Attacks on corporate systems by cybercriminals are increasing dramatically. For this reason, employees must know how to recognize them carefully.
The human factor in cybersecurity: how people represent the first and most effective defense available to a company.
Cybersecurity has never been so dominant as in recent years: from a niche technical topic to a topic often mentioned by CEOs, newspapers and even presidents, with massive investments that look to the defense of their borders, whether corporate or national.
To understand how much the cybersecurity market is worth, it may be helpful to know its size. In 2021, it was estimated at over 200 billion, and analysts predict growth to almost 500 billion by 2030. These figures, as anticipated, are spent by companies and nations to protect their infrastructures from defending themselves against cybercriminals who want to exploit the network’s weaknesses to damage these entities.
Protecting yourself is essential because cybercrimes, the attacks launched by hackers, have not only multiplied over the years in terms of volume, with double-digit growth rates year on year, but also in terms of “quality”, i.e. difficulty in recognition of the attack and the severity of the consequences.
What Is The Human Factor, And Why Is It Important?
Despite this growth, cybersecurity is still a very little-known topic and is often considered only in its technological component. However, even having the best technologies on the market does not guarantee being completely protected from external attacks, and this depends on a fundamental factor within cybersecurity: the human factor.
By “human factor”, we mean all those situations in which a human error leads to a cyber attack’s success, which happens more often than one thinks. These situations are by no means few: 95% of data breaches (violations that involve the loss or destruction of sensitive data) are caused precisely by employees. In other words, 19 out of 20 security breaches are caused by people, not by outdated technology.
This data should make us understand how cybercriminals exploit vulnerabilities to steal credentials and access systems from which they can do all kinds of damage. In this context, smart working has represented fertile ground for a specific type of attack: the use of private resources to access corporate systems has multiplied the access points that hackers can exploit to reach the corporate infrastructure, and a simple oversight of any user can turn into an open door for cybercriminals.
At this point, it may be helpful to use an example to understand how all this translates into reality. One of the most affected targets by hackers is represented by healthcare companies, both for the amount of sensitive data they possess and the need always to be operational. In 2021, an attack on the Lazio region disrupted services for individuals and companies, including the health information system and the vaccination system for covid-19.
How could that happen? Precisely because of the human factor. It turned out that the cybercriminals managed to steal an employee’s system access data. From this, they managed to block the services of the online health system for a month and created many problems for vaccination due to the attacks on the dedicated database.
Typology And Nature Of Cyberattacks
The attacks of this matrix are not rare; on the contrary, they are launched daily in considerable quantities to hit as many victims as possible.
When it comes to the human factor, the most classic type of attack launched is phishing, i.e. emails or text messages that contain malicious links designed to steal the recipient’s credentials. Although this method is well recognized, many tend to fall for it. This is due to the authenticity of modern phishing messages and to the carelessness of many employees opening emails and the links contained in them: in your experience, how many times do you open an email and click on the link before you’ve even finished reading it? Often we don’t even notice it, perhaps because we are also on a call. Still, we tend never to pay attention to all those clues that would allow us to identify, sometimes very quickly, the nature of a compromised email.
A second widely used method is ransomware, a virus that takes over a user’s computer and can block it to request a ransom. Ransomware is present on various websites and can also derive from infected documents, so it is essential only to browse safe sites.
The consequences of human-related cyber attacks can be of the most disparate types but usually involve the theft of sensitive data followed by a ransom demand. Very often, systems are shut down to stop business operations altogether. The inability to use one’s systems is often linked to the inability to use, for example, one’s machinery, and a stopped production results in severe delays and massive loss of turnover.
The level of cybercriminals is so advanced that it can be considered on a par with a small company: they study potential victims, their weaknesses (technological and human), their financial resources and the data they possess. This translates into “customized attacks” aimed at doing the most damage possible to demand the highest ransom the company can afford.
How To Defend And Protect The Infrastructure
If the technological factor is more intuitively solvable, the human factor of cybersecurity requires not only considerable investments in monetary terms but, above all, in terms of social capital. It is essential not only to set up courses dedicated to cybersecurity but, more generally, to create a corporate culture oriented towards cybersecurity, where all employees know all the threats that can affect them and can recognize them and defend themselves and the company, reporting to it all the attacks they receive.
In parallel, the automation of processes and the implementation of dedicated policies help people, as it reduces the risks that an attack will be successful. By proceeding along these two paths, it is possible to support corporate human capital and make it a barrier against external attacks and an essential defense for all companies.
Also Read: What Is Sniffing And Why It Is A Cybercrime: How To Recognize It