The importance of cybersecurity awareness and training

Today we are operating in a digitised world, both in our work and personal spheres, which provides an ideal environment for “cybercriminals” to profit from their illegal activities online.

To put this in context, according to the National Institute of Cybersecurity (INCIBE), via the INCIBE-CERT (Security Incident Response Centre), over the course of 2020 133,155 cybersecurity incidents were managed, of which 106,466 were directed at citizens and companies, 1,190 at strategic operators, with the risks that this entails, and 25,499 at the Spanish Academic and Research Network (Source: www.incibe.es published on 23/03/2021). And this does not take into account the cyberattacks that were not reported to the INCIBE.

To give a more recent example, at the start of 2021, a year marked by the Coronavirus pandemic, the public administration suffered attacks aimed at paralysing the provision of such critical services as the SEPE (State Public Employment Service) making it impossible for citizens to access their benefits or job offers.

In this regard, we should bear in mind that none of us are immune to online attacks and extortion and for this reason training and awareness in cyber security should be a strategic requirement in any organisation. We need to be aware that we, as users, are the weakest link in the management chain. We only need to consider everyday situations where users don’t know they are being attacked, such as recognising the legitimacy of an email, suspicious requests for recipients’ bank details (email, password, PIN number), offers of free products to gain users’ trust or using external devices (USB, hard drives) without taking the necessary precautions, with all the risks this could entail.

This weakness is well known to cybercriminals who take advantage of the lack of awareness or training in cybersecurity among users to focus their attacks and continually improve their methods, so if we know how to detect and act in the face of these deliberate attacks, we can prevent worse problems.

Within this framework of action, organisations play an important role in raising awareness and training users that will have benefits not only in the work environment but can also be applied in our personal lives.

Alongside the security measures established by organisations, such as firewalls, putting antivirus and anti-malware systems in place, encoded connections, and backups that the general user is not aware of, there are two specific actions that impact the end user and that are hugely important when it comes to preventing cyberattacks. These are:

• Cybersecurity training: Attending training courses specifically about security addressed at different profiles, training workshops for staff members, participation in security events, and ongoing contact with specialist providers, etc. This type of training is aimed at specialist professionals (CISO, CIO, Systems Managers, etc.) within the company, who, to a large extent, are responsible for applying the security measures within the organisation to prevent attacks.
• Cybersecurity awareness: Periodic information capsules for staff giving examples of the most common attacks, planned tests on cyberattacks to verify the level of awareness among staff. This awareness-raising is aimed at the general public with no need for any advanced technical knowledge, and its goal is to plant the seed of awareness around security.

Generally speaking, if we step up these lines of action within our organisation, we will boost the protection of our business infrastructure and information systems, as well as transferring this to our personal lives since, at the end of the day, cybersecurity is a problem that affects us all and only by working together will we be able to detect any potential attacks early and take actions to prevent them.

At GlobalSuite Solutions we provide the help required to meet the needs of any organisation with our cybersecurity solutions and by carrying out online and in-person courses, tailored to each organisation, with the aim of training and raising awareness among your organisation’s human resources to bring about substantial improvements in security. In this regard, we support your organisation in managing security with GlobalSuite®, a GRC platform (Governance, Risk and Compliance) where you have access to the information needed to monitor and establish continuous improvement actions within your organisation.