Cyber resilience, the online protection of society and the economy, is one of the priorities of the European Union and every responsible country. However, for a healthy 24/7 operation, it is essential to adopt the rules of good behaviour from below. From individual segments, companies, their executives, to every single employee.
We talk about potential threats and proactive decisions with Zuzana Omelkova, Sales Director and Cybersecurity Expert at GAMO a.s.
How easy is it for a cybercriminal to hack an insecure entity?
How to enter through the open door. On average, 1 hour and 42 minutes is all it takes for an attacker to get into the rest of a company’s network after hacking one of the company’s devices. Meanwhile, the attacked company doesn’t even know it has an intruder who can surreptitiously ‘browse’ the system and not officially do anything. Over the following weeks or months, the company may not even notice that it has been hacked.
Have the methods of attack changed over the years?
Yes, they are constantly adapting to technological advances, changes in the digital environment and improvements in cyber protection. Cybercriminals are motivated to find new attack vectors and techniques to bypass security measures and achieve their criminal goals. But we also have exceptions that have persisted for decades. What has changed, however, are the tactics, the scale and the impact on their victim. This dynamic nature of cyber attacks highlights the importance of continuously updating and improving cybersecurity measures to protect against emerging threats.
What cyber-attack developments can be expected in 2024?
Predicting specific cyber-attacks in the future is difficult precisely because of the rapidly evolving nature of cyber security threats. However, a few general trends and types of cyberattacks that are likely to continue or emerge in the coming years can be predicted. One of the main cyber threats is still ransomware. Then there may be attacks targeting the growing number of Internet of Things (IoT) devices, quantum cyber threats that may have the potential to break current encryption algorithms. By leveraging artificial intelligence and machine learning, deepfake attacks and spear-phishing can be much more convincing.
How do companies know how to avoid them?
When an entity faces a breach it is not just an IT problem, but a serious company-wide issue. The first step to fully protecting the business is truly understanding the impact of a breach or attack on the business, as well as the value of a proactive cybersecurity initiative. With a proactive mindset, you can make the decisions necessary to fully protect your business.
We encourage everyone to keep abreast of the increasing demands: be it of cybersecurity legislation and standards, the evolution of IT technologies, or the threats themselves. The business success of any responsible company today is directly dependent on the level of security and crisis preparedness.
Moving from ground zero and becoming aware of one’s own vulnerabilities is often the hardest part. As a first step, it is important to know the extent of the threat at least in rough outline, i.e. to conduct at least a cyber resilience assessment and risk analysis.
However, according to statistics, 95% of successful cyber attacks are due to human failure. Is this where all the security is useless?
Certainly not. The deployment of a security solution is effective when it is supported by issue-aware employees with the ability to think critically and adhere to policies to protect corporate and private identity, and team leaders with the ability to assess risks and implement security measures based on them to maintain business continuity. In both cases, it is important to be vigilant, to notice the little things, and not overlook the details.
Raising teams’ cybersecurity awareness through training is part of a healthy company.
What can be understood by preventive protection in practice?
It is a preparation for what may come. We are dedicated to prevention and training so that we can protect ourselves from different types of attacks. The more resilient we are to these attacks, the less our data and information is at risk. In many cases, the analyses and tests carried out show that many of the weaknesses and vulnerabilities identified can be remedied without large investments, for example, just by regularly updating systems. Simply put: you just need to have a sincere effort and interest in tackling cybersecurity without being told to do so. Getting from a reactive approach to a proactive one.
What forms of protection does GAMO provide to clients?
We provide comprehensive services, environment and knowledge to adequately respond and resist potential cyber attacks.
Vulnerability testing is an important part of our strategy. Simply put, this involves scanning and systematically identifying weaknesses in company systems, networks and applications that could be exploited by attackers.
Subsequently, we implement security tools, take care of security monitoring, detection and response to incidents as part of the SLA service provided – all according to the customer’s needs, with expertise and experience.
Of course, a must-have is the initial analysis of the IT environment and the aforementioned training of rank-and-file employees, IT departments or team leaders.
Can the state of the resilient firm be sustainable in cyberspace?
Yes, it could, by following all recommended precautions plus keeping abreast of new trends. Cybersecurity specialists are not a guarantee that attackers won’t attack you, but are primarily experts in the risks they eliminate through security measures.
We therefore recommend everyone to keep up with the increasing demands: whether of legislation and standards regarding cyber security, or the development of IT technologies for more efficient production processes. Time and preparedness, these are the watchwords today, not only in cyberspace.
