Cybersecurity - People are the No. 1 point of attack

Global crises, geopolitical challenges, the COVID 19 pandemic - the past year gave us no time to catch our breath. And unfortunately, we also had to observe dramatic developments in the area of information security. After all, cybercriminals were not long in coming up with attacks when it came to exploiting the dynamic social context for their unscrupulous intentions. In addition, there is an increasing professionalization in the field of cybercrime.

Organizations now face an innovative dark economy where cybercrime-as-a-service is the common business model. Tactics are evolving almost by the minute. The IT landscape is also becoming more diverse: hybrid ways of working have brought with them new communication channels that open up additional entry points for cybercriminals to launch treacherous attacks on enterprise systems.

The interface between man and machine remains the number one entry point - more than 85% of all attacks start with the human factor. This is not surprising. Because the people behind the screens can always be attacked in a similar way, even when using the most diverse tools - via emotional manipulation.

Supply chain and ransomware attacks in particular - and we have had to observe many more of these in the past year, in addition to impressive cases such as Kaseya and Kronos - often start with phishing.

But what such incidents also show: Employees are an active part of the solution to the trillion-dollar problem of cybercrime. If they know how to deal with and avert the threats, they proactively protect their organizations from costly incidents. To avoid being overwhelmed by the innovative power of cybercriminals, organizations should therefore focus on awareness measures based on behavioral science. As dramatic as the situation is in many respects, it does bring one positive change: information security is finally getting more attention.

The rise in cybercrime is increasing security budgets, and organizations can protect themselves more effectively. Now is the right time to confront professionalized cybercriminals - and to ensure the protection of data and systems by minimizing human security risks.

(machine translated)