Sophos Technology – “It’s all good because nothing has happened yet” is the worst cyber security strategy

February 1, 2024

Safer Internet Day reminds companies and users how to do betterMaking the internet safe is a utopian dream, but everyone can shape their own behaviour when using the internet so that it is as safe as possible. For this reason, Safer Internet Day on 6 February is a good opportunity to put your own actions and those of your company to the test.

Sophos Technology – “It’s all good because nothing has happened yet” is the worst cyber security strategy
Safer Internet Day reminds companies and users how to do better
Making the internet safe is a utopian dream, but everyone can shape their own behaviour when using the internet so that it is as safe as possible. For this reason, Safer Internet Day on 6 February is a good opportunity to put your own actions and those of your company to the test.

One important aspect of secure Internet use is also one that nobody really likes: passwords. And yet passwords are one of the best protection options for every user and every company. By preventing unauthorised access to computers, networks and applications with good passwords and two-factor authentication or even more advanced technologies, cybercriminals are unable to break in, extend their privileges and ultimately activate ransomware or steal valuable data.

“Although hardly anyone likes creating, managing and dealing with passwords, every company and every internet user knows that they are enormously important, despite being a nuisance. However, we see even large organisations being compromised due to poor password management or lax handling. Using good passwords for every website, in conjunction with other additional authentication methods, is still one of the best ways to protect critical access and the organisation,” notes Michael Veit, security expert at Sophos.

Not just conjecture, but fact

Statements such as “everything will be fine” or “these are not important accounts” or “I don’t have time to worry about password security right now” are often the cause of fatal consequences in the company. In its X-Ops’ Active Adversary Report, Sophos found that in 2023, compromised access data was the main cause of attacks resulting in data theft and/or ransomware attacks for the first time, accounting for 56 per cent. This is an increase of 26 per cent from 2022 to 2023.

Simple but effective safer internet tips for users

In addition to good password practice, it is important to say “no” and refuse to provide information. Just because a web application wants to know your birthday or other seemingly unimportant information, for example, does not mean that this application actually needs the information or even has a right to it. What is not disclosed on the Internet can neither be passed on nor misused. Therefore: Do not provide any information, no matter how harmless, and do not click on links that you do not know or need. It is also important not to use any unknown and potentially dangerous apps and to always keep the apps you need up to date. And in general, the default setting of treating anything you don’t recognise as potentially suspicious or malicious until proven otherwise would be an advantage.

Safer Internet tips for companies

Companies that operate a website and may even have integrated payment services or customer management solutions should check it for security. If the resources or expertise required for this are not sufficient, external experts are available to independently check what is well set up and secured and which security problems urgently need to be rectified. Because one thing is certain: cyber criminals test the security of every server and every website for vulnerabilities, sometimes in a highly automated manner.

Many people who used to use the internet at work just to read the news or check emails now use it on a daily basis in a variety of ways – including to collaborate with colleagues they may know less well or not at all. This now common way of working opens the door to cybercriminals for fraud and social engineering. This is why companies should regularly train their employees on the current dangers and, above all, on safe online behaviour. It is important that they recognise fraud attempts on their own, do not follow them and report them to the relevant internal departments.

Traditional security is good, but it is not enough. Cyber criminals have the means and tools to exploit vulnerabilities that they discover in unknown network and IoT devices or in the IT supply chain, for example. A high level of security is possible if all security solutions are integrated into an intelligent and AI-supported ecosystem and continuously combined with human expertise. Security services that use threat hunting to guarantee a rapid response to suspected cases or attacks help to avert the damage caused by cyber criminals in good time.

Trust is good, control is better

Virtually no company today can rely on security within traditional IT perimeters. There is no longer a single corporate network. Instead, the network spans wide areas of the internet, including the cloud and the entire IT supply chain or SaaS services. Companies should take this into account with an expanded strategy and look for solutions that secure far more than just their own servers and workstations with firewalls and endpoint protection. Zero Trust methods and Network Detection and Response (NDR) in conjunction with highly specialised external security services will meet these new requirements.

With this in mind: Happy Safer Internet Day!

Related Articles

Smart Cities market predicted to top $1,100 billion by 2028

Smart Cities market predicted to top $1,100 billion by 2028

The adoption of smart cities has witnessed a remarkable surge in recent years, driven by advancements in technology, growing urbanisation, and increasing recognition of the benefits of smart solutions.  This market is, according to the latest research from...

One year of Cell Broadcast in Baden-Württemberg

One year of Cell Broadcast in Baden-Württemberg

Minister Thomas Strobl: "The last 12 months have shown that cell broadcasting enables us to reach a large number of people quickly and easily in an emergency" "In the event of imminent danger or damage, it is crucial that we warn the population and give people...

Share This