‘2022 is just beginning and we have already seen some major ransomware attacks.
This is the word from Fady Younes, cyber security director: Middle East and Africa at Cisco, who adds: “With the new hybrid way of working, we all need to adapt our security mindset. Everyone needs to help reduce risk and contribute to a culture of cybersecurity.’’
How does a ransomware attack work? Slowly. Weeks and even months before, the hackers sneak into the system to gather information, moving around the network undetected. There are many technical methods for detecting attacks, for example a permanent assessment of the network, using artificial intelligence to search for anomalies and detecting infected endpoints long before the damage is done.
According to Cisco Talos, attacks via e-mails, via tactics such as compromised links and attachments, have increased in 2021 and will remain a source of danger in the current year. Despite advanced security technologies, people remain the most important factor in reducing the risk of cyber attacks – in day-to-day work, but also in the IT teams who use their experience to anticipate risks and dangers.
How can people act to stay safer from attack?
Stay alert and cautious
Pop-ups are not friends. Links may lead to a fake site. Attachments can be false promises and allow digital criminals to enter the corporate network.
Pay attention to hassles received on the PC or smartphone, because there are numerous methods to seduce you. Perhaps the promise of a discount, a refund or a mail that says it’s waiting for you can seem enticing?
Today, such forgery isn’t even limited to email. In principle, you should not trust SMS messages either. And of course, you should be careful with company information.
Reputable people and companies will never ask you for sensitive information like passwords.
Use unique passwords and a second device
A long password is better than a short one. An incomprehensible password with many special characters and digits is better than a word. It is important to have a different password for each app and web service rather than always using the same one.
And perhaps the single most important thing you can do, is to deploy multi-factor authentification such as Duo. This means a second device is needed to confirm that you are authorized, usually the smartphone.
Only install apps from safe sources
Do not install any games, themes, wallpapers and other supposedly performance-enhancing magic fixes on devices used for business purposes – and certainly not an app that comes from some nameless developer from the furthest corners of the internet.
Only use the official app stores from Apple, Google or the smartphone manufacturer. While there may be malware there, the risk is far less than loading installation files onto your device from other sources.
If you absolutely need a specific app, check with your IT department.
Update, update, update
Software always contains vulnerabilities – one problem is those that are known and exploited. Digital crime immediately pounces on it. Security-conscious and responsible manufacturers disclose weak points and close them in a short time.
This is how Cisco handles it for all products. Safety processes are essential for product quality. These must already be integrated in the product design. For the user this means: Always update your software as soon as an update appears.
Do not circumvent security measures
Security can be uncomfortable. For this reason, many employees repeatedly circumvent existing security measures and, for example, go online with their company laptop without a VPN via a public Wi-Fi hotspot. “That’s a serious mistake,” says Younes. ‘’Never try to circumvent existing IT security precautions. Convenience plays into the hands of cybercriminals.”