Cyber risk has become a major risk over the last few years, and today it has become a priority for many companies based on size and sector. From a regulatory standpoint, it’s an area that regulators and rating agencies around the world are looking at very closely. Cyber risk is now one of the top three international barometers of corporate risk: the number of victims of major cyber-attacks has increased significantly over the past few years.
With the increasing digitalisation of business activities, tools and processes, we are all at a greater risk of exposure, especially at a time when remote working is becoming more and more widespread. We must all play a part in our cyber security to make sure that we are protected.
Any breaches in a company’s IT system could have serious financial and legal
consequences, create compliance problems, or harm to their reputation.
What are the most common attacks that we have to tackle?
Ransomware is the most widespread type of attack, a form of malware that blocks access to information systems for several weeks, generating heavy financial losses. The vast majority of other cyber-attacks target company employees (CEO fraud, the use of fake bank details or suppliers, and fraudulent COVID messages). Leaking confidential data is another particular target: for example hackers extracted the data of 92% of LinkedIn users (700 million people!) and then put it up for sale on the dark web (the hidden internet).
All this data will definitely be exploited for attacks such as phishing.
We need to learn to recognize these attacks so we can improve our cyber resilience, which is why it is important to carry out tests on a regular basis.
How can we stay cyber safe in our daily work?
To stay cyber safe in our daily work, there are a handful of red flags you need to be
systematically alert to. For all types of attack:
- Be wary of suspicious messages (emails, texts, internet pages, etc.) that you are not expecting, that are unsolicited and/or contain a warning banner.
- Never click on links or buttons inside suspicious messages.
- Never open or download “unknown” attachments.
- Never reply to or forward an unexpected or unsolicited message.
- Don’t type your password when you are doing something else at the same time.
- If you are aware that it is a phishing email, do not enter any information – not even a false password.