Business services centers are increasingly ensuring the IT security of international companies. Education of employees as an important tool against cyberattacks.
The growing share of data accessible online, working from home during the pandemic, and the war in Ukraine have brought an increased number of security incidents and cyber-attacks. According to Accenture, the number of attacks increased by 125 % only last year. IT security has thus become one of the main priorities in all companies. IT security is not just a matter of securing IT infrastructure at various levels, but a comprehensive approach, including education among employees, as two-thirds of incidents are caused by their ignorance or inattention.
Czech business services centers are playing an increasingly important role on a global scale in these tasks. According to the ABSL association, almost a third of Czech centers already provide IT security services, ie almost three times more than 10 years ago.
“Growing security requirements and increasingly sophisticated cyberattacks are leading companies to rethink security strategies. In particular, global companies are increasingly transferring IT security to their business services centers. The Czech Republic is becoming a very popular destination for them in this regard,”
says Jonathan Appleton, Director of ABSL and adds that business services centers provide, for example, system updates and security bug fixes, monitoring and analysis, backup management, incident response, and reporting.
IT security breaches can either originate in the organization itself, whether on the part of end-users or of enterprise IT, or it can be the result of vulnerabilities in third-party products, partners, or supply chains. Although the organization itself cannot directly prevent the second type of attacks, properly configured processes can minimize the consequences and restore operations as soon as possible.
Attacks can also be divided into purely technical and those caused by human error. In practice, a security incident is often a combination of several factors. One of the most dangerous forms of cybercrime today is ransomware, in which attackers try to encrypt data to enforce a ransom, which can lead to traffic threats.
“Even though the number of attacks is increasing, according to statistics, two-thirds of security incidents can still be caused by own employees due to ignorance or inattention. There is always someone who unintentionally opens the door to the attackers. So in addition to IT security itself, companies should train their people intensively,” says Jonathan Appleton.
Also alarming in this context are the results of an Integra survey, according to which one in ten users reveals their password during a phishing attack.
Cybersecurity training should include setting and explaining rules of conduct for employees in relation to corporate IT. Topics should certainly include the proper handling of corporate data (such as banning sharing via public storage, forwarding to private e-mail, or copying data to private flash drives) or remote connection policies when working from home. Employees also need to be trained in working with passwords and using corporate e-mail safely, and it is also important to ban downloading and running unapproved programs. As part of the training, employees should also become familiar with the most common tricks used by fraudsters in social engineering.