People power: how clued-up colleagues are one of your best defences against cyberattacks

October is Cybersecurity Awareness Month around the globe. Yet different regions mark the event with different themes. In the US, ‘Secure Our World’ is the mantra, while European businesses and individuals are urged to ‘#ThinkB4UClick’.

And that is very much on the money, as far as Kore Labs is concerned.

Because good cybersecurity tends to be powered by people as much as technology. In this age of attacks on both digital systems and human trust, it’s essential to create a culture in which everyone within an organisation sees this challenge as their responsibility.

Let’s look at some of the issues.

Risks facing financial institutions are growing

Research by security specialist Vade found that scammers sent 1.76 billion phishing URLs in 2023, the highest annual amount ever recorded. And the five brands most impersonated by fraudsters were Facebook, Microsoft, Credit Agricole, Orange and Softbank.

This reminds us that financial institutions are well and truly in criminals’ sights - and that none of us working at the intersection of tech and financial services can afford even a nanosecond’s complacency.

It’s also why the European Economic and Social Committee and Committee of the Regions made the issue of impersonation a major focus in the opening events of European Cybersecurity Month 2024, highlighting the rise of social engineering cyberattacks.

These are attempts to trick people into sharing information by posing via email or online message as a boss, colleague or friend. Such scammers prey on busy people, hoping that a lapse in vigilance late at night or at the end of the week will yield results.

According to a UK Government business survey, during the winter of 2023/24 84% of breaches were phishing scams, followed by impersonating organisations in emails or online (35%) and then viruses or malware at 17%.

The research also found that 74% of large businesses questioned had experienced cyber security breaches during this period.

Why culture eats technology for breakfast

As we’ve seen, the threat is real and requires all organisations to make cybersecurity a top priority. This issue is to financial services what safety is to aviation.

Cyber hygiene best practices include using up-to-date malware protection, restricting admin rights through admin user interfaces, multi-factor authentication, network firewalls and agreed processes for phishing emails. Regular penetration testing is essential too.

It’s also important to seek ISO 27001 accreditation, as Kore Labs has achieved. This will help your business to benchmark its security processes against the global standard.

Yet despite all these important measures, successful cybersecurity always comes down to the human mindset.

Which is why it’s worth considering initiatives such as cross-departmental cybersecurity champions to keep teams up to speed with current best practices and the latest threats – in addition to continually reminding people of their responsibilities.

Alongside this, it’s vital to understand your clients’ approach to cybersecurity, as this will help to identify risks at the interface between your business and theirs. This applies to all companies – even if you’re a growing FinTech scaleup working with some of the biggest names in the financial services sector.

By spreading awareness of cybersecurity risks, we can all do our bit to keep our businesses and our clients safe.

Sources: https://www.vadesecure.com/hubfs/Ressource%20Marketing%20Website/eBooks/Phishers%20Favorites%202023%20Year%20in%20Review/Vade-Phishers%20Favorites%202023-EN.pdf

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024