The weakest point of your company

Companies often entrust information security or cybersecurity to their IT department or a specialized external provider, thinking that if something fails, it is their fault. Is it the case of your company?

Well, you should know that cybersecurity is the responsibility of all.

Technologies advance very fast and become increasingly complex. But people don’t evolve as fast as technology, and sometimes the technology knowledge and training gap is wide. Putting the entire organization at risk. Can you imagine an industrial operator working with dangerous machines without the necessary safety training? Today it would be inconceivable. The same thing happens in the digital world. In this case, instead of protecting the integrity of the person, cybersecurity training aims to protect the organization’s digital assets, which are increasingly important. The user is the most key piece of cybersecurity.

We can put the most exhaustive measures, implement the newest, most expensive or complex technologies, have the best policies, but a user can give information over the phone to those who should not, download a malicious application, make an erroneous transfer or fall into another type of spoofing.

Users are susceptible to social engineering, the art that allows an attacker to “hack into the human mind” and expose data that the user knows or can provide.

Whether due to ignorance or malicious intent, a user can:

The attackers’ knowledge is much higher than that of the users, and they take advantage of this knowledge gap to carry out attacks on organizations.

Although the work of the management and technology departments are of vital importance, so is the training of all employees. The General data protection regulation already indicates the obligation to train employees for the correct management of personal data. This training must not be static, but must enter the cycle of continuous improvement. In this way, together with a correct management of cybersecurity roles, procedures and tools, companies are able to shield themselves against most cyber attacks.

The management of the change is one of the most important challenges that management and technical teams have to face, and the results are worth it. It is recommended to train the user so that security and performance go hand in hand rather than adopting a limiting and locking paradigm for users that improves security but hinders performance.


We know that 100% security does not exist. It’s about the layers. And we know that there is no single tool that protects everything. Security is a joint effort that never ends, and each layer of security must be in synergy with the others.


Are users aligned with your company’s cybersecurity solutions, policies and needs? Are improvements being continuously implemented in this regard? Is cybersecurity enhancing and not limiting the performance of your company? If not, training and education planning is urgently needed, which will facilitate the management of technologies, minimize risks and keep cybercriminals away from your company’s sensitive data.

Discover the training plans: Light Eyes Academy.

Joel Araujo Figuera

Joel Araujo Figuera

Chief Information Officer at Light Eyes and CSIRT team lead at LE-CERT

Have you received an attack or do you think you are not protected enough? Contact us and subscribe to the newsletter to receive information on new attacks and recommendations.