Michal Sosinka, Cybersecurity Manager at Capgemini Poland
The recent hacking attack on CD Project not only in Poland has raised numerous questions about the principles of cybersecurity, and especially about securing business against cyber attacks, as the damage there can be particularly severe. Good to remember that in the era of remote working and the increasing frequency of being in cyberspace, every user should know cyber threats. The basic rules of cybersecurity are summarized by Michal Sosinka.
What companies should pay attention to in terms of security in cyberspace?
First and foremost, it should be noted that everyone today is at risk of a cybersecurity breach, so companies should adopt a long-term, frequently updated strategy to maintain security in the digital environment. Entrepreneurs should continuously analyze what is happening in terms of cyber attacks in the context of their business, conduct a risk and threat landscape analysis depending on the specifics of the business and the particular business environment.
It is very important to prepare a business impact analysis and create a business continuity plan that assumes the ability to restore infrastructure in the event of an attack. These plans should assume several crisis scenarios, analysis of probable attack vectors, and to a large extent help the company to come out of the problem defensively in case of a cyber threat.
Certainly, some of the most vulnerable companies are those, which base their business model entirely on IT systems, e.g., they create software – their specificity is different from organizations, for which IT systems are supported for business operation. However, a general guideline for all and a key rule is to keep the cyber hygiene. The critical issues for cybersecurity are: to update software and IT infrastructure, two-steps account authentication, and in the case of large companies, also protecting the identity of people who have administrative accounts. The more publicly available data about the user, the vector of attack is the greater, also when it comes to private individuals.
It is also important to raise awareness of cyber threats among all network users in the company, and it is important for employers to provide cybersecurity training to their employees to educate them on the most common forms of cyber attacks and how to protect themselves.
How can individual users protect themselves from cyber-attacks?
To ensure our cybersecurity, we should remember to keep the software on our computers and smartphones up to date, not to click on links from untrusted sources, and in the case of a potential phone attack, we should always verify who is calling and never give out sensitive data over the phone or in an email response to an unknown person. We should use unique and strong passwords for our accounts, and two-step access authentication is highly recommended. It is also important to use legal software and verified anti-virus programs. Importantly, the amount of information that individuals share online should also be as limited as possible to maintain security.
Will cyber attacks recur?
With the level of complexity and haste that has become part of our reality, it is increasingly common for systems and software to develop vulnerabilities. The number of systems that communicate with each other is constantly growing, they are becoming more complex, there are more and more users and end devices (smartphone, laptop, tablet) and as a result, it is increasingly difficult to keep up with providing security. Hackers often operate in large organizations, functioning almost like traditional companies, with very large budgets. It’s estimated that cybercriminals will gain $6 trillion worth of loot annually in the coming years. AI is helping each side, but it only takes one weak point for hackers to launch an attack, which is why we need to put special emphasis on security solutions and user education today.