For an increasingly dark web, the only defence is quality training: here are our best practices.

Security Awareness
24 April 2022
best practices

Our best practices for a more secure 2022

Cyber attacks are the world’s most dangerous weapon. JP Morgan did not hold back on 16 December at its International Council. At the annual conference of the European Systemic Risk Board, Christine Lagarde spoke of cybercrime as the greatest threat to financial stability. Knowing your best practices is key.

The study produced by IBM security, Cost of a Data Breach Report 2021, showed that in the last year, cyber security attacks led to the highest costs ever associated with data breaches in the report’s 17-year history, with an average of $4.24 million per incident. According to the study, this escalation is mainly due to the reorganisation of remote work following the pandemic.

Which are the victims of the main cyber attacks

In 2021, Italy suffered 5,434 significant cyber attacks against IT services, critical infrastructures of national interest, sensitive infrastructures of regional interest and large enterprises. Such numbers come from the study of the Postal Police, Cnaipic, the National Cybercrime Centre for Infrastructure Protection. It also issued 110,524 security alerts on possible cyber threats and received 60 requests for international cooperation.

Same numbers apply to financial cybercrime. In 2021, there were 126 cyber attacks on the financial systems of large and medium-sized enterprises. Suche number result in a total of more than 36 million euros stolen.

Known techniques, but still very effective  

We witnessed and increase of 27% of phishing, smishing and vishing in Italy. This resulted in a total of over 18,000 cases of theft of home banking credentials, credit card numbers and private keys to cryptocurrency wallets: 781 people have been investigated for such crimes.

Furthermore, in the first 11 months of 2021, the total number of targeted ransomware attacks increased by 81%, compared to the same period in 2020.

These are scary figures, but they should not take us by surprise. After all, already a year ago, in January 2021, the World Economic Forum’s Global Risk Report in Davos revealed that cyber risk is one of the ten greatest dangers to the planet and its greatest nourishment lies in the unpreparedness of users and especially businesses.

There is a solution, and it has only one name: training.

3 best practices of Cyber Security Awareness

We believe that a Cyber Security Awareness course should be part of every good business resolution for the new year. An effective and engaging training course capable of truly securing data and economic resources. In this regard, we have selected three good practices to start 2022.

1. Involve all staff in the fight against cyber crime

In every company, employees are key to stopping the spread of cyber attacks.  It is they who are most likely to fall for increasingly ingenious scams, opening the door to cyber crime. Phishing, stolen credentials, social media scams, and so on, can be just the beginning of a bigger nightmare.

Making Cyber Security Awareness training a priority, so that everyone in your company can acquire a real culture of cyber security, is therefore crucial. Training will be necessary for all employees, from the low tier to top management, to prevent even one click from causing serious damage to everyone

2. Prioritise automated Cyber Security Awareness training courses

The automation of Cyber Security Awareness training programmes must be considered a key element. This ix fundamental for effectively conveying targeted and quality content. Automation doesn’t only mean to benefit from the analysis of all the metrics needed to optimise training, but also having all the automatic tools needed to encourage participation and involvement of all users.

It is therefore essential not to underestimate the importance of automation. Automation ensures maximum training effectiveness in training the awareness, responsiveness and resistance of individuals and organisations to cyber attacks, with minimum organisational effort.

3. Choosing continuous training to maximise investment

Continuous training is characterised by the distribution of the entire training course in micro sessions. This learning technique is among the best known and best known in the field of memory science. It is called the “distributed learning” technique, commonly known as the “spacing effect”. It consists of diluting the time spent studying by breaking it up into several micro sessions rather than concentrating it in one or a few longer sessions. The effect is a greater capacity to learn and retain knowledge in the memory, which can even double in certain situations.

Safeguarding investment in training therefore means avoiding classic training methods concentrated in a few long sessions, and favouring more effective methods instead. In order to train the entire workforce to recognise and manage cyber attacks, it will be crucial to use learning techniques and methodologies that are recognised as being among the most effective and reliable.


Articoli correlati

Digital Operational Resilience Act (DORA)

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is a EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and...

read more