News Tags: Kybernetická bezpečnosť

Are you making these IT security mistakes at work? What to watch out for?

Employees are often the first line of defence against cyberattacks – but they can also be the weakest link. Their lack of awareness, carelessness or inappropriate behaviour can lead to serious security incidents. Here’s a list of the most common mistakes employees make and how to avoid them.

IT security is now of key importance for every business. However, a little moment of carelessness can result in data loss or privacy breaches, which often open the door to cyberattacks.

“Technologies and processes can help minimise risks, but if they’re not properly implemented or configured, the space for human error increases – along with the risk of a security breach,” explains our colleague Petr Kocmich, Global Cyber Security Delivery Manager.

So, what are the most common mistakes employees make?

1. Unsecured and unattended devices

Leaving your laptop or phone unattended in the office, a café or a meeting room, and even worse, unlocked, poses a serious security risk. An unprotected device can be a gateway through which sensitive company or customer data is leaked.

2. Social engineering

Attackers use psychological tricks, known as social engineering, to gain your trust and acquire access credentials. Even a little carelessness can have serious consequences. One of the most common tactics is a Business Email Compromise (BEC) attack. In this scenario, the attacker pretends to be a high-level manager with decision-making power who sends a convincing email to the finance department requesting urgent payment of a fake invoice – sometimes even from an existing supplier. The email often includes fabricated details and bank account numbers.

This type of fraud exploits people’s trust and tendency to obey authority, allowing the attacker to easily bypass standard internal payment processes. Attackers may spoof an email address to closely resemble a legitimate one (often based on gaining access to the actual mailbox) and create a sense of urgency to pressure staff into making irregular payment transactions without proper checks. In such cases, it’s best to verify the request with your manager over the phone.

3. Weak or reused passwords

Using weak passwords like “123456” or names of pets and family members is still widespread and extremely risky. Attackers can easily guess such passwords using simple algorithms or public information from social media. Reusing the same password across multiple accounts – work or personal – creates a domino effect: If one password is breached, other accounts are also compromised. This is especially dangerous when passwords are shared between work and personal accounts without multi-factor authentication.

4. Sharing login credentials

A password is personal and protects your access. Sharing it with colleagues – even briefly, for instance if their account gets locked after failed login attempts – is a risk. Shared passwords can be forgotten, misused or even exploited. A password is like a personal key – the more people have access to it, the less secure it becomes.

5. Unattended printed documents

Leaving sensitive documents on a printer is like leaving your wallet unattended. Such materials can fall into the hands of unauthorised individuals.

6. Connecting to unsecured Wi-Fi networks

Public Wi-Fi, such as in cafés, may be convenient, but it’s inherently risky. When you connect to an unsecured network, attackers can monitor your online activity and even intercept unencrypted data such as login credentials or card numbers. If you’re handling work matters over such a connection, they may also gain access to company data. Without a VPN that encrypts your connection, using public Wi-Fi is like sending important documents on a postcard – anyone could read them.

7. Ignoring software updates

Outdated software may contain vulnerabilities easy for attackers to exploit. That’s why regular updates are essential, both on company and personal devices, to patch these security gaps.

8. Failing to report security incidents

Any suspicious emails, text messages, or unauthorised individuals on the premises should be reported immediately – ideally to IT or security teams, or at least to your supervisor. Unreported incidents can lead to greater damage or even illegal activity.

9. Not paying attention during training

While mandatory work training sessions may not always be thrilling, it’s vital to pay attention. You might learn something new and understand what specific rules apply within your company. Cybersecurity tips can also be useful in your personal life.

10. Unsecured work environments

Just like you wouldn’t let strangers walk freely through your home, don’t allow unauthorised people to roam your offices or warehouses unless they have verified permission.

Likewise, leaving office doors (or windows) unlocked is not a good idea, as someone can easily enter, even in broad daylight. Someone posing as a delivery person, for example, could sneak in – not with a parcel, but rather with the intention to steal your work or personal devices, access cards, or even plug in a device to gain remote access or extract data from logged-in devices.

These days, much of our work can be done on smartphones without physically being in the office, so even you may be answering emails in a café, library or on a tram. If that is your case, be mindful of who might be peeking over your shoulder and reading your communication. This is known as shoulder surfing – where someone secretly watches you type in login details or other sensitive information.

How to Act Responsibly?

Prevention is key. “Employees need to understand that their digital habits affect not only their own work but the security of the entire company. Practising good IT hygiene isn’t just a formality. It’s a crucial step in protecting against growing cyber threats,” concludes Petr Kocmich.

By avoiding these common mistakes, you can protect not only company data but also your own reputation and career. Be IT responsible – it pays off.

AI as a weapon and a shield

Artificial intelligence (AI) is a catalyst in the realm of cybersecurity, transforming it into a continuous battle between attackers and defenders. Cybercriminals are leveraging AI to launch highly targeted and increasingly hard to stop ransomware attacks. But on the other hand, how can AI be used to defend against such sophisticated threats and help organisations keep up? Our colleague Petr Kocmich, Global Cyber Security Delivery Manager, provides insights into these and other issues.

How quickly can cybercriminals encrypt data using ransomware after infiltrating a system?

The time required can vary significantly. Some types of ransomware begin encrypting data almost immediately—within minutes of gaining access to a system. Others deliberately delay the encryption process to avoid detection and to thoroughly explore the victim’s environment. These attacks may take hours, days or even weeks before the actual encryption begins. In targeted attacks, cybercriminals often spend weeks or months inside the network before launching encryption to maximise damage and pressure on the victims.

How do cybercriminals use AI in ransomware attacks?

Artificial intelligence is playing an increasingly vital role in various phases of cyberattacks, including ransomware. AI can be used to craft highly convincing phishing emails that mimic the sender’s writing style and are personalised, increasing the likelihood that victims will click on malicious links. AI also assists with automated network scanning, identifying vulnerable systems, and cloning or optimising fake websites to make them appear as trustworthy as possible.

AI tools can significantly enhance the generation and optimisation of fake landing pages used in fraudulent schemes. These tools can generate visually appealing and credible looking websites that closely imitate the legitimate ones. Moreover, they analyse the target audience and customise the content to appeal to specific demographic groups or user interests. This increases the likelihood that victims will click on malicious links. AI can even monitor the performance of these landing pages and make real-time adjustments, such as changing colours, text, or layout, to maximise conversion rates (i.e. making the visitor act, such as fill out a form, or enter credit card details) thereby improving the efficiency of fraudulent campaigns.

AI tools can further streamline and enhance cybercriminals’ reconnaissance and lateral movement across networks. Through mapping network structure and topology, they can identify vulnerable systems and suggest optimal paths for lateral movement. By analysing behavioural patterns, they help attackers blend in and avoid detection. Machine learning can identify normal behavioural patterns and adjusts malware behaviour to prevent generating suspicious activity that could raise alarms with security systems.

Finally, AI enables malware to actively breach security defences. AI-driven malware can adapt in real time to security measures. Using machine learning, malware can alter its modus operandi and signature to evade detection by modern security systems. This includes changes in behaviour, code encryption or adapting to firewall and antivirus settings.

IT bezpečnosť v priemysle

Can you give specific examples of ransomware operations that use AI?

One example is Emotet, malware that uses AI to improve its phishing campaigns, increasing infection rates. TrickBot, another dangerous malware, employs AI for automated network reconnaissance and adaptive behaviour, allowing it to adjust to security measures it comes across. Ryuk, known for its targeted attacks, uses AI-powered tools for network reconnaissance and privilege escalation before deploying ransomware.

Does it also work the other way around? Can AI defend us against ransomware attacks?

Yes, absolutely. For instance, by monitoring and analysing network traffic, AI can detect anomalies and unusual behaviour in real time that may indicate the presence of malware. This means AI can identify and respond to potential threats before an attack causes harm. It can even respond automatically to threats, for example, by isolating infected devices from the network. AI also enables predictive analysis to help anticipate potential attacks and recommend proactive measures. Improved phishing detection and endpoint monitoring are other key areas where AI significantly improves protection.

Can AI tools automate incident response?

Yes. This includes the aforementioned isolation of infected devices as well as the coordination of various security tools and processes, ensuring a rapid and effective incident response. Such automation not only reduces response time but also minimises human error in managing incidents.

How can AI contribute to predictive analysis and cyberattack prevention?

Predictive analysis is one of the key areas where AI will play a critical role. Using predictive models, AI analyses historical data and current trends to anticipate possible future attacks. This allows organisations to take proactive measures and prepare for potential threats. AI also helps in vulnerability and patch management by identifying system weaknesses and recommending prioritised fixes based on the potential attack likelihood and severity.

Phishing attacks are also on the rise. Can AI detect or prevent them?

AI can analyse email messages and attachments to identify phishing attempts using pattern recognition and contextual analysis. This includes detection of suspicious elements, such as unusual links or language that may indicate a scam. AI also helps defend against spear phishing by analysing personalised messages and blocking those containing fraudulent elements.

Are there benefits to using AI in Endpoint Detection and Response (EDR)?

Yes. AI supports the monitoring of endpoints such as servers, workstations, mobile devices and tablets, and detects suspicious activity that may indicate malware presence or intrusion attempts. It can also conduct forensic analysis of compromised systems to identify the source of the attack and recommend remediation measures to prevent future incidents. This improves both the speed and accuracy of threat detection and response.

Can AI tools improve security operations and management in a Security Operations Centre (SOC)?

Absolutely. By reducing false positive events or incidents. AI analyses and filters security alerts, enabling security teams to focus on real threats. AI also supports proactive threat hunting by identifying both known and novel attack patterns.

What role do you foresee AI playing in the future of cybersecurity?

The future of AI in cybersecurity is immense. With ransomware attacks becoming ever more sophisticated, AI will be pivotal in detecting and preventing these threats. Thanks to its capabilities in detection, response, prevention, and analysis, organisations can better protect their systems, minimise the impact of attacks, and improve overall security effectiveness. The development of advanced AI technologies will allow a faster and more efficient response to incidents, reducing the risk of successful attacks. However, as defenders improve their AI capabilities, cybercriminals are also expected to continue enhancing their own AI tools creating a perpetual fight between attackers and defenders.