One of the main concerns of companies has been protection against digital threats. And even adopting a series of measures, applications and innovative solutions to prevent invasions and data theft, the issue does not depend only on advanced technologies, but also of human behavior. The finding is from the cybersecurity expert at dataRain, Leonardo Baiardi, which indicates that 74% of cyberattacks are caused by human factors. The executive emphasizes how proper training of employees can be essential for an effective security strategy.
Baiardi considers the human being as the weakest link, when dealing with cyber risks in a corporate environment. Everyone in the company needs to understand that they are responsible for data security, and this is only achieved with training, accountability and communication between the areas. "It is necessary for everyone to be aware of the risks they are exposed to".
The expert's opinion complements what was found in the 2023 Human Factor Report, from Proofpoint, that highlights the significant role of human factors in security vulnerabilities. The study reveals a twelvefold increase in the volume of social engineering attacks via mobile devices, a type of attack that starts with seemingly harmless messages, generating relationships. This happens, according to Baiardi, because human behavior can be manipulated. "Legendary hacker Kevin Mitnick once said, that the human mind is the easiest asset to hack. After all, human beings have a highly susceptible emotional layer to external influence, what can lead to hasty actions such as clicking on malicious links or sharing sensitive information, say
Phishing kits for bypassing multi-factor authentication (MFA); cloud-based attacks, in which about 94% of users are targeted by attacks every month, they are also among the most reported threats in the report
Most common errors
Among the most common mistakes that lead to security failures, Baiardi list: do not verify the authenticity of emails; leave computers unlocked; use public Wi-Fi networks to access corporate information; and postpone software updates.
"These behaviors can open doors to invasions and data compromise", explain. To avoid falling for scams, the expert recommends avoiding clicking on suspicious links. Therefore, indicate to verify the sender, the email domain and the urgency of the message. "If there are still doubts", one tip is to hover the mouse pointer over the link without clicking, allowing to view the full URL. If it looks suspicious, "probably malicious", inform
Phishing
Phishing is one of the biggest cyber threats, using corporate email as an attack vector. To protect oneself, Baiardi suggests a layered approach: awareness and training for employees, in addition to robust technical measures
Keeping software and operating systems updated is vital to reduce vulnerabilities. New vulnerabilities emerge daily. The simplest way to reduce risks is by keeping systems updated. In mission-critical environments, where constant updates are not possible, "a more robust strategy is needed"
He provides a real example of how effective training helps to prevent attacks. "After implementing phishing simulations and training", we have observed a significant increase in reports of phishing attempts by employees, demonstrating a sharper critical sense in the face of threats
To measure the effectiveness of the training, Baiardi suggests defining a clear scope and conducting periodic simulations with predefined metrics. "It is necessary to measure the quantity and quality of employees' responses to potential threats"
The executive mentions that, according to the report from the cybersecurity education company, Knowbe4, Brazil fell behind countries like Colombia, Chile, Ecuador and Peru. The 2024 survey highlights the issue of the employee understanding the importance of cybersecurity, but do not understand, in fact, how threats operate and function. Therefore, highlights the importance of organizational culture in promoting safe practices: "Without a well-implemented cybersecurity culture program, it is impossible to measure the level of maturity that a company has in this aspect.
The specialist is also responsible for leading the delivery of cybersecurity offerings promoted by dataRain, that offers robust and quick-to-implement solutions, as Email Security, Compliance and Vulnerability Assessments, Endpoint Security, Cloud Governance. Cybersecurity is an ongoing challenge, and people are a key element in ensuring the protection of information and the integrity of systems. Investing in training and awareness is investing in the safety of the entire organization. And all our deliveries are accompanied by knowledge transfer, that allows to increase the customer's awareness of threats, закінчує
