Digitalisation brings many advantages, but also increases the risk of a cyberattack. The number of such attacks is increasing exponentially every year. Phishing, hacking and blackmail – cyberattacks take various forms and affect not just private individuals. Increasingly, corporate networks are also becoming the targets of cybercriminals. Data theft, encrypted servers and ransom demands: the damage caused to company by cyberattacks can be huge. Small and medium-sized enterprises (SMEs) are generally protected less effectively against cyberattacks due to a lack of resources, in contrast with large corporations with a team of IT security experts working around the clock to prevent cyberattacks from succeeding. Almost half of all Swiss SMEs have already fallen victim to a cyberattack. When it comes to successfully tackling cybercrime, it’s all about ensuring awareness of IT security among each and every member of the company, each and every employee – as IT security is all about teamwork.
Over 90% of cyberattacks start with a human error
No weak passwords, no opening email attachments from dubious sources, no connecting unknown storage media to a business laptop ... In fact, many of the rules of conduct for avoiding cyberattacks have been heard before. Nevertheless, over 90 per cent of cyberattacks start with a human error. How come? Using the same password for personal social media channels and a business user account, seeing the prospect of winning millions by clicking on a link, an attachment with salary data supposedly sent by the CEO – the temptation can be great. More and more attacks focus on the vulnerability of the human aspect. “We actually soon know we shouldn’t be doing something. But as long as we’re not aware of the consequences of our actions or we feel too safe, we don’t change our behaviour. Modern security awareness therefore aims not only to impart the necessary knowledge, but goes a step further in attempting to change employee behaviour,” explains Marc Etienne Cortesi, Chief Information Security Officer at Baloise.
IT security – a culture of personal responsibility
But how can this awareness of cyber threats be raised among employees? “IT security concepts must incorporate the employee in their focus, so that a culture of personal responsibility can develop within a company,” Marc Etienne Cortesi continues. This can only work through awareness raising and training. Employees should understand the importance of protecting their company’s digitalised knowledge and the customer information and data they deal with on a daily basis – and how ensuring effective information security calls for everyone’s support.