Attacks on cyber security are increasing drastically, in ways and numbers never seen before. From hospitality to transport, from public administrations to sport, personal and business data can be attacked anytime. The exponential growth of the quantity and value of data (code, text, images, infographics, videos, signals), directly corresponds to the importance of adopting cybersecurity.
What does cybersecurity mean, actually?
Cybersecurity is defined as the ability to defend the so-called cyberspace from possible hacker attacks and therefore focuses exclusively on aspects of IT security and protection of IT systems. On the first half of the last year alone, there were 757 cases of serious cyber-attacks, mainly coming from factors inside the companies and which hit many renowned victims on the international scene, too. But the escalation of risks and dangers related to data management affects all organizations, regardless of size and sector of competence. Cybercrime, activism, industrial espionage, information warfare, malware, social engineering and the most sophisticated APT and zero-day: the techniques and types of cybercrime are different, and therefore force companies to be on the lookout on several fronts.
The most common cyber-crimes? Malware, social engineering and…the human factor. In fact, it is extremely important to protect and secure hardware and software infrastructures but at the same time it must be taken into due consideration that a human error can, in a moment, frustrate years of efforts by breaking down even the most modern and sophisticated defense system with a single and reckless action.
Regarding the first two kinds of cybercrimes: malware are applications aimed at damaging the victim by causing malfunctions in the user’s devices so that information can be intercepted and files encrypted. This with the ultimate purpose of requesting a ransom for the stolen data.
On the other hand, social engineering is a cyber-attack technique based on the study of people’s behavior in order to manipulate them and steal confidential information. The procedure is based on human psychology and exploits the victim’s lack of knowledge and, in general, the vulnerabilities to obtain confidential data (passwords, current account information, financial information), extort money or even steal identities.
Many sophisticated techniques are also rapidly growing such as the Advanced Persistent Threat (APT), a refined technique in which the target is studied for a long time and requires the use of dedicated tools and malware: or the zero-day, a cyberattack which is capable of unknown or unresolved vulnerabilities.
What about the targets of cyber-attacks? A study by the Osservatorio Cyber Security & Data Protection determined that hackers mainly strike email and social accounts, eCommerce portals and corporate/ institutional websites; yet, in the next years critical infrastructures (electricity, water and telecommunications networks), Smart Homes/ Smart Buildings and connected vehicles are expected to become the most attacked targets.
Hence, two main considerations have to be taken into account. First, if you are a significant target, such as an institution or a critical company, it is purposeful being equipped to be able to detect signs of any kind of attack as soon as possible. To fight aggressive and capable hackers you need to have people with the same qualities in the team.
Second, if you are not a big target, it is good to equip yourself with the necessary tools to obstruct a possible attempt. And above all, it is essential to check that the standard remains constant over time, despite the evolution of tools and techniques. Especially if you are not a big target, it is important to stay on the lookout, because as everybody knows…hackers like easy winnings.