By : Basel Khaled – Wael Elhosany

In October, during the European Cybersecurity Month, the focus is on social engineering threats, with phishing remaining a prominent concern. The upcoming Nixu Cybersecurity Index* emphasizes the significance of security awareness in Nordic organizations for the second year in a row, highlighting its recognition and ongoing proactive efforts. To promote cyber awareness, Nixu provides informative content throughout October, such as videos, articles, whitepapers, and the Index report, to support individuals and organizations in staying safe online.

October marks the European Union’s annual Cybersecurity Month, providing organizations and individuals an excellent chance to boost their cybersecurity awareness and practical skills. This year, the focus is on social engineering tactics used by cybercriminals to manipulate people into accidentally compromising their personal or organizational information security. The motto this year is "Be Smarter Than a Hacker," which urges vigilance online and encourages using the knowledge and tools available to stay protected.

According to Verizon (2023), 74% of all breaches include a human element either via error, privilege issue, use of stolen credentials, or social engineering. In 2023, phishing remains a top social engineering attack, causing 16% of breaches. Phishing includes various tactics, like deceptive emails and texts, impersonation scams, social media content, or fake websites, aiming to trick users into sharing credentials or downloading malware. Given its affordability and profitability, it's a preferred choice for threat actors.

Cybersecurity Ventures estimates the cost of cybercrime damages to reach 8$ trillion in 2023. At the same time, the share of severe ransomware attacks has exploded. Typically, ransomware attacks are targeted at critical sectors like healthcare, finance, government, and retail. To safeguard against damaging attacks and financial losses, strong cybersecurity measures and continuous employee cybersecurity awareness training are vital to all organizations.

Strengthening awareness through regular training and by sharing up-to-date risk information helps employees spot suspicious emails and other scams, as well as comply with the organization’s security policies and adopt security safeguards. It is, therefore, possible to change employees' security behavior and attitudes and an organization’s security culture by sharing knowledge about cybersecurity risks, their potential consequences, and security practices.

"Organizations falling victim to cybercrime often share a common weakness: insufficient cybersecurity. Yet, it's vital to remember that cybersecurity goes beyond technology alone. Enhancing an organization's cyber resilience involves raising awareness among management and personnel, identifying digital risks, and – with the support of a holistic cybersecurity partner – prioritizing actions critical to operational continuity," says Teemu Salmi, Nixu CEO.