Cybersecurity header

Cybersecurity

What is Cybersecurity?

Cybersecurity is the practice of applying technologies, processes and controls to protect systems, networks, programs, devices and data from cyber-attack.
Cybercrime has grown to become a major challenge of the 21st century as one of the top risks related to data intelligence and business continuity.

Understanding the Modus Operandi of Hackers

Cyber-attacks pose a real threat to businesses and their IT systems. The following are different types of cyber-attacks:

  • Ransomware: Cyber extortion software or ransomware consisting in getting hold of or threatening to destroy personal data
  • Phishing: Tactics include deceptive emails, websites, and text messages to steal information
  • Spear phishing (aka CEO Fraud): Email is used to carry out targeted attacks against individuals or businesses
  • Baiting: An online and physical social engineering attack that promises the victim a reward
  • Malware: Victims are tricked into believing that malware is installed on their computer and that if they pay, the malware will be removed
  • Pretexting: Uses false identity to trick victims into giving up information
  • Quid Pro Quo: Relies on an exchange of information or service to convince the victim to act
  • Tailgaiting: Relies on human trust to give the criminal physical access to a secure building or area
  • Vishing (voice + phishing): Urgent voice mails convince victims they need to act quickly to protect themselves from arrest or other risk
  • Water-Holing: An advanced social engineering attack that infects both a website and its visitors with malware

Protecting Against Cyber Crime with a Cybersecurity Strategy

The four fundamentals of cybersecurity:

Antimalware and MDM (Mobile Device Management) : This first level of protection is essential. Antimalware or MDM solutions such as Windows Defender, Trend or Microsoft Intunes secure and control corporate or personal terminals and thus allow the effective application of a global security policy of the “Conditional Access” type, possibly based on MFA (MultiFactor Authentication) and other criteria such as connection times and locations for example.

Least privilege and separation of duties: The administrator accounts manage all of the company’s strategic IT assets, on premise or Cloud, hardware or software. As a result, these accounts, which oversee the corporate directory, must comply with certain best practices such as complex and renewed passwords, multi-factor authentication, segregation of duties and the principle of least privilege.

Cyber awareness program: To help build a culture of security in the workplace and foster a sustainable change in behavior on these issues. An internal security awareness campaign must be run to get all the company employees onboard. It is the sine qua non for significantly reducing user-generated risk.

IT charter: An IT charter also ties into the ISSP. It outlines the rights and obligations of users with regard to the Information System.

The risks associated with cyber-attacks are not inevitable but must be taken seriously by all organizations. Companies need to adopt strong measures and implement a robust cybersecurity strategy, which includes both cyber security software to protect infrastructures and awareness raising/training campaigns for employees. The latter are on the front line and are a prime target for cybercriminals. It is therefore important not to forget to include them in your strategy.

Have a project? Let’s talk!

* Please select one of these options:

* Required: