News and Insights

European Cyber Security Month: Raising Awareness of the Digital Threat

October 28, 2021

Phishing, credential stuffing, password spraying or ransomware – with increasingly sophisticated types of attacks, cyber criminals try to tap or manipulate data, a lucrative currency on the dark net. It is therefore more important than ever to protect critical systems and sensitive information by paying attention not only to mastering and defending against cyberattacks, but to raising awareness among employees, private individuals and decision-makers. Since 2012, October, as European Cybersecurity Month (ECSM), has been used to promote digital security and cyber hygiene across Europe.[1]

Increased attack surface

In the first two months of the pandemic alone, 90% more cyberattacks were reported.[2] Criminals have taken advantage of the often poor network security of distributed workforces in the home office.

In addition, multiple possibilities come from our increasingly connected societies and devices, the Internet of Things and 5G, such as smartphone payments and bank account logins from different devices and networks. These offer more gateways for cybercriminals. According to a study, 2021 saw the highest average cost of data breaches in 17 years.[3] Therefore, companies and individuals have to consider more and more consequences in order to protect vulnerable data.

Identifying dangers

Laced with personalised information and designed as authentically as possible, phishing emails are a common way to trick recipients into opening attachments or clicking on links that then activate malicious software. Often, this is ransomware, a software that can lock systems and encrypt data to then demand a ransom for their release.

In Germany, the damage caused by ransomware has more than quadrupled compared to previous years.[4] Phishing emails are becoming more convincing and identifying an email as phishing can sometimes require further investigation.

Meanwhile, credential stuffing is a method attackers use to try to gain access to user accounts via stolen data or insecure and repeatedly used password-username combinations. Password spraying is a similar form, where cybercriminals create or buy lists of common passwords from the dark net to compromise customer accounts.

All these forms of attack have something in common – they use the human factor to capture and compromise data and access.

Security depends on everyone

There is no one-size-fits-all solution for all threat scenarios. Of course, a lack of security tools or overly complex IT infrastructures are major threats to businesses, but security training and knowledge of potential entry points are crucial to being able to act and react in a security-conscious manner. It is important to educate oneself regularly, as hackers are always coming up with new ideas on how to use people as a gateway to capture data or introduce malware into corporate networks. Sharing best practices is also key to keeping up to date with the latest attack and defence methods, as is raising awareness among all players in cyberspace to ensure the industry becomes better connected and more secure.

[1] https://www.enisa.europa.eu/topics/cybersecurity-education/european-cyber-security-month

[2] https://world-at-home.tanium.com/

[3] https://www.ibm.com/security/data-breach

[4] https://www.bitkom.org/Presse/Presseinformation/Angriffsziel-deutsche-Wirtschaft-mehr-als-220-Milliarden-Euro-Schaden-pro-Jahr

POSTED BY: Nele Mascher