Can you explain what cybersecurity is and how it differs from fraud?
Cybersecurity is primarily about protecting infrastructure and systems connected to the Internet. It involves prevention and protection, and then reacting in the event of an incident. Fraud, on the contrary, goes beyond security. Fraud is when criminals abuse systems or people to steal assets – either money or information. The modus operandi may be old-fashioned, such as cunning theft. But it is reinforced with the help of modern tools, such as deepfakes.
What are the most widespread cyberattacks at the moment?
The most common attacks on businesses are “ransomware” attacks. Criminals deploy “malware” to encrypt all the company’s data and then they demand a ransom to restore it. Another common attack is the “Denial-of-Service" (DDoS), which saturates systems, rendering them unavailable.
What can companies and individuals do to protect themselves?
Rigorous security hygiene is essential for effective protection against cyberthreats. This includes using complex and unique passwords, which can be easily managed with a password manager, enabling automatic updates to keep systems up-to-date, and being more vigilant about risky behaviour – such as not clicking on links or attachments from unknown sources.
To go one step further, we recommend using two-factor authentication (2FA) to strengthen account security, and regularly backing up important data.
For businesses, segmenting systems is key to limiting the spread of incidents in the event of an attack. These basic measures, although seemingly simple, are nonetheless an essential shield for protecting cyber assets and reducing the risks associated with online fraud.
How does the National Cybersecurity Competence Centre (NC3) help businesses?
At NC3, we offer practical, free tools to help SMEs assess and take the necessary steps to improve their cybersecurity. For example, our test platform enables us to scan the security of websites and detect any vulnerabilities. We also offer diagnostics to identify potential risks, as well as training to raise employee awareness.
Correctly handling sensitive information and personal data is essential. The NC3 has created a platform called MONARC, an analysis method that produces a full report on the associated risks, accompanied by concrete recommendations.
These various tools and services help foster awareness among businesses, especially SMEs, of the measures they need to take to bolster their cybersecurity practices and ensure their regulatory compliance.
What role does awareness-raising play in cybersecurity?
Raising awareness is essential. We organise simulated attacks, such as those in Room#42, to evaluate processes, test participants’ resilience in the face of stress, and improve their ability to communicate effectively. These exercises help to identify existing vulnerabilities, optimise companies' preparedness and, above all, make participants aware of the complexity of a real attack. Although this is a drill, it highlights the real challenges that organisations may face.