Employee training, key to avoiding corporate cyber attacks

Having trained cybersecurity employees is the best protection companies can take to avoid cyber attacks like the US pipeline last week, as hackers are always trying to take advantage of the human factor.

Of all the technologies used for illegal access to an organization’s computer systems, phishing is one of the most common, and it is an English term used to denote sending emails to company workers pretending to be trusted senders.

Thus, the hacker manages to lower the level of recipient protection, unable to distinguish between fake email and real email – these are very complex plagiarisms, which perfectly copy company logos and aesthetics – the employee clicks on a link or downloads an email attachment and the computer infects the system with software Harmful.

It has not yet been revealed whether the Darkside hackers gained access to Colonial’s system using this method, forcing the company to halt operations for five days and creating a fuel shortage in the United States, but most experts consulted by EFE agree that it is one of the main possibilities. .

“Sometimes we think this is something that only happens to others, but it is something that can happen to anyone.”
Vasu Jackal,
MICROSOFT, Vice President for Security

The human factor is the weakest

“The technology is improving, but the human factor is always the weaker,” Rahim Bayah, dean of the School of Engineering at Georgia Tech and co-founder of cybersecurity company Fortiphyd Logic, says in an interview with EFE.

Beyah explains that another big problem with the human factor of cybersecurity is that people repeat the same passwords in multiple portals, for example on their professional accounts and in a social network.

Thus, if the hackers gain access to the data on the social network – which is a common goal of the hackers – they will instantly gain access to the professional account as well.

According to data provided by Microsoft, hacker attacks on computer systems occur at a rate of 579 times per second (the vast majority of them are unsuccessful) and every day 50 million attempts to access user passwords are recorded worldwide.

“I cannot stress it enough: you must not have complete confidence. We live in a complex environment and system failure is inevitable, but the effect of these failures does not have to be the same. You have to check everything, restrict access, etc. Microsoft Vice President for Security, Vasu Jakal, points to that, ”notes EFE.

Like Beyah, Jakkal stresses the importance of providing workers with the necessary skills and knowledge so that they are aware of the techniques hackers can use to gain their trust fraudulently, because an employee who knows how to distinguish between a phishing attempt and legitimate email can prevent a cyber attack on his own.

Everything that is “on the Internet” can be attacked

Sometimes we think this is something that only happens to others, but it is something that can happen to anyone, ”says the Microsoft executive.

As the recent pipeline attack demonstrated, it is important to remember that any equipment, object, or infrastructure connected to the network is vulnerable to penetration, from an alarm system to a smart toaster.

This attack could have been much worse. Operating systems have been closed as a precaution, but the next step will be to endanger the processes themselves, ”says the Dean of the College of Engineering, referring to the Colonial case, in which cyber criminals limited themselves to“ hijacking ”system data, but failing to control operations.

However, this cap is something totally feasible on a technical level, that is, for hackers to gain access to a large infrastructure, remotely manipulate their operations through valves, temperature and pressure controls, closing and opening gates, etc.

To prevent scenarios of this nature and the dire consequences they may have (hackers can threaten the physical safety of people), experts recall that cybersecurity is a “team sport” that requires the exchange of information, experience and training between companies, governments and individuals.