Fake emails, phishing, ransomware. But what if the threat to cyber security were psychological in nature? Not only but also. It is the false sense of cyber security.
The technological evolution and the growth of digital services in the last period, due in particular to the pandemic, have led people to interface more and more frequently with the digital world. Systems for smart working, video conferences, online shopping. Everyone has become a more cyber security expert. Thus, thanks to the vision of "these are things that will never happen to me" combined with "imagine if I do not realize that it is a fake e-mail", the level of vulnerability grows together with greater familiarity with computer systems. It's that false sense of security.
Psychologically, the mechanism according to which when the level of confidence increases, the level of guard is lowered is well known. It happens in all areas of our life. We also think about driving: at the beginning we are tense and attentive to everything, with time and experience we are increasingly distracted. This also happens in the field of information technology. The use of new tools at first creates a high sense of attention, but when you begin to become familiar with the means and technologies, the awareness of knowing more is gradually generated and attention begins to wane. It is at this point that you are most vulnerable.
According to the 2020 Data Threat Report, in 2019, companies that considered themselves vulnerable to cyberattacks had dropped to 68%, compared to 86% in 2018. But last year, as many as 47% of organizations reported an increase in cyber attacks while 58% were victims of a cyber security incident.
Where does the false sense of security come from?
A greater knowledge of the risks also contributes to generating this false sense of security. In fact, the training that was provided in this period, also internally to companies, with the aim of mitigating the risks deriving from human weakness, facilitates that feeling of trust, which derives from knowing more, but which brings with it a lowering of attention paid to daily operations. The risk is that you find yourself unprepared for a harmful event, with a lower capacity to respond.
Obviously, training is never wrong, on the contrary, it remains essential to improve risk awareness. However, it is good to keep in mind, in such complex scenarios, all the variables that come into play. Another aspect that contributes to this false sense of security is compliance with rules and regulations. But being compliant with the law does not automatically mean greater real security. Rather, it should be the other way around: a good level of security should translate into regulatory compliance.
In the current landscape, everyone is potentially a victim. Nobody can consider themselves immune to cyber attacks or unappetizing for cybercriminals. The reasons for an attack can be varied, from information possessed to paying a ransom to recover encrypted files. Furthermore, whatever security measures are adopted to protect the corporate network, we must never forget that no system is inviolable.