Lack of investment in cyber education of employees main gap in the security of companies
- S2 Grupo has ensured that this problem makes the so-called "social engineering" techniques so effective in "tricking" employees and introducing malware into companies.
- Some of the most common errors that “facilitate” access to cyber criminals are overconfidence when opening emails, even if the sender is not known, or taking files from any USB drive (which may be carrying malware)as legitimate.
- The S2 Grupo team of experts has established 7 key points for cybersecurity in companies, ranging from the importance of having monitoring tools to controlling the IoT systems incorporated into the processes.
Valencia, 21 February, 2020.- On the occasion of the celebration of Secure Internet Day next Tuesday, 11 February, the S2 Grupo has warned that one of the main gaps in cybersecurity in companies lies in the lack of education of employees on how to safely use New Technologies. In this sense, bad practices, lack of investment, failure to generate an adequate cybersecurity culture, etc., are actions that greatly “facilitate” the work of cybercriminals. “The enormous degree of lack of culture in cybersecurity makes it relatively easy, using social engineering techniques, to "trick" employees into trusting that what is sent to them in emails or files on a USB is legitimate. It is usually easier to attack than to defend, since it only requires finding a hole to access. For this reason, we must prevent these gaps from existing”, said José Rosell, managing-partner of S2 Grupo. "Another serious mistake is the habit of having social networks increasingly fed with thousands of unknown contacts, which makes false profiles proliferate, which makes it easy to have a large number of followers who "validate" their identity and therefore make them more reliable. In short, the mistake is to take for granted that in the physical world we have learned, over the years, to distinguish that they are not and that in the digital world we are not able to do it in the same way", said Miguel A. Juan, managing-partner of S2 Grupo. Company experts have explained that this type of action is what facilitates the spread of cybercrime, such as phishing or the so-called "CEO fraud", for example. In addition, S2 Grupo has insisted that companies need to invest in training that allows employees to know how to use ICT tools in a cyber-secure manner. “This is one of the weak points of defensive cybersecurity strategies. We have to make the cybersecurity culture of companies robust enough so that there are no very weak links", said Miguel A. Juan. “In this sense, it is necessary to continuously raise awareness among all staff and give them the appropriate elements for effective risk management so that they know how to act when risk materializes. In addition, we cannot limit it to simply giving courses, we must ensure that they are effective and that the company's culture in cybersecurity improves, that is, matures”, emphasized José Rosell. 7 CYBER SECURITY RECOMMENDATIONS TO IMPROVE THE PROTECTION OF BUSINESSES (REGARDLESS OF THEIR SIZE):
- Have adequate defensive and monitoring means.
- Have the intelligence capabilities necessary to know how and what to look for so as to prevent the intrusion of cyber-criminals.
- Implementar procesos de vigilancia que les ayude a anticipar posibles ataques o fugas de información. Implement surveillance processes that help them anticipate possible attacks or information leaks.
- Have cybersecurity awareness and training plans for all personnel.
- Have the appropriate technical/logical means.
- Do not neglect the OT systems or the IoT systems incorporated in their processes.
- In short, follow schemes such as ISO 27001 and 27002 or the National Security Scheme, which establish in a systematic and robust way what must be done to improve cybersecurity management.
More information: email@example.com