Cybersecurity is a concern for Swiss companies
With an increase of more than 100% data theft during the first quarter of 2021, Swiss companies now attach great importance to the security of their information systems. This problem concerns Swiss companies, which is reflected in the increase in the number of job offers related to cybersecurity. These attacks typically target cloud services, including the most popular and well-known ones. This article presents the main operating methods used by hackers to steal information, as well as the means to protect themselves against it.
To counter this threat, ITTA offers training programs for your teams aimed at mastering skills specific to publisher products and their security-related features, but also all the main advanced offensive and defensive techniques.
A growing number of cyberattacks
Businesses and organizations of all sizes are adopting the cloud to facilitate their digital transformation. This allows them to increase the productivity of their employees, by facilitating exchanges.
Covid-19, a vector for accelerating the digitalization of companies
The pandemic due to Covid-19 has only accelerated the generalization of teleworking and the massive use of dedicated tools (messaging, videoconferencing, cloud, etc.). Cloud activity therefore experienced a marked increase, representing 53% of the company's internet traffic.
This is explained by a 20% increase in the average number of applications used, including applications with a poor score in the CCI (Cloud Confidence IndexTM).
Although many employees have returned to their offices, they continue to use their computers when they are at home. They perform various activities such as online shopping, home delivery requests, etc. All of this requires the use of public cloud services and therefore creates new opportunities for hackers.
Rise in fear among Swiss companies
In 2020, 9 out of 10 companies were the target of a hacker attack after more than 4.1 billion data were stolen only in the first half of 2019. These cloud-based cyberattacks have already been successful at MS Azure, Facebook, Capital One, etc.
In reality, no business is immune to a cyberattack. Swiss companies have understood this and are looking for safe ways to protect their information systems and to limit vulnerabilities.
Growth in Cybercrime
Interest from hackers continues to rise with an unprecedented increase in cybercriminals and a steady rise in the number of malware since 2020. This is why cybersecurity awareness is a priority topic.
The Rise of Malware
The number of cyberattacks increased by a whopping 154% in the second quarter of 2020. The number of malware detected more than doubled, an increase of 119.4% between April and May. This sharp increase is due to the fact that malware developers are improving rapidly over the years.
They are now able to create software able to bypass certain operating system restrictions and certain antivirus programs. These are mainly ransomware and adware (phishing) that collect personal company data. This data is then resold to other companies or on the Dark Web. Updates must be made to close security vulnerabilities.
Means used by hackers
To achieve their goals, hackers transmit files containing viruses (payloads) using malicious Office documents as Trojan horses (Trojan). This technique represents 27% of attacks using malicious files detected and blocked by the protection solutions available on the market.
These include backdoors/or backdoors (portals allowing hackers to enter and exit a network at any time without being detected over long periods of time) and ransomware.
Hackers also use other methods such as cloud phishing and spear fishing. Without putting in too much effort, they can, for example, send an email disguising ransomware and phishing attempts to millions of email addresses.
Certainly, most workers will not open it. But the risks for the company if one of the employees clicks on an attachment in this e-mail are very high. This is the case, for example, of the Swiss company DBS, which lost access to this data on December 2, following the opening of an attachment contained in an email. To overcome this problem, online training courses and continuing training courses are provided.
Solutions for optimal computer security
The best practices for ensuring good protection of data and users are as follows:
Training as the best solution
Training remains the best defense against this type of threat. Initially, it helps to understand the issues of computer security but also allows you to adopt good practices and use tools that reduce the risk of hacking. It is therefore up to the company to educate its teams and all of its employees about the risks of hacking. IT management must involve all staff in the fight against cyberattacks in order to raise the level of protection, so this very often involves cybersecurity training.
ITTA offers many certified and internationally recognized training courses. Training is provided by certified and experienced internal trainers but also by external specialists who will provide training in cybersecurity and data protection.
Strong authentication and access controls
According to the CESIN report, 18% of hacker attacks come from unapproved connections on the corporate network and 44% are linked to the use of unauthorized applications. It is therefore necessary for the company to set up good authentication methods (two-factor, for example).
This involves the use of at least three vectors: an identifier, an authenticator (reinforced password), a badge/certificate or a smart card and/or a biometric fingerprint.
According to the academy, the password giving access to an information system must contain at least:
- 8 characters,
- 2 uppercase letters,
- 2 lowercase letters,
- 2 numbers,
- 2 special characters.
Leaders should also opt for differentiated access controls for managed and unmanaged software. They should adopt adaptive access controls to grant access to specific activities selectively (by user, device…).
Using public cloud services can be dangerous
One of the most exploited vulnerabilities by cyberattacks comes from services public cloud insufficiently protected. However, the company is responsible for the cloud applications it uses, its data and that of its customers. It is therefore vital to carry out a continuous assessment of the security of the public cloud services used.
To check the robustness of the computer system, it is possible to call cybersecurity analysts, to simulate real cyberattacks on the company's cloud environment. This operation consists of checking whether there are any flaws in the security system. Different elements are checked such as cloud architecture, access control, user behavior…
These cybersecurity consultants analyze the results of the security audit and make it possible to measure the relevance of the actions carried out, to identify and reduce the configuration errors and vulnerability risks, but also to improve the company's cybersecurity.
But if the computer barriers put in place make it possible to detect and catalog the main threats to the computer security of the company, they do not do all the work. Lack of awareness among workers is a vulnerability that is widely exploited by hackers.