94% of companies and organizations worldwide have acknowledged having suffered some type of cyber-attack in the last year. Regardless of the business activity of the company or entity, or whether it belongs to the public or private sector. As a result, 87% have increased their investment in cybersecurity.
But in addition to the technical and organizational measures that our organization has deployed, in all cases employees will always be an additional factor to ensure and maintain the level of security and privacy. Even more so if the activity is based not only on information technology (IT) systems to provide services, but also on operating systems (OT) to produce products.
Therefore, in today’s TIP and as a question/answer (FAQ), we would like to clear up some doubts:
- In cybersecurity, the user is conceived as the weakest link in the information security chain. Why? Because we are the ones who manage external relations or perform the most operational day-to-day functions. The volume of contacts and the frequent use of new technologies, especially e-mail in services and production machines in industry, make us more exposed to direct cyber-attacks.
- Cybercriminals know this and are taking advantage of it. How do they know? Because they study companies and entities in different sectors. Based on success statistics and experiences shared with other cybercriminals, they know in advance how we as users will react to different types of cyber-attacks based on our roles, position or job title. Therefore, in service companies whose activity is based on information, they attack through fraudulent e-mails, and in industrial companies through the remote installation of viruses or malware.
- Carelessness, scattered information, mix of personal and professional technology, lack of training? In 73% of the cases, it is the employees themselves who cause security breaches and non-compliance. Can we be blamed? Not if it is not intentional or negligent, because most likely we have been deceived or used by a cybercriminal as a means to achieve an end, which is to obtain information or paralyze an activity. That is why we constantly insist that, at the slightest suspicion of a cyber-attack, we inform the IT Department so that they can act in time and guarantee the information and the continuity of the activity of our company or entity.
IMPORTANT NOTE: We remind you again that if you have the slightest suspicion about a communication or believe you may have been the victim of a cyberattack, do not hesitate to report it to your line manager, the CISO Security Manager and the IT department, so that they can advise you appropriately . And on a personal level, report the cyber-attack to the police authorities.