One of the main concerns of companies has been the protection against digital threats. And even adopting a series of measures, applications and innovative solutions to prevent intrusions and theft of data, the issue depends not only on advanced technologies, but also on human behavior. The finding is the cybersecurity specialist of dataRain, Leonardo Baiardi, who points out that 74% of cyberattacks is caused by the human factor. The executive highlights how proper training of employees can be essential for an effective security strategy.
Baiardi considers the human being as the weakest link when dealing with cyber risks in a corporate environment. “Everyone in the company needs to understand that they are responsible for data security, and this is only achieved with training, accountability and communication between areas. Everyone must be aware of the risks to which they are exposed”.
The expert's opinion complements what was found by Proofpoint's 2023 Human Factor Report, which highlights the significant role of human factors in security vulnerabilities.The study reveals a twelve-fold increase in the volume of social engineering attacks via mobile devices, a type of attack that begins with seemingly harmless messages, generating relationships. This occurs, according to Baiardi, because human behavior can be manipulated. “Ja said the legendary hacker Kevin Mitnick, that the human mind is the easiest asset to hack.
Phishing kits for multi-factor authentication bypass (MFA); and cloud-based attacks, in which about 94% of users are targeted every month, are also among the most reported threats.
Most common mistakes
Among the most common errors that lead to security breaches, Baiardi lists: not checking the authenticity of emails; leaving computers unlocked; using public Wi-Fi networks to access corporate information; and postponing software updates.
“These behaviors can open doors to invasions and compromise of” data, explains. In order not to fall into scams, the expert recommends avoiding clicking suspicious links.Therefore, it indicates checking the sender, the domain of the email and the urgency of the message. “If there are still doubts, a tip is to leave the mouse pointer on the link without clicking, allowing you to view the full URL. If it looks suspicious, it is probably malicious”, he reports.
Phishing
Phishing is one of the biggest cyber threats, using corporate email as an attack vector.To protect yourself, Baiardi suggests a layered approach: awareness and training for employees, as well as robust technical measures.
Keeping software and operating systems up to date is vital to reducing vulnerabilities.“New vulnerabilities emerge daily. The simplest way to reduce risks is to keep systems up to date.In mission-critical environments where constant updates cannot be performed, a more robust” strategy is required.
He provides a real example of how effective training helps prevent attacks. “After implementing phishing simulations and training, we have seen a significant increase in reports of phishing attempts by employees, demonstrating a more accurate critical sense of the” threats.
To measure the effectiveness of training, Baiardi suggests delimiting a clear scope and conducting periodic simulations with pre-defined metrics. “You need to measure the quantity and quality of employee responses to possible” threats.
The executive mentions that, according to a report by the cybersecurity education company Knowbe4, Brazil was behind countries such as Colombia, Chile, Ecuador and Peru. The 2024 survey points out the issue of the employee understanding the importance of cybersecurity, but not understanding, in fact, how threats operate and work. Therefore, it highlights the importance of organizational culture in promoting safe practices: “Without a well-implemented cybersecurity culture program, it is impossible to measure the degree of maturity that a company has in this regard”.
The specialist is also responsible for conducting the delivery of cybersecurity offerings promoted by dataRain, which offers robust and fast-to-implement solutions, such as Email Security, Compliance and Vulnerability Assessments, Endpoint Security, and Cloud Governance. “Cybersecurity is an ongoing challenge, and people are a key part of ensuring the protection of information and the integrity of systems. Investing in training and awareness is investing in the security of the entire organization.
