Written by: Candid Wüest, VP of Cyber Protection Research, at Acronis

Opening a heartfelt email and clicking on the link asking you for help? An email supposedly from your bank asking you to renew your password? A text message from the government sending you an appointment for a medical test with a link to register? All these are examples of how emotions are used to lure us into providing access to our personal information or devices.

The use of emotions and alerts via emails or mobile is going to continue to grow as a trend within the cyber security space. We discovered its extent when the pandemic started in 2020 when cybercriminals were extensively leveraging Covid-19 to send infected links and used phishing attacks, but it continues even now and will continue. People and especially Small-Medium sized Enterprises (SMEs) use a lot of sensitive applications like banking, to monitor their businesses; so, attackers are opportunistic and use any event or news to lure users onto malicious sites.

Now, to avoid being in a difficult situation in the first place, both businesses and individuals need the right cyber protection strategy which includes anti-malware and anti-virus protection. Then, they need to be ready for any scenario and incapacity to easily recover any data during a ransomware attack. Companies critically need to think of having a highly customized DR plan and the right enabling capabilities ideally all under one single tool to avoid increased costs and accrued risks.

We have developed a holistic approach to cyber protection composed of five vectors: Safety, Accessibility, Privacy, Authenticity, and Security (SAPAS). This allows for a well-rounded comprehensive protection experience going beyond traditional backups or classical AntiVirus solutions which only focus on one part of the situation. Our Active Protection uses artificial intelligence and machine learning to identify malware by how it behaves, looking for suspicious activities, as opposed to matching it against a known threat database. Most threats are linked to malicious emails or unpatched systems and software. We protect our customers from such threats through integrated cyber-protection software. It allows disrupting these attacks at various stages depending on the type of attack at play, providing in-depth defense.

The “safest”, most stable, and the most successful organizations make their decision based on data. Anyone in an SME and at all levels should understand the basis of cyber security. In business in general but especially around the cyber security topic, Management teams have access to a lot of various information and need to manage their emotions at the same time. Using different solutions for data protection and cybersecurity simply creates more complexity and broadens the threat factor. SMEs need a single solution that ensures the optimal protection for all data, applications, and systems from one console.

Patching, using strong authentication, and employing strong malware protection are still the most important measures to take. Most attacks are still falling in the category “not sophisticated” and are due to human action and playing with one’s emotions: they start with a phishing email, with an easy to guess or a reused password known to attackers from another compromised source or an old and forgotten service exposed to the internet. Then, attackers start stealing the data or gaining enough access to run ransomware. The easiest way to avoid damages is to stop the attack before it even started with pre-emptive measures or at the initial point when it starts, but of course, in-depth defense or forensic is important as well.