What is Cyber Awareness Month 2022 and why you should be aware
Why Cybersecurity is Important
The main themes of this year’s cyber awareness month are phishing and ransomware. These are still amongst the biggest cyber security threats in 2022. In fact, according to the European Union Agency for Cyber Security’s latest report on the cyber landscape, between May 2021 and June 2022 roughly 10 terabytes of data were stolen each month across Europe by criminals. To put this into perspective, just 1TB is equivalent to 83,333,333.33 word document pages.
Despite a general perception that cyber criminals are only targeting larger organisations, phishing and ransomware attacks are also among the most common cyber incidents SMEs are likely to be exposed to.
Improving user awareness is therefore very important in reducing the risk and limiting the damage of an attack.
What is Ransomware
A ransomware attack typically involves malware, which is malicious software that encrypts an organisations data and is often delivered through an email attachment or link, commonly known as phishing. The attacker will then lock access to the victims systems, files and data until a ransom is paid. Commonly ransomware also involves the exfiltration of organisation data. We advise that organisations do not pay the ransom; not only does this not guarantee you will get your data back, but you could still be infected and will also be funding criminal activity. To find out more about ransomware and how to respond to an attack, visit our blog here.
What is Phishing
Phishing attacks are malicious emails posing as genuine emails that attackers use to try to trick individuals into taking action, such as clicking a bad link that will download malware, or direct them to a dodgy website.
Phishing can be conducted via a text message, social media, or by phone, but the term 'phishing' is mainly used to describe attacks that arrive by email. Phishing emails can reach millions of users directly, and hide amongst the huge number of benign emails that busy users receive. Attacks can install malware (such as ransomware), sabotage systems, or steal intellectual property and money.
Phishing emails can hit an organisation of any size and type. You might get caught up in a mass campaign (where the attacker is just looking to collect some new passwords or make some easy money), or it could be the first step in a targeted attack against your company, where the aim could be something much more specific, like the theft of sensitive data. In a targeted campaign, the attacker may use information about your employees or company to make their messages even more persuasive and realistic. This is usually referred to as spear phishing.
Simple Steps to Spot a Phishing Email
However, there are many simple steps which organisations can take to strengthen the human firewall and improve employee’s knowledge to make them more cyber aware spotting the red flags of a phishing attack.
Ask yourself, does the email;
Sender look genuine? (Click on the sender’s name to reveal)
Contain a link? (Hover over to revel the true destination)?
Seem unusual?
Ask for sensitive information?
Express urgency?
Use poor spelling and/or grammar?
Look too good to be true?
The benefits of improving cyber security awareness across your organisation
Unfortunately, often the weakest link in your cyber defence is human error with 80-90% of successful cyber-attacks involving a phishing email. A successful cyber-attack will cost an organisation time, money, resource, and reputational damage, which can be extremely difficult to recover.
Building the cyber awareness and confidence of individuals can be the critical factor in protecting a business from attack.
By strengthening your employee cyber security, you are reinforcing your organisation’s ability to operate, protecting yours and your customer's reputations and building trust with loyal brand conscious customers and suppliers. A cyber security framework is one of the best investments you can make for your organisation to operate and grow securely.
For more information and guidance on cyber security head to our resource and video section here.
Or for more information on PureCyber awareness training services see our Training information here.
For more information please email info@purecyber.com'