"Hackers have gained access to your data." How would you react to such an email?

Digital transformation: the last year has turned this buzzword into a reality for many companies when it comes to the everyday use of digital resources. However, the acceleration of change is also bringing new challenges and risks for companies and their employees. But are they ready?

Research from Canalys found that investment in cybersecurity outpaced other segments of the IT industry in 2020, growing by 10%. This shows that companies are increasingly looking to protect their valuable digital assets by implementing advanced security solutions. However, almost four-in-ten companies (38%) experienced a targeted cyberattack last year. Human error remains a vulnerability that must be closed in order to further increase security.

Different variants of phishing emails, that signal acute danger by using messages such as, "hackers have access to your data", or that promise advantages with phrases including, "your voucher is ready for you", are just some of the risks. Global Kaspersky research found that about four-in-ten (39%) respondents said they had come into contact with ransomware in the last 12 months. More than half (56%) of ransomware victims paid the ransom to restore access to their data during this period. In light of these findings, organisations need to ensure that their employees are aware of the proper response to digital security incidents, especially as home working increases.

Cases of paying a ransom among users who experienced ransomware infection, by age breakdown

A study by Kaspersky on the topic of corporate doxing shows how companies are now also targeted in this way, because their confidential information can be just as sensitive as the personal data of an individual. In February 2021 alone, Kaspersky recorded 1,646 unique Business E-mail Compromise (BEC) attacks. Such cyberattacks pose a major financial and reputational risk to businesses through extortion or disclosure of data.

Companies can only protect themselves against this if their employees know the different types of cyberattacks, what to look out for and how to react correctly when they encounter them. Security and awareness training, preferably consisting of small units, knowledge tests and simulated attacks, as well as gamification approaches can help to motivate employees in the context of training. In this way, playful techniques can lead to an individually scalable increase in knowledge. Regularity of training can also actively combat the ‘forgetting curve’ and contribute significantly to the successful management of digital security risks in the enterprise.

“The home office has become part of the organisation. These home computers will become one of the prime targets for attackers in 2021. Those employees who have access to valuable information will need increased protection. It is also important to provide them with an IT security awareness program,” warns Veniamin Levtsov, Vice President of B2B Solutions at Kaspersky.

Here are five recommendations to minimise the likelihood of confidential data being stolen and therefore the risk of a corporate attack:

1. Ask your employees to be vigilant about convincing but malicious emails and always be aware of privacy precautions within all apps and services.
2. Set a strict rule to never talk about work-related topics in external messenger apps outside of official company messenger tools, and train your employees to adhere to this rule without exception.
3. Support your employees in sharpening their knowledge of cybersecurity topics. This is the only way you can effectively counter the social engineering techniques that are aggressively used by cybercriminals. To do this, you can use an online training platform such as the Kaspersky Automated Security Awareness Platform.
4. An employee who is well versed in cybersecurity issues can thwart an attack. For example, if they receive an email from a colleague asking for information, they will know to call the colleague first to make sure they actually sent the message.
5. Use anti-spam and anti-phishing technologies. Kaspersky offers several solutions of this kind.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.