Installing top tier cybersecurity defences and educating employees may not be cheap, but it is certainly the better option than having to pay the cost of a successful cyberattack. Choosing to do just one of the mentioned measures, but not both, is not enough to ensure data is kept safe from the growing number of fraudsters taking advantage of digital transformation.
Pedro Borges is LOQR’s COO, and has been since 2019. Borges holds a degree in Systems Engineering and Informatics and a dual Master in Information Systems and Business Information. He has extensive know-how in the security area and has worked in several multinationals.
Borges spoke to The Fintech Times to dive into greater detail on why solely installing strong cybersecurity is not enough, and how employee training is crucial to keeping data safe:
Cyber-attacks have increasingly marked the media agenda, exploring in a creative, complex, and methodic way the vulnerabilities presented by companies and individuals. Today, we may say that information is indeed one of the main feedstocks of any modern organisation, so protecting it is crucial for survival and success.
According to ENISA (European Agency for Network and Information Security), malware has been one of the main threats in the past years with estimates pointing to around 71% of organisations affected and aimed mainly at information theft or financial (in the form of ransomware, for example).
In addition to that, there’s a strong resurgence of the phishing phenomena and a growth of threats related to identity theft in the financial sector, mainly stimulated by the digital transformation and the increase in the frequency and value of operations carried out at a distance.
Equipping companies with properly prepared systems, tools, and technologies to detect and deal with all types of the most frequent threats must be at the top of managers’ priorities list.
In the financial sector, for example, the need for effective Know Your Customer (KYC) solutions for remote identity verification is reinforced, especially regarding operations that are subject to strong regulation, such as bank account opening processes, consumer credit or even bank account updates.
The human issue, however, is one of the most critical and difficult to solve, as a system can be easily compromised through techniques such as social engineering and phishing. Businesses are especially vulnerable in this matter considering the adoption of cybersecurity tools alone cannot prevent human error.
That is why, in the business context, employee training is essential. Ensuring awareness and training of cybersecurity’s best practices, taking advantage of the full potential of the implemented tools, as well as identifying and preventing some of the most common types of threats, is halfway to safeguarding data integrity. By safeguarding the information that circulates in the business context, the chances of attacks with serious damage to the organisation is mitigated.
It is also important not to forget that vulnerabilities may affect the entire supply chain, for which it is essential to ensure that all links with suppliers, partners, etc., comply with data protection requirements.
Seeing the issue of cybersecurity as an inseparable part of a company is as crucial as considering financial, human or logistic resources. It is not an exaggeration to consider the need of its own department and specific functions within the company. The media exposure of incidents related to large companies such as Facebook and LinkedIn show us – or should show us – that these types of concerns really must be part of the day-to-day of any organisation.
The cost to be paid by a company following a cyberattack can be extremely high, so we must take large steps globally to protect this feedstock, which is so essential for the modern business fabric: information. It’s a priority and it’s urgent.