Use this blog post as a training opportunity in your organization. Post it on your intranet and educate your employees throughout the month of October.
Cyber threats are increasing rapidly every year. This year, the global cost of cybercrime is expected to reach $9.5 trillion, according to Cybersecurity Ventures (1). This is 1.5 trillion more than was predicted for 2023 (2).
In cyberattacks, companies or individuals are maliciously attacked by individual hackers or groups of hackers over the Internet in order to obtain data, information, or money.
The EU's European Cyber Security Month campaign highlights the topic of cybersecurity every October. It aims to make states, companies, and individuals more aware of the dangers of cybercrime, and of ways to stay protected.
Cybersecurity month is a great opportunity to shine a light on five selected information security areas to watch out for. And how to stay safe!
Cybersecurity refers to technical as well as organizational measures to protect IT infrastructure and organizational data against malicious attacks. This includes the protection of computers, networks, servers, smartphones, and smart devices, but also data protection and information security.
There are three types of cyber threats:
The attack types are the same for all threats. The spread of malware (viruses, Trojans, spyware, adware, ransomware, botnets) puts computers and systems out of service or damages them. SQL Injections enable hacking of databases to obtain information. Phishing is an attempt to obtain login and financial data as well as to find out personal information. Man-in-the-middle attacks intercept information between two parties, e.g., a computer and a network. In the case of denial-of-service attacks, networks or servers are flooded with data traffic so that the infected computer systems can no longer run, and companies are unable to function. Attack targets are typically governments and companies, but can also be private individuals.
How can you protect yourself from cybercrime as a company and also as a private person? On the one hand, technical protective measures are essential. On the other hand, our behavior has a decisive influence on the risk of becoming a victim of a cyberattack.
Phishing emails are emails sent under fraudulent pretext by hackers, who try to obtain login details, bank and credit card details, or other personal information. As a rule, the goal is to make money with the data obtained or to gain access to systems. The emails often look deceptively real and appear to come from a legitimate source, such as your bank. Urgent calls to action entice users to click on links and enter their data.
It is therefore important not to click on links in emails, especially from unknown senders. Be wary of any request for login information. No reputable company will ever ask you to adjust your access data via a stored link or to disclose them by replying to an e-mail. Also, be careful if you are asked to provide your credit card or bank account information.
Watch out for misspelt, missing, or misaligned letters in emails and links. These are also indicators of phishing.
But phishing is no longer limited to email. Access credentials or credit card information can also be obtained by phone (vishing) or SMS (smishing). QR codes can also be manipulated so that scanning them leads to a fake login page.
Read more about phishing in the blog "Phishing - the danger that lurks on the net".
Malware, also known as malicious software, is software that can damage your computer, smartphone, or tablet or disable it entirely. Malware is mainly spread via the internet while surfing, downloading software, such as email attachments, or via social media. Malware can also be distributed via USB sticks and other mobile data carriers. As with phishing, the motivation is mostly financial or industrial espionage. Hackers can also be politically motivated or want to damage a company's reputation.
Viruses, Trojans, spyware, adware, and ransomware are forms of malware, and they are often spread via botnets.
On the one hand, technical measures provide protection against malware:
On the other hand, the users must also behave securely:
Social engineering is a method in which fraudsters fake an identity in order to obtain information or to convince their victims to take a certain action. For example, they can pretend to be a help desk employee in order to persuade the victim to provide login data or to convince them to visit an infected website. Most of the time, social engineering is used to attempt to obtain login data, steal credit card or bank information, or gain access to IT systems. The more information that can be gathered about a victim, the higher the chances of success in an attack. Most of the information is found on the Internet, e.g., on company websites or in social media, but it may also come from public registers or the phone book.
It is important that you never pass on internal or confidential information about yourself or your company to strangers. Passwords and access data should never be shared. Do not allow yourself to be pressured or persuaded to download a particular file or visit a given website.
Read more tips on how to protect yourself from social engineering in our blog.
Every day we have to enter passwords for our work or private lives in order to be able to log into systems. A well-chosen password is essential for protecting yourself against dangers from the Internet.
If passwords are revealed, data can be manipulated or stolen. Hackers have special tools with which they can easily discover passwords if the passwords are not created according to certain rules.
To ensure protection, a good, secure, individual password must be created for each application. Never use the same password for multiple systems or websites and never give your login details to anyone else. Otherwise, the passwords lose their effectiveness for protection. Always activate 2-factor authentication if the system allows it. This also increases security.
Note the following points when creating a new password:
The following tips can help you avoid having to write passwords down and make them easier to remember:
Read more about passwords in the blog "Secure passwords and what you need to know about them".
Nowadays it is more important than ever that employees are trained on the topics of information security. Training courses should take place at regular intervals and ideally be coordinated with one another.
Employees are the most important element of protection when it comes to cybersecurity. Use this element of defense by enabling your employees to recognize the dangers associated with the Internet and to behave correctly.
The European Cyber Security Month is a good opportunity to train employees on the subject of cybersecurity with a targeted campaign. Create virtual games, quizzes, e-learning courses, or events where employees can actively participate on site. The topic can also be brought to people’s attention with posters, intranet pages, or e-mails.
In our blog posts we discuss how to plan and implement a security awareness campaign and how to successfully change the behavior of employees. You can find an overview of all blog posts here.
(1) Cybersecurity Ventures (2022): Cybercrime To Cost The World 8 Trillion Annually In 2023. https://cybersecurityventures.com/cybercrime-to-cost-the-world-8-trillion-annually-in-2023/
(2) Cybersecurity Ventures (2023): Cybercrime To Cost The World $9.5 Trillion USD Annually In 2024. https://cybersecurityventures.com/cybercrime-to-cost-the-world-9-trillion-annually-in-2024/
Inspiration: https://www.kaspersky.de/resource-center/definitions/what-is-cyber-security
