Anything of value always attracts criminals. The fact that criminals are attracted to certain businesses shows that that business activity is highly sought after. For criminals always try to get their hands on something of value that they have contributed nothing to by breaking in and intercepting a sometimes very complex economic process flow. This is why they try to get as close as possible to the source of that sought-after value in a determined attempt to engage and profit from such illicit activities. And, if ever it were still necessary to underscore the sought-after value of data and what it represents, resulting from the digitalization of the economy, then I guess the soaring crime rate in Cyberspace says it all. Cybersecurity therefore is pivotal and mandatory in securing a business activity. Just like a shepherd looking to protect his herd of cattle from predators, we need to protect our data, our networks and communication channels from cyber criminals.
You need a global, proactive and preventive approach when addressing cyber risk management. That means engaging all the employees and the ecosystem of partners of a company in the fight against cyber security attacks. That is how you keep your business safe on a day-to-day basis but also how you secure the future of your business. Because the damages caused by cyber crime are considerable. And when you come to think that a cyber attack occurs every 11 seconds worldwide, the pressure is on. The impact of cyber crime on business can be detrimental and even cause a business to lose its customers. In fact, data breaches can erode customer trust: how can you trust somebody who can’t protect themselves?
Gendarmes and Thieves
Hackers and defenders go at it, face-to-face, in the never-ending dual between gendarmes and thieves, between good and evil. The relentless dynamic of who is chasing after whom gets played out in cyberspace too. Because both use the exact same weapons: lines of code, applications and network protocols but they also resort to internet psychology, hitting on the weaknesses of users so that they fall prey to the different social engineering techniques. In this continuing arms race, thieves have no qualms in leveraging innovation to reach their goals. Recently for instance, a banker was tricked into believing he was talking to one of his customers when hackers used AI-enhanced technology to imitate the voice of that customer instead of deepfake technology which is more time-consuming and requires more resource. The banker was not talking to a business executive whom he thought he recognized but to a machine. By breaking down the barriers to innovation, by putting it to the wrong use instead of for the common good, cyber criminals are dragging cyber defenders onto a whole new playing field for which the boundaries are still unknown. Weaponizing AI for phishing campaigns or for automated vulnerability scanning and so on, takes them way beyond deepfake technology.
Leaving the Door Open or Closed?
When one is considering cybersecurity or is tasked with addressing that concern, you have to bear in mind that 85% of data breaches are due to poor cyber hygiene. Most cyber incidents are caused by employees browsing websites that are not secure or by employees using their work computers for personal purposes. Hackers usually target employees while in the workplace because that is when and where vulnerability is at its peak and when they can break into a system very easily. But hackers do not go only after employees of a company, they also target part-time staff, sub-contractors, and partners. So security breaches are due to weaknesses in technology and psychology. There would be no cybersecurity to speak of if you don’t have the best cybersecurity tools to fend off cyber attacks. But there also wouldn’t be any cybersecurity to speak of without engaging in a vast cybersecurity awareness campaign to raise awareness and educate users on cyber hygiene and best practices. Cybersecurity is a practice that stands on its own two feet: Technology and the Human Factor. So it’s time we learn the safety walk!
Article initially published in IT social.fr