the three most dangerous types of attacks used by cybercriminals for profit revolve around the human factor. These include the BEC (Business Email Compromise) or President's Scam, the compromise of email accounts (when real accounts are spoofed by cyber criminals) and ransomware attacks. ». Note Irene Marx, Country Manager, Switzerland and Austria at Proofpoint.
BEC-type computer attacks are usually fairly well-crafted or treacherous attacks. "Attackers usually send a clear text message that is not identified as a threat by most email security systems. Once the message has been delivered to the employee's inbox, it is up to the employee to assess the authenticity of the email. Often, the sender's address has been carefully falsified to mimic that of a superior or supply chain partner, while the content has been individually tailored to the recipient. If the latter is not aware of this type of attack, it is not impossible that he will transfer to a hacker account or send sensitive information such as corporate secrets to the supposed superior. With billions of dollars a year in damages, BEC attacks are now the source of most cyber insurance claims. Irene Marx.
70% of industry leaders believe that employees pose a very high threat to computer security, according to a study provided by Proofpoint.
If more and more companies are becoming aware of this reality, there is still a limit to be observed. Few companies train and educate their employees properly. In fact, 77 percent of companies only raise awareness and train their employees twice a year. And of course this is largely not enough given the current context where computer attacks are increasingly pressing and imminent.
"Only a multi-level security concept can effectively protect the organization: companies are required to invest in email security. They must ensure that attempted fraud and other email attacks are detected and do not reach the recipients' inbox. But user training should not be overlooked, so that employees are able to responsibly identify and process fraudulent emails in their inbox. Because it is only when technology and trained users work together that security in the company can be increased in the long run. "Describes the local Leader of Proofpoint.
In similar situations, it will be said that the IT security of companies relies in some way on employees. In light of this, Michele Rapisarda, Head of Large Accounts at Proofpoint in Switzerland and Austria, said: "We believe that a strong defence can only be achieved through the effective interaction of technology, processes and people. Regardless of their scale, the vast majority of cyberattacks have in common to start with an email and try to deceive a human— so we need a people-centered defense strategy. Training is a fundamental part of this approach, as are email security solutions that can detect suspicious messages at an early stage. ».
Now access an unlimited number of passwords: