The model of a global cybersecurity culture in the business world | NTT DATA

Wed, 26 May 2021

The model of a global cybersecurity culture in the business world

Did you know that during the 5 minutes it takes to read this article, more than 150,000 cyberattacks are taking place in the world? The average per day of online attacks is 45 million. As recent as March 11th 2021 the Spanish State Public Employment Service (SEPE) suffered a cyberattack where the perpetrators used malware to infiltrate the entity’s website. On this occasion, the entity's website was down for several days and the procedures for the new benefits of the Ministry of Labor were completely paralyzed.

Another recent victim was the United States Department of Commerce and Treasury, which suffered one of the largest and most sophisticated infiltrations in the last 5 years. Around 18,000 individuals from the private sector and the government downloaded and installed a program that gave free access for months to the hackers who had infiltrated the Department's systems.

Private sector companies in the European Union also have been affected by cyberattacks. According to Kaspersky's cyberattack map showing real-time data, Spain is among the top 20 countries most affected by cyberattacks nowadays. In a survey carried out in 2020, Spain was the second most affected country by this type of attacks, where 44% of Spanish companies reported having been victims of these. The first place was occupied by Belgium with 49% of companies affected.

The United States recently declared a state of emergency following a cyberattack on the country's largest pipeline network. A group of hackers disconnected the Colonial Pipeline and stole more than 100GB of information. This pipeline transports more than 2.5 million barrels a day so the main effect of the pipeline going offline is that prices will increase by at least 2% but it may be even higher if the blockade is prolonged over time.

Circumstances of cyberattacks in companies

All companies, regardless of their size, are at high risk of their technological systems being interfered with by third parties, simply because they exist. On the other hand, the vast majority of these cyberattacks go unnoticed by those affected. Although 76% of managers stressed the importance of putting in place cybersecurity programs, only 47% of them acknowledged having incorporated such programs into their business structure.

Cyberattacks not only put companies' information at risk, but also their economy, not to mention their brand image. It has been predicted that, on a global scale, in 2025 the economic damage caused by this type of attacks will reach a worrying figure of 8.7 trillion euros.

When we think of cyberattacks, we imagine a cybernetic hacker sending a malicious virus to the computer network of a company. However, in reality, most of the unauthorized access to systems occurs unintentionally by users, although attacks carried out by internal threats (insider threats) should not be ruled out.

A recent study by Ernst & Young for Verizon revealed that more than 90% of cases where cybersecurity is compromised are due to human error or human behavior. Therefore, when it comes to cyberattacks, the employee is in the first line of defense of companies. Hence the importance of raising awareness and informing people about the importance of cybersecurity and how they can avoid the risk of leaks in the system.

How to improve security practices

It is important to create and foster a common awareness in all the employees of a company in order to create a culture of cybersecurity, especially in the following areas:

Updates - Reiterate to employees the idea that if the software used is not updated in due time, it becomes more susceptible to cyberattacks.

Secure development - Secure code development practices should be prioritized, although these require more time. 90% of the cases that affect the security of the system are due to errors in the program code.

Warnings - We must pay attention to risk notices when visiting pages, even if they seem to be safe.

Passwords - Using the same passwords or words that are easy and predictable, allows hackers to be able to compromise the company's systems with great ease.

What methodology do we recommend to increase security?

With the aim of increasing cybersecurity in organizations by raising awareness of human capital, we recommend the application of a continuous assessment methodology, with a strategic approach based on the analysis of human behavior.

At everis we have created a strategy based on our own methodology that prioritizes a change in mindset and applies high-impact marketing and branding actions that have an effect on generalized beliefs about cyberattacks. However, before implementing any strategic plan, the situation of the organization and its employees must be analyzed, adapting the methodology to the company’s strategic objectives.

The main objective of the analysis is to make employees aware of the importance of cybersecurity and the risks that companies experience in the short, medium and long term. This is achieved by calculating the maturity index in terms of cybersecurity and segmenting and personalizing these possible risks depending on each area involved.

Another important aspect is to define the journey of employees in their day to day working life in order to identify the human behaviors that weaken the cybersecurity of the organization. Once identified, decisive actions can be taken for both human capital and the business.

Given that the advancement in the use of technologies does not always mean that they are applied in the best manner, the mechanisms used to infiltrate illegally will be increasingly sophisticated and, consequently, the number of people looking for failures in the systems will also increase.

Although the new digital era has brought great developments in the online security sector and the volume of investments in new protection tools is higher than ever, the frequency of cyberattacks has also increased. The more digital we are, the more technologies will be developed to harm cybersecurity and will make people and businesses, as well as governments, vulnerable to hackers.

How can we help you

Get in touch