No, cyber-attacks do not only target companies

A company's security is considered as a whole, and must take into account all the elements of the system, including individual behaviour and collective perception of risk!

No, cyber-attacks are not just aimed at companies: "My data is of no interest to anyone, I cannot be the target of a cyber-attack" - this is often the answer we hear when we talk about the risk of hacking and the precautions to take to avoid it.

Jean-Pierre Dandrieux, Senior Partner at Cognitive Companions, explains why each of us individually is a target, why we don't always realise it, and how to protect ourselves.  We are all icebergs of data. One simple check mark and we agree to terms of use, enable cookies and share data.

In reality, the information we give out is just the tip of the data iceberg that makes up each individual. Iceberg that can be easily hacked ... In fact, it is relatively simple to obtain a spy kit on the web that allows you to hack into any phone, and therefore to listen to conversations, to collect various and varied information. To consider that our private conversations do not interest anyone is a bad reasoning. Today, everyone goes to the office with their personal phone, and hacking software can spread to other devices (business phone for example) and/or clone a SIM card and thus set up a listening system.

Thinking that our position in a company is not strategic enough is not a valid argument either. This is the law of the network: in our level 1 circle, there is necessarily someone who holds sensitive information that can be searched for. Hackers are sometimes real detectives, let's not forget that!  When our cognitive biases are playing us. Our vigilance depends on the level of risk we perceive. The less the threat seems to us to be strong, the weaker our vigilance will be.

The study of risk* is carried out according to two parameters: on the one hand the "objectified risk" which is based on rational scientific work (including the probability of occurrence and potential damage), and on the other hand the "perceived risk" which is established in relation to our own cultural and psychological referentials. And it is finally when there is a discrepancy between these two visions of risk that we over- or undervalue it. In a wilderness environment, cognitive biases are an asset because they boost the analytical and reaction capacities of individuals.

Conversely, in our contemporary societies, they can push us to take decisions that are not very rational. In the context of our own cyber security (and thus indirectly of that of others), they often tend to give us a distorted view of reality, and reduce our awareness of risk.

Simple and effective must-do's for cybersecurity.

And yet some actions are easy to implement individually to ensure a minimum of cybersecurity. Here are some must-do's:  
-Use a VPN (Virtual Private Network) to secure connections between networks. This is especially essential in teleworking situations.
-Activate antivirus and firewall to filter connections and detect malware.
-Use the most secure browsers, such as Firefox or Tor.
-Regularly update your computer's operating system.
-In the case of remote working, favour connections with a cable rather than with a wifi network (which can be easily hacked).
-Secure the authentication mechanisms and use complex passwords (and different depending on the tools and platforms).

These practices, which are relatively simple to implement, can be an effective first barrier to attacks.  

Although hacking your holiday photos is not the primary objective of hackers, the risk of intrusion into your various devices should not be overlooked, especially since attacks can be directly directed against you or your company, or use you as a gateway to reach another target.


This article has been written by
Jean-Pierre Dandrieux
Download the article