The human factor in cybersecurity describes the situations when the human error results in a successful data or security breach; they are the most fragile component for the security of any ICT infrastructure and imply the highest risks and threats for individuals and companies.

At Telefónica Tech Cyber & Cloud we have developed a definitive guide aimed at fighting disinformation and raising awareness to avoid a cyberattack in your company.

Spreading key concepts, highlighting common mistakes, and explaining good practices among employees, can help keep businesses more protected.

This article sums up the helpful content you will find in the guide to distribute to all employees of your company:

The extent of cyber threats: key figures 

• Human error is the leading cause of cybersecurity breaches. It was found responsible for 95% of them in 2021, meaning that, if the human factor were mitigated, only 1 out of 20 security breaches would have taken place.
  
• Misinformation and lack of awareness are usually the causes of this human error, which lead to large breaches or security incidents with millions of dollars in impact.
  
•  The compromise of files and data or the theft of credit cards are two relevant examples.

Cybercriminals have adapted to take advantage of this issue and perpetrate massive attacks related to COVID-19.

• Cyberattacks increased enormously during the first four months of 2021, according to a study by INTERPOL: 907,000 spam messages, 737 malware incidents, and 48,000 malicious URLs.
  
• INTERPOL Study also shows that 59% of the main COVID-19-related cyber threats involved phishing, scams, and fraud; 36% included malware; 22% contained malicious domains, and 14% involved fake news.

• These are alarming figures: a phishing attack costs large companies nearly $15 million a year on average; the cost of phishing in 2021 is more than three times its cost in 2015 (Ponemon Cost of Phishing Study, 2021). 

Cyber attackers are taking advantage of lockdowns, telework, and students connecting online to steal information by posing as companies, public entities, or universities. Cybercriminals know how to take advantage by attacking the weakest component of the security. 

Who poses a threat and why do they do it?

Identifying the attacker is very important if you wish to protect yourself effectively. The motive behind these crimes is different for each type of attacker: money, information, theft, eliminating competition, and having fun, are among the most common reasons.

This guide provides a list of the most common adversaries, including cybercriminals, hackers, hacktivists, organized crime, etc., and their reasons for posing a threat.

There are some cybersecurity concepts we should all learn to avoid a cyberattack

Fighting disinformation also requires learning the most common attacks, the characteristics of them that can prevent us from being deceived, and how to recognize each:

• Even if experts are on staff or are external cybersecurity consultants, leaders should have a solid understanding of cybersecurity basics, the company's posture, and potential risks - allowing them to make informed decisions.

• By developing cybersecurity knowledge, organizations can increase their ability to defend against cyber threats, embed a security mindset into their culture, and leverage security as a competitive advantage.
  

Data Exposure & Common Mistakes

Cybercriminals select their victims based on user information. Through digital footprints and social media, they obtain such valuable information. Users should be aware of the data they publish and the most common cybersecurity mistakes they make.

Good Practices & Recommendations

As a final point of this guide, we list the best cybersecurity practices that employees should always know and consider preventing fraud and scams and surfing the internet safely.

Misinformation can still be combated by cybersecurity awareness training, keeping software updated, and following good practices.

Read the full guide to keep your organization and yourself cyber-safe.