In an ever-changing digital landscape, staying one step ahead of cyber criminals is a challenge for companies. Yet there are still dangerous misconceptions. ‘The question is no longer whether you’ll be affected, but when,’ says Davy Heremans. ‘Many business leaders mistakenly believe they’re too small or not of interest. But SMEs are becoming an attractive and easier target precisely because large companies are investing heavily in security.’
As well as increasing in frequency, the threats are also becoming considerably more sophisticated. One key development is the use of artificial intelligence (AI) by cyber criminals. This allows them to generate highly convincing and personalised phishing emails on a large scale, virtually eliminating the typical language errors of the past.
Furthermore, new attack methods are constantly emerging in addition to traditional phishing emails:
- Quishing (QR code):
The use of fraudulent QR codes that direct victims to malicious websites in order to steal data.
- Vishing (voice):
Telephone scams in which criminals pose as trusted parties in order to extract information.
- Deepfakes (video):
Manipulating or impersonating individuals during online meetings in order to get sensitive actions or payments carried out.
These advanced and varied techniques are making it harder and harder for employees to spot an attack.
When things go wrong, the consequences are often serious. The most common incidents affecting SMEs are ransomware attacks, which can bring a business to a complete standstill. ‘An employee clicks on a malicious link and suddenly all the screens go black,’ Davy explains. ‘Criminals demand a ransom in exchange for an encryption key. We see companies needing up to six months to fully recover. Prevention is therefore crucial: the better prepared you are, the faster the recovery.’
Introducing a prevention culture is challenging due to factors such as:
- The ever-changing nature of the threats, which makes continuous training necessary.
- Differing levels of digital expertise
within the workforce.
- Staff turnover, with new, well-intentioned employees being a particular risk group.
By investing in awareness and prevention, you can turn your employees into the first line of defence rather than a weak link. In Part 2, you’ll find out how to strengthen that ‘human firewall’ with smart tools and targeted training.
