Cybercriminals may use SID subject for phishing campaigns, says Qualys CISO


Share

On the occasion of Safer Internet Day 2021, TECHx spoke with Giuseppe Brizio, CISO EMEA, Qualys to discuss current cyber threats for businesses, cybersecurity in remote working – and risks on social media.

TECHx: In the context of Safer Internet Day, what are the internet-based threats most important for businesses to be aware of in 2021?

Giuseppe: Safer Internet Day (SID), which started in 2004, is a global celebration taking place in 150+ countries, with the aim of raising awareness about the need to collectively act for internet security. In 2021, the 18th edition will be recognized on Feb 9th with the theme of “Together for a better, secured and trustful internet”.

While one would expect SID to be a quieter day from a cybercrime perspective, particular attention should be paid, as it might be the exact opposite. Cybercriminals may use the SID subject as a mean for designing and launching phishing campaigns pretending to be from a legitimate source — either private or public organizations — in order to steal personal information from you and/or your business. Taking advantage of the larger attack surface with remote and mobile workforces due to covid-19, on Feb 9th social media engineering initiatives can specifically utilize the SID topic to extort systems credentials from targeted people who unconsciously will enable fraudulent systems access. Ransomware attacks may become even more aggressive during SID, with hackers taking the challenge of demonstrating how they can be successful even when people’s attention to cybersecurity is heightened.

TECHx: With the rise of social media, how can we nurture and increase public awareness on cybersecurity, so that people become more responsible when using technology and digital gadgets.

Giuseppe: Cybersecurity is everybody’s concern and not just one for cybersecurity practitioners. So, everybody should feel compelled to acquire at least the basic cybersecurity skills and adopt a cyber-secure digital behavior.

The SID is the perfect occasion to raise people’s cybersecurity awareness through communication campaigns about cyber risks and responsible utilization of digital technology. While security has always been and still is, a concern for the physical world, the same applies to the digital world. Social interactions in the digital world have the potential to get amplified at a global level and have positive impacts but also have very negative repercussions. These can be either general (e.g. fake news), personal (e.g. damaged reputation, cyberbullying), or business related (e.g. brand identity damage, destroy credibility, etc.).

Consequently, with technology and digital tools putting amazing power in everybody’s hands, people do also have to manage it with a great sense of responsibility. More specifically, social media could really become the catalyst for expanding cybersecurity awareness and education (e.g. protect your data, update your device, review security parameters etc.) for a multitude of people who would not normally pay attention to the matter and would unconsciously run the risk of becoming cybercrime victims.

TECHx: On the occasion of Safer Internet Day 2021, give us some tips on how to stay safe on the internet in today’s remote working scenario.

Giuseppe: The best way to observe the SID is to take the opportunity to perform a “health check” of your cybersecurity posture by conducting a review of your devices and applications update level, latest versions of antivirus and anti-malware software installed, your data access permissions, etc.

On social media, you can include the hashtag #SaferInternetDay on your posts in order to make your network of contacts, either personal or professional, aware of SID and more conscious of the importance of cybersecurity for a Safer Internet.

Cybersecurity responsible behavior is a skill that requires practice on an ongoing basis to really get good at it. Therefore, the SID could be the day for kicking-off a step-change in managing a more disciplined Cybersecurity hygiene and more conscious use of technology and digital tools. These basic practices should include using complex passwords, not using the same passwords across multiple accounts, paying attention and signaling phishing emails, refraining from clicking on doubtful links, and keeping informed about new cyberattack techniques.

Technology develops at such a fast pace that staying aware of the latest threats, best practices and defenses needs to be an ongoing effort, in order to act securely and responsibly in the digital world.


Leave a reply