The Mathematics behind PQC: Isogenies of Elliptic Curves

Web reputation e social engineering: mutual influence and impacts on the business

 View all
Legal

Web reputation e social engineering: mutual influence and impacts on the business

web reputation orizz 2

In an increasingly connected marketplace, a company’s online reputation linked to its digital security can define its future. Attacks based on social engineering use human vulnerability more than technical vulnerability, jeopardizing not only sensitive data but also the trust of the stakeholders. Becoming a victim of a cyber attack, indeed, not only carries a negative impact on business but also a severe blow to corporate reputation. In this sense, preventive measures are key tools to anticipate crises and protect digital and web reputation.

Therefore, it is crucial to encourage a proper security culture that involves every person in the company through ongoing training, transparency in data breach management (as required by the GDPR), and the adoption of effective communication strategies.

In an environment where threats are becoming more and more sophisticated, every person in the company can help build a strong, credible and resilient digital identity that can protect the entire business ecosystem, including the supply chain.

 

The importance of web reputation

In the digital society, there is an inextricable link between a company’s competitiveness and its online footprint. It is of utmost importance, therefore, to avoid the trade-off between these two areas in order to minimize the negative impacts on business that can be generated as a result of reputational damage online.

To that end, a company’s image of itself to the outside world, in terms of how it is perceived by different stakeholders, constitutes its web reputation. Therefore, an error in communication and/or in its management can have disruptive effects on business.

Relevant, in this sense, appears to be a secure treatment of user data: any data breach can, in fact, make users lose their trust. In this regard, particularly insidious, due to their modalities, are the social engineering techniques, consisting in a variety of cyber attacks that leverage the manipulation of the psyche of the physical person, a weak link in the corporate security management chain.

 

Cyber risks

There are several vectors of cyber attack – including phishing and DDoS – that cause leakage of confidential data and loss of information, including in the areas of know-how and intellectual property, with consequent economic repercussions and reputational harms. Common to these forms of attack is the purpose of engendering in the target employee a sense of urgency while facing a request for help, which causes him to make impulsive decisions to carry out activities such as, for example, responding promptly to a request for money or access to systems.

Telsy web reputation scrIt follows that it is in the interest of companies to combine the prevention of this type of attack with strategic lines of operations. In this sense, it is necessary to implement internal measures related to security awareness, so that a relationship of direct proportionality can be established between the level of cyber security of individual employees and the overall level of security of the organizational structure.

In terms of legislation, there is no shortage of obligations on companies to adopt security measures. Specifically, Article 32 of the GDPR notes, which imposes an obligation on those who process personal data to take all necessary measures (including pseudonymization, data encryption and test, verify and evaluate procedures). Indeed, despite the fact that it is not explicitly stated in the Regulation, it is recommended that companies take steps to ensure that employees are directed to training sessions and are made aware of the risks related to the security of personal data in the execution of their work activities.

 

Impacts and consequences of social engineering

It is clearly evident, then, the growing danger of social engineering, the sophistication of which lies in what cyber attacks are perpetrated not through the exploitation of technical vulnerabilities but of psychological vulnerabilities of employees.

More specifically, then, appearing anything but negligible are the negative impacts of such attacks on web reputation. Reputational and economic risks, in fact, are unbreakably related: the dispersion of confidential information assets or a halt in operations, occurring as a result of attacks lashed out by exploiting social engineering techniques, could generate irreversible effects on corporate business.

web reputationOf special relevance, therefore, is the reputational damage suffered by breached companies. This has meant, in the recent past, that many companies whose data were stolen due to a cyber attack were reluctant to disclose the information to the public. The lawmakers, in order to protect the transparency of the processing and enable stakeholders to take appropriate precautions, have stipulated – in Article 34 of the GDPR – the obligation of the Data Controller to communicate in “plain and simple language” information about the data breach.

The aforementioned obligations now rule out the possibility of not making the data breach public, instead burdening the target company with identifying the best ways to communicate the breach to users. And even the methods of communication will entail incisive effects on the business: for this reason, it is essential that there are web reputation experts in data breach handling, so that they can educate and inform employees on the main attack methods and related risks as well as on the methods and rules of conduct aimed at preventing them, in order to limit exposure to social engineering and preserve company reputation.

 

Conclusions

In light of the above and based on the issues discussed, one cannot but find a very close link between the reputation that a company builds in the digital world and the negative impact that being the victim of cyber attacks, perpetrated through social engineering techniques, can have on it.

Informing, making employees aware and educating them so that they develop a culture to cybersecurity is essential for the protection and security of company assets, preventing them from exposing the company in which they work to possible dangers that can also compromise the entire supply chain, affecting the business.

Companies are made up of people: if everyone can make their own concrete contribution with daily gestures and cautions aimed at protecting and strengthening the corporate ecosystem, this can only have a positive effect on the company’s favorable perception in the industry scenario and its reputation as a company that is both responsive and proactive with respect to the most modern instances of cybersecurity.

 

 

The authors

Erica Onorati, Law Graduate from LUISS Guido Carli University in Rome with a thesis in civil law entitled “The renegotiation clauses,” focusing on the analysis and applicability of renegotiation in contractual matters. She then obtained an Executive Master’s Degree from the Il Sole 24 Ore Business School in Cybersecurity and Data Protection, focusing on the analysis of strategies to protect corporate assets and prevent cyber risks. Specializing in the civil law profile, she has delved into topics related to contractual and non-contractual liability and corporate and commercial law. After several experiences gained in the legal field in corporate contexts as a corporate lawyer, she currently holds the position of Legal Supervisor in Telsy, with a focus centered on the management of corporate contracts, legal advice provided to the business lines involved in the various areas of corporate operations, extraordinary transactions, and corporate secretarial work.

Niccolò Francesco Terracciano, law student at LUISS Guido Carli University in Rome, he has gained experience in non-profit associations, having the opportunity to deepen his knowledge related to commercial law and business consulting. Currently, he holds the position of Legal Specialist in Telsy where he is developing, in the corporate field, the theoretical knowledge learned during his studies in civil, corporate and new technology law.

Marco Rosafio, Law Graduate from the LUISS Guido Carli University in Rome with a thesis in bankruptcy law; he has obtained, at the same University, a Level II Master’s Degree in Business Law. He has collaborated with a law firm working in the areas of business contracts, corporate law and litigation. Currently, he holds the position of Legal Assistant in Telsy, delving into the same issues within the corporate context.

Vittoria Toscani, Graduated in Political Science from La Sapienza University of Rome with a thesis in the history of contemporary political thought entitled “Humanitarian interventionism and the responsibility to protect”; she obtained a Level II Master’s Degree in Political and Institutional Communication and Marketing from LUISS Guido Carli University in Rome with a thesis in Brand storytelling and Media Company. She has gained several experiences in the institutional sector, first as a parliamentary assistant at the Senate of the Republic of Italy then in the field of institutional relations both at the territorial and national level for several corporate entities. Currently, she holds the position of Regulatory Specialist in Telsy, monitoring the path of a law with particular attention to the analysis of regulatory impacts on corporate business.