When it comes to creating a solid security culture and working effectively with cyber security, knowledge is key. Successful cyber security and focusing on the right things requires a comprehensive understanding of how a cyber attack can happen.

Attacks are often carried out using a two-pronged approach known as social engineering, targeting IT technology while also exploiting human factors. Attackers often have a good idea of how things work at the company they’re targeting.
They tend to make use of one or more vulnerable areas in a company’s technical security set-up that lack up-to-date protection, in order to access the IT system. They can then try and get an employee to trigger a technical weak spot, for example by clicking on a link in an email, taking them to a website or using unauthorized USB memory sticks.

The person carrying out the attack can also exploit the fact that the company is not protecting its information properly. Here are a few examples:

  • The company’s network may have an inadequate level of protection, for example, they lack the tools to make their web browser less vulnerable to attack
  • Communication channels such as chat sessions, mobiles and email do not use encryption or logins, which makes it easier to get at information
  • Encryption is not used on computers, mobiles, USB sticks and other devices, leaving them unprotected if stolen or lost.
  • Authentication methods may not be sufficiently robust. For example, weak passwords are a common risk.

The attacker can also use the fact that employees are consciously or unwittingly careless about how they handle sensitive information. For example:

  • If employees store and handle sensitive information on mobiles that are not secure.
  • If they handle sensitive information using private email accounts or in unapproved cloud services that are not sufficiently protected.
  • If they are careless about their passwords and, for example, are conned into revealing them to unauthorized persons over the phone, or they have written them down somewhere that is not secure. Then it’s easy to use them to get into the company’s IT system.

Protecting yourself is about being aware of the threats and risks and deciding what information most needs protecting. Once you’ve done this, you’ll be able to make smart choices and take appropriate action. It’s important to remember that technology only solves part of the problem. Ultimately the best way to protect your data is to provide training for everyone in your organization to make sure they are security-savvy.

Feel free to add your thoughts on this subject in the comments field. Cyber attacks can come in many different guises, which is partly why cyber security is so challenging and fascinating. Here at Combitech we’ve taken on the challenge of sharing knowledge about #CyberSecurity and raising security awareness in Sweden.
For example, one in three companies or organizations in Sweden have not ensured that everyone is aware of their security policy. We want to change this.