October, the European month of cybersecurity
The European Cyber Security Month is an annual campaign that promotes awareness and best practices in online cyber security
Corina Cristea, 18.10.2024, 12:11
The European Cyber Security Month is an annual campaign that promotes awareness and best practices in online cyber security, providing information on online security through awareness-raising activities and exchanges of best practices. Every year in October, hundreds of activities – conferences, workshops, courses, webinars, presentations – are organized in numerous locations across Europe to better inform the public about online threats and the importance of digital safety. This year, European Cyber Security Month focuses on social engineering, a type of threat that relies on manipulating human behavior to gain access to sensitive information.
In Romania, the National Cyber Security Directorate (DNSC) has recently informed that the most common method by which our sensitive data can be stolen remains electronic mail, our personal e-mail. Here is Mihai Rotariu, communication manager at DNSC
“The attackers have been heavily using social engineering attacks, especially in the last year, and recently, unfortunately, they have migrated to social networks, to social media, because for them it is a significant reduction of costs. They no longer necessarily have to maintain a phishing site to host, pay for it, pay specialists to support it online, they can simply compromise certain social media accounts of, for example, certain users, to use those accounts, the trust of those accounts, the pages that those accounts manage, to launch further posts, usually sponsored, to traps, fraud attempts directed against Romanian users.”
This year’s edition of the European Cyber Security Month has the theme #ThinkB4UClick (‘Think before you click’) – a call for vigilance in the face of social engineering – an increasingly common practice in which fraudsters impersonate someone else, send e -phishing emails or make fake offers to get their victims to take certain actions online or reveal sensitive or personal information. Here is Mihai Rotariu again:
“On a European level, choosing social engineering as the main theme for the European month of cyber security, we see that the problem practically persists in all EU member states. And, yes, we are talking here about social engineering techniques used very often. The attackers, in the case of a phishing attack, call us directly on the phone and present us with a scenario with certain psychological elements that cause us to be less vigilant and perhaps provide data or click on a link or install an application. In such situations, the ideal would be to have a cyber security hygiene, a cyber security routine, with reflexes in the online environment, just as we have them in real life, transfered, of course, to online security.”
We must have the reflex to first check the source of the received message, explains Mihai Rotariu, to see if the email really comes from a legitimate source, to look at the real address of the email, to check the link in that email, to check the text of the email to be correct from a grammatical point of view, of phrasing, to check with a security solution the attachment of that email – all this before clicking, before executing an action that could lead us in confusion.
Mihai Rotariu: “We must be vigilant, we must be patient when we are active in the online environment and think logically. Let’s get used to processing and acting at a decent speed this time, because we know that we are used to processing information much faster in the online environment than we would in real life. So, let’s do the necessary checks before doing any actions that could compromise our data or equipment.
“The main reason why attackers want to compromise data is related to the financial side. If they have access to our devices or our accounts, they will usually try to withdraw money directly from the accoun”, explains the DNSC representative. But if they can’t, they try to extract as much data as possible – personal data, financial data, sensitive data, authentication data. All this data has a value on the black market and can be sold, monetized further. Attackers can even exchange such data with each other, precisely in order to target as many users as possible with these online traps.
The data shows that in 2022, the EU suffered from a shortage of cybersecurity professionals of between 260,000 and 500,000 people. A recent cybersecurity skills survey highlighted the need to raise awareness and provide training in cybersecurity. To cover this skills gap, the EU has created the online platform “Cybersecurity Skills Academy”, where you can take development courses in this direction. (MI)
