Communication with employees is better weapon against cyber attacks
EY Consulting, which has heard more than 1,400 executives globally, pointed out that for 54% of national organizations, the great vulnerability in the company are malicious and inattentive collaborators, while 45% said they could hardly foresee threats of data theft.
The fact is that the threat may be in the house. But what to do?
Companies make exorbitant investments in cyber security tools to increase the protection of their data and respond quickly and effectively to any incidents or cyber attacks. On the other hand, they leave aside one of the most important "weapons" in the fight against malicious hackers: the conscientization of their employees.
According to Eduardo Bernuy Lopes, operations director of Redbelt, a specialist consultancy in cyber security, traditional tools give false impression of protection. The company, for example, recorded a 200% increase in the number of workshops held on the subject for its customers in 2018.
"Recurring in-house training, workshops and communications are tools as powerful as a phishing test, for example, as well as being much cheaper. Unfortunately, many companies have not yet addressed this, "said Lopes.
A recent study by Proofpoint, conducted with the participation of more than 6,000 professionals from different sectors and positions in six different countries, showed that 33% of those interviewed did not know or did not explain what phishing was. About 64% also did not know what was ransomware and 32% about what was malware.
In the question: "If you are in a place known as an airport or hotel, is it correct to say that you can rely on the internet available in these places to access and keep your data secure?", The response was positive for about 40% of interviewed.
The expert points out that, often, trust tied to traditional security tools (firewall, antivirus) ends up becoming a big problem. "With them, many professionals believe that all threats will be identified and corrected, and this is not true. So, basic information security activities such as applying best security practices to operating systems that do not require tool investments ( ex: hardening), applications of security updates made available by the suppliers themselves (updates patches) and others are not being made or are not receiving due attention. "
Lopes also said that companies consider corporate applications as official communication tools, and in such cases, the form of control and management is greater than unofficial applications such as Messenger (Facebook), WhatsApp and others. "We can imagine this situation as a vector of growth vs. risk. The greater the number of applications and digital media, the greater the exposure and the greater the risk. How to control what is being trafficked within WhatsApp chat or a Messenger? Today, the best way is still the direct and constant communication with employees - and the awareness of them - about these risks, "he added.