One of the main concerns of companies has been protection against digital threats. Even adopting a series of measures, applications, and innovative solutions to prevent invasions and data theft, the issue does not depend solely on advanced technologies, but also on human behavior. This is the finding of dataRain’s cybersecurity expert, Leonardo Baiardi, who points out that 74% of cyber attacks are caused by human factors. The executive emphasizes how proper training of employees can be essential for an effective security strategy.
Baiardi considers the human being as the weakest link when it comes to cybersecurity risks in a corporate environment. “Everyone in the company needs to understand that they are responsible for data security, and this can only be achieved through training, accountability, and communication between departments. Everyone needs to be aware of the risks they are exposed to.”
The expert’s opinion complements what was found in the 2023 Human Factor Report from Proofpoint, which highlights the significant role of human factors in security vulnerabilities. The study reveals a twelve-fold increase in social engineering attacks via mobile devices, a type of attack that starts with seemingly harmless messages, creating relationships. This happens, according to Baiardi, because human behavior can be manipulated. “As the legendary hacker Kevin Mitnick said, the human mind is the easiest asset to hack. After all, humans have a highly susceptible emotional layer to external influence, which can lead to impulsive actions such as clicking on malicious links or sharing sensitive information,” he says.
Phishing kits for bypassing multi-factor authentication (MFA); and cloud-based attacks, where approximately 94% of users are targeted by attacks every month, are also among the most recorded threats by the report.
Most Common Errors
Among the most common errors leading to security failures, Baiardi lists: not verifying email authenticity; leaving computers unlocked; using public Wi-Fi networks to access corporate information; and delaying software updates.
“These behaviors can open doors to intrusions and data compromises”, he explains. To avoid falling for scams, the expert recommends avoiding clicking on suspicious links. Therefore, he suggests verifying the sender, the email domain, and the urgency of the message. “If there are still doubts, a tip is to leave the mouse pointer over the link without clicking, allowing you to view the complete URL. If it seems suspicious, it is probably malicious,” he informs.
Phishing
Phishing is one of the biggest cyber threats, using corporate email as an attack vector. To protect yourself, Baiardi suggests a layered approach: awareness and training for employees, along with robust technical measures.
Keeping software and operating systems updated is vital to reduce vulnerabilities. “New vulnerabilities emerge daily. The simplest way to reduce risks is by keeping systems updated. In mission-critical environments, where constant updates are not possible, a more robust strategy is necessary.”
It brings a real example of how effective training helps prevent attacks. “After implementing phishing simulations and training, we observed a significant increase in reports of phishing attempts by employees, demonstrating a sharper critical sense in the face of threats.”
To measure the effectiveness of training, Baiardi suggests defining a clear scope and conducting periodic simulations with predefined metrics. “It is necessary to measure the quantity and quality of employees’ responses to possible threats.”
The executive mentions that, according to a report from the cybersecurity education company, Knowbe4, Brazil lagged behind countries like Colombia, Chile, Ecuador, and Peru. The 2024 survey points out the issue of employees understanding the importance of cybersecurity but not actually understanding how threats operate and function. Therefore, it highlights the importance of organizational culture in promoting secure practices: “Without a well-implemented cybersecurity culture program, it is impossible to measure the level of maturity a company has in this aspect.”
The specialist is also responsible for leading the delivery of cybersecurity offerings promoted by dataRain, which offers robust and quick-to-implement solutions, such as Email Security, Compliance and Vulnerability Assessments, Endpoint Security, and Cloud Governance. “Cybersecurity is a continuous challenge, and people are key to ensuring the protection of information and system integrity. Investing in training and awareness is investing in the security of the entire organization. And all our deliveries are accompanied by knowledge transfer, which allows increasing the client’s awareness of threats,” concludes.
