The manager’s cyber stress is on the rise: how do we reduce it?
In 2022, a plethora of studies awarded cyber risks the unfortunate title of greatest threat to businesses. While we understand that cybersecurity issues, which are at the heart of managers’ concerns, are a factor of anxiety, this cyber stress is not inevitable. Here are a few habits that can help reduce pressure… and risks.
Against a global backdrop of Covid-19, climate change, war in Ukraine and economic uncertainty, there is no lack of threats looming over businesses. Yet, if we are to take managers at their word, the number one threat to their business lies elsewhere: in cyberspace!
This has been highlighted by many recent studies: the AGCS world risk barometer for 2022, the PwC Global CEO Survey, the France Assureurs (French insurers) 2022 risk mapping… French and international managers who responded pointed out cyber risks as their main source of anxiety. Here are several tools to prevent and reduce cyber stress.
Cyber-risks, a warranted source of anxiety
Fifty-five percent of French managers interviewed by PwC fear cyberattacks. And rightly so… ransomware, to cite only one threat, infected 81% of French companies in 2021, more than the seven other countries in the Proofpoint[i] study. Among the companies, 56% had to pay one or more ransoms to try to put an end to the attack, to the tune of 128,000 euros on average per company, according to Anozr Way. More generally, the yearly barometer established by the CESIN (French computer and digital security experts club) notes that “the scale and violence of attacks continue to increase”, even as we depend more than ever on digital technology to work (from home) together, consume, communicate… In other words, cyberattacks have never had such a potential for harm.
Still according to the CESIN, phishing remains the most common form of attack (73%), followed by exploiting security vulnerabilities (53%). There is also an increase in Smurf attacks via service providers (21%): these involve attacking a target indirectly, through its ecosystem of subcontractors and suppliers, in order to take advantage of their security vulnerabilities.
The increasing violence of cyberattacks is also apparent in the evolution of ransomware, which increasingly relies on a pernicious double extortion strategy: this practice involves demanding a ransom in exchange for stolen data, while threatening to make the data public. Another aggravating factor is the emergence of ransomware-as-a-service (RaaS) platforms and the proliferation of ransomware franchises.
In France, very small businesses, SMEs and intermediate-sized enterprises, who are less prepared to fight this threat, are prime targets for ransomware. They represented 34% of victims in 2021 (up 53% from the previous year), followed by local government (19%) and strategic businesses (10%).
On the urgent need to reduce risks
Remembering or establishing good practice
The necessity of dealing with cyber risks is real, especially when we are witnessing “malicious players professionalize”, according to the Anssi (French State agency for the security of information systems).
To promote awareness and sustainably establish good IT practice in companies, implementing an IT charter is an excellent tool. Such a charter will make it possible to regulate the use of computer systems and to share good IT practice within the company.
The IT charter formalizes security rules that are crucial to daily activity, among which we could cite, in no particular order:
– Never give your passwords to someone else
– Never use your work passwords in your private life (and vice versa)
– Never leave your workstation unsupervised
– Never send sensitive data by email, etc.
Another major advantage of an IT charter is its dual function, since it is both a tool for raising employee awareness and a legal instrument that outlines penalties for non-compliance with the rules. In concrete terms, the charter will, for example, provide a detailed process to follow for sharing data, taking into account both the data’s level of privacy and the identity of its recipient. But it will also explain why such a process is used, and finally it will point out the penalties incurred for not complying with the protocol. Indeed, drafting an official charter to raise employee awareness is not enough. To be effective, the employer must ensure that it is respected.
To implement this charter, he could for example use automated tools to monitor computer systems: however, in this case, employees must imperatively be made aware.
Supervising employees’ computer use is essential as this is the main source of company security breaches. In December 2020, the Anssi pinpointed the main weaknesses exploited by cybercriminals: “lack of awareness of cyber risks, poor command of computer systems, non-compliance with cyber hygiene measures, shortage of cybersecurity experts and, to some extent, a larger attack surface due to widespread remote working”. A list of flaws that confirms the importance of the human factor. Yet there are simple solutions: choosing strong passwords, widespread multi-factor identification, exercising caution when dealing with unsolicited emails. Unfortunately these measures are still too often ignored…
A quick look at the most popular passwords in 2022 is proof enough. Globally, the first place goes to “123456”, while in France the second place is held by “azerty”. Another unbreakable password makes it into the top ten: “binky”! Other countries do not fare much better: “hello” and “password” are prevalent in the English-speaking world, while the names of football clubs are well-liked in Italy and Croatia…
These habits would be funny if they weren’t alarming, because even though they pertain in part to users’ private lives, they nonetheless betray a complete ignorance of the most basic rules of digital responsibility among the general public.
Since the human element cannot be completely remedied, there are other tools to protect the company fortunately, such as the services of experts.
Entrusting your cyber defense to expert partners
In the face of ever more inventive and nefarious cybercriminals, maintaining the highest level of cybersecurity can be a challenge.
In this evolving and anxiety-inducing context, turning to specialists can prove to be beneficial, by relying for example on SaaS solutions. Using online software offers businesses the guarantee that their data and processing capacities will be protected at all times within a dedicated, highly secure and redundant remote facility.
Ensuring you are always at the cutting edge of technology is indeed one of the priorities for major online software publishers: they have established partnerships with world leaders in hosting, such as Microsoft and Amazon Web Services (AWS). These strategic agreements aim to provide customers with ever more efficient services, in terms of both scalability and reliability, ease of use and, of course, security.
The value of an SaaS solution also lies in its reasonable cost, as development and maintenance expenses are shared between all users. Thus, unlike an on-premise configuration that requires significant structural investment, each company opting for SaaS only has to pay a fixed monthly subscription.
Finally, there is a wide range of SaaS solutions available to companies: accounting, invoicing, payroll, HR, ERP, etc. SaaS can thus cover all their needs and allow the manager and his teams to refocus on their core business.
Cybercrime is on the rise, that’s a fact. In an increasingly digitized world, this trend is not about to be reversed, but decision-makers are not powerless against cyber risks. By establishing computer security instructions and implementing rules, by driving a cultural paradigm shift that makes cybersecurity everyone’s business, but also by relying on the resources and technology of expert partners, they can arm themselves to face this threat, today and tomorrow.
[i] France in front of Germany, Australia, Spain, the United States, Japan and the United Kingdom
For more information, discover the Sage guide: Cybersecurity: when threats grow more sophisticated, the response must keep up
- Cyber risks
- Cyber industrial safety
- Security and Stability in Cyberspace
- Operational security
- Antifraud action
- Digital identity & KYC
- Digital Sovereignty
- Digital transition