REGISTRO DOI: 10.5281/zenodo.12594240
Almir Ferreira de Paiva
Abstract
In today’s digital landscape, new risks emerge every hour, exposing organizations to potential hacker attacks. Cybercrime has become a major industry, with cyber risk a top concern for organizations and governments worldwide. Without a robust cybersecurity plan, organizations face significant financial and reputational risks. Cybersecurity and data breaches are rising, affecting organizations of all sizes and sectors. The Hiscox Cyber Readiness Report 2023 indicates that cyber-attacks have been consistently increasing for the past four years, with a notable rise in incidents targeting small businesses. According to Statista, the manufacturing sector experienced the highest proportion of cyber-attacks in 2022, followed closely by the finance and insurance sectors. These incidents often involve the theft of sensitive information, leading to substantial financial losses for affected companies. Cyber literacy, defined as the ability to use computer technologies effectively while understanding the consequences of those actions, is crucial. This extends beyond knowing how to operate technology; it involves understanding daily-used devices and using that knowledge to protect data and avoid phishing scams. Despite widespread media reports on data breaches, many people have not improved their security practices due to ignorance, denial, or misunderstanding the importance of data protection. Studies show that 83% of cybersecurity incidents are due to human factors, highlighting that human behavior is a primary target for unauthorized access to technological systems. AI and machine learning can offer substantial support in cybersecurity by enabling rapid and efficient recovery after a cyber-attack. IT technical support plays a pivotal role by conducting comprehensive training programs for employees, covering cybersecurity basics, recognizing phishing attempts, creating strong passwords, and understanding the importance of regular software updates. A multi-faceted approach involving advanced technology, strict security protocols, and well-informed employees is crucial in mitigating cyber risks and protecting organizational assets.
Keywords: Cybersecurity; Cyber-attacks; Cyber literacy; Human factors; Data protection.
In today’s digital landscape, new risks emerge every hour. Connecting to the Internet exposes organizations to potential hacker attacks. Cybercrime is becoming a major industry, and cyber risk is a top concern for organizations and governments worldwide. Without a robust cybersecurity plan, organizations face significant financial and reputational risks. Cybersecurity and data breaches are on the rise, affecting organizations of all sizes and sectors. The Hiscox Cyber Readiness Report 2023 shows that cyber-attacks have been consistently increasing for the past four years, with a notable rise in incidents targeting small businesses, reaching up to 36%. According to Statista, the manufacturing sector experienced the highest proportion of cyber-attacks in 2022, followed closely by the finance and insurance sectors. These incidents often involve the theft of sensitive information, leading to substantial financial losses for the affected companies (JR. URSILLO, ARNOLD; 2023).
Cyber literacy is crucial and defined as the ability to use computer technologies effectively while understanding the consequences of those actions. This concept extends beyond merely knowing how to operate technology; it involves understanding the computers and smart devices used daily and using that knowledge to protect data, find information quickly, avoid phishing scams, and more. Despite widespread media reports on data breaches, many people have not improved their security practices, often due to ignorance, denial, or misunderstanding the importance of data protection (KONT, 2024).
Cybersecurity management encompasses processes, technologies, and people. While it is theoretically possible to develop highly secure processes and technologies, their actual security depends on the users. Studies show that 83% of cybersecurity incidents are due to human factors, highlighting that human behavior is a primary target for unauthorized access to technological systems (Yeng et al., 2021). The extent to which people use technology safely and follow security guidelines can significantly impact the security of these components. Individuals can unintentionally or intentionally compromise an information security solution, regardless of its perceived security. Therefore, many researchers agree that humans are the weakest link in information security.
From September to November 2022, 65% of the cyber attacks detected worldwide targeted organizations in the United States, a significant difference compared to Japan, the second-ranked country, which was targeted by about 8% of the attacks (Statista, 2022), as can be seen in Figure 1.
Figure 1: Share of cyber attacks.
Data protection, fraud prevention, and cyber attack mitigation are areas where artificial intelligence and automated systems can offer substantial support. Leveraging AI and machine learning in cybersecurity enables rapid and efficient recovery after a cyber attack. AI algorithms allow experts to promptly evaluate the damage and respond to cyber incidents effectively. Data protection, fraud prevention, and cyber attack mitigation are areas where artificial intelligence and automated systems can offer substantial support. Leveraging AI and machine learning in cybersecurity enables rapid and efficient recovery after a cyber attack. AI algorithms allow experts to promptly evaluate the damage and respond to cyber incidents effectively. It is in this scenario that technical support can act (BAGO, 2023). Technological advancements have been made to help counter cyber-attacks, requiring organizations to respond at technical, operational, managerial, and technical support levels. This includes network security, malware defenses, and data recovery systems (ALHAYANI et al., 2021).
While understanding cyber security aids in identifying malicious events, having situated knowledge about a particular network is crucial for making accurate detection decisions. Responses from participants knowledgeable in cyber security revealed their ability to differentiate between various types of cyber attacks, whereas novice participants were less discerning about attack types (BEN-ASHER, GONZÁLEZ; 2015).
Security measures are crucial for safeguarding the confidentiality, availability, and integrity of information systems against cyber attacks, aiming to prevent or reduce losses to assets. Evaluating the financial impact of threats on these assets is often challenging and can hinder the precise determination of which countermeasures to implemente (REES et al., 2011).
Technical support plays a crucial role in maintaining cybersecurity within an organization by implementing and monitoring various security measures. One such measure is maintaining user permissions and access control. Technical support must enforce strict policies to ensure robust user permissions and access control, which includes minimizing the number of administrator accounts and requiring users to change their passwords regularly. Programs that identify weak passwords should be installed to prevent the use of default passwords, thereby preventing brute force attacks. Additionally, system hardening is essential; regular vulnerability scans and port scans help identify and patch vulnerabilities by installing the latest service packs and blocking open ports. This prevents attackers from creating backdoors to access and control the system. Ensuring applications are updated to the latest versions also prevents attackers from exploiting them. Periodic penetration testing, conducted monthly, identifies system vulnerabilities that attackers might exploit, allowing technical support to coordinate and execute these tests to maintain system security (RATHOD, KULKARNI; 2020).
Furthermore, security awareness programs are vital in combating social engineering attacks. Technical support should properly train employees on the risks and methods of social engineering, continuously reminding them of possible attack vectors. Digital certificates play a key role in sharing public keys used for encryption and authentication, securing connections between web browsers and servers. Technical support must manage and implement these certificates to prevent tampering and impersonation. The Secure Socket Layer (SSL) protocol is also essential, providing a secure communication channel between web browsers and servers through authentication and confidentiality services. SSL uses RSA encryption techniques, including digital certificates. By ensuring proper implementation and maintenance of SSL, technical support protects online communications. By incorporating these measures, technical support not only strengthens defenses against cyber attacks but also establishes a robust foundation for the continuous protection of information and systems within the organization (RATHOD, KULKARNI; 2020).
Studies reveal that cybersecurity preparations and the number of trained employees are alarmingly low, while hackers are becoming increasingly sophisticated. This suggests that current methods of cybersecurity protection are insufficient. Many employees are unaware of security threats due to a lack of awareness and training. To address this issue, IT technical support can play a pivotal role in enhancing cybersecurity by conducting comprehensive training programs for employees. These programs should cover the basics of cybersecurity, including recognizing phishing attempts, creating strong passwords, and understanding the importance of regular software updates. IT support can organize workshops and simulation exercises to give employees hands-on experience in identifying and responding to potential cyber threats. Regularly updated training materials and continuous learning opportunities can ensure that employees stay informed about the latest cybersecurity trends and practices. By doing so, IT support can significantly reduce the organization’s vulnerability to cyber attacks and foster a culture of security awareness (WOLDEMICHAEL, 2020).
In conclusion, the increasing sophistication of cybercrime and the rise in cyber-attacks across all sectors highlight the urgent need for robust cybersecurity measures. The findings clearly indicate that current methods of cybersecurity protection are insufficient, primarily due to a lack of awareness and training among employees. Organizations must prioritize the development and implementation of comprehensive cybersecurity plans that include technical support measures, such as maintaining user permissions, regular system hardening, and frequent penetration testing. Equally important is the role of technical support in fostering a culture of security awareness through continuous training programs. These programs should educate employees on identifying phishing attempts, creating strong passwords, and understanding the significance of regular software updates. By leveraging artificial intelligence and machine learning, organizations can also enhance their ability to respond to and recover from cyber incidents effectively. Ultimately, a multi-faceted approach involving advanced technology, strict security protocols, and well-informed employees will be crucial in mitigating cyber risks and protecting organizational assets.
References
Alhayani, B., Abbas, S., Khutar, D., & Mohammed, H. (2021). Best ways computation intelligent of face cyber attacks. Materials Today: Proceedings. https://doi.org/10.1016/J.MATPR.2021.02.557.
Bago, P. (2023). Cyber security and artificial intelligence. Economy & finance. https://doi.org/10.33908/ef.2023.2.5.
Ben-Asher, N., González, C. (2015). Effects of cyber security knowledge on attack detection. Comput. Hum. Behav., 48, 51-61. https://doi.org/10.1016/j.chb.2015.01.039.
Jr. Ursillo, Steve; Arnold, Christopher. Cybersecurity Is Critical for all Organizations – Large and Small. International Federation of Accountants. Disponible on: <https://www.ifac.org/knowledge-gateway/discussion/cybersecurity-critical-all-organizations-large-and-small>. Acess: 20 jun 2024.
Kont, K.-R. (2024), “Libraries and cyber security: the importance of the human factor in preventing cyber attacks”, Library Hi Tech News, Vol. 41 No. 1, pp. 11-15. https://doi.org/10.1108/LHTN-03-2023-0036.
Rathod, A., & Kulkarni, B. (2020). Issues and Challenges for Preventing Cyber – Attacks, 212-215. https://doi.org/10.32628/cseit206251.
Rees, L., Deane, J., Rakes, T., Baker, W. (2011). Decision support for Cybersecurity risk planning. Decis. Support Syst., 51, 493-505. https://doi.org/10.1016/j.dss.2011.02.013.
Woldemichael, H. (2020). Emerging Cyber Security Threats in Organization. International Journal of Information and Communication Sciences. https://doi.org/10.11648/j.ijics.20200502.12.
Yeng, P.K., Fauzi, M.A. and Yang, B. (2021), “Assessing the effect of human factors in healthcare cyber security practice: an empirical study”, in Vassilakopoulos, M. G. Karanikolas, N.N. Stamoulis, G. Verykios, V.S. and Sgouropoulou, C. (Eds), PCI 2021: 25th Pan-Hellenic Conference on Informatics, Volos, Greece, November 26–28, 2021.