Cyberattacks represent a threat to both users and companies that provide digital services, as well as significant economic damage. To provide some basic data, according to a study by the Anti Phishing Working Group (APWG) in January 2021 there were historical peaks that make it the third month with the most fraudulent registrations of the decade. On the other hand, in an article published in the Wallstreet Journal, 495 million attacks were registered, which represented a 148% increase in relation to the previous year. In addition, a Beyond Borders 2020/2021 Study by Ebanx indicates that e-commerce, for example, increased by 30% in the number of users at the regional level. In six months, something was accomplished that was projected to be accomplished in two years.
This entire framework constitutes fertile ground for cyber attackers and, in the face of this, system protection barriers must adapt to this growth. While the threats found are not new, they evolved and became considerably sophisticated with the ability to target more specific targets and in less detectable ways. Cybersecurity, in this sense, is in charge of offering the tools and procedures that protect personal data and avoid violating digital identity.
In recent years some terms such as phishing, malware and, to a lesser extent, ransomeware have become more and more familiar to users. All of these are types of cyberattacks that obtain data in different ways, either by pretending to be official organizations, such as entering devices via websites or using viruses to obtain personal data. In many cases these procedures become imperceptible to users because sometimes they do not even require interaction with the systems.
Faced with this scenario, those responsible for cybersecurity and IT must face five major challenges:
- New tactics, techniques and procedures that threaten business continuity. All continue to focus on the end user, who operates with technology but in most cases does not have enough training to identify, prevent and isolate a risk.
- Need for dynamic security. Under the philosophy of not trusting any agent, device or individual, every protection rule has to be dynamic and at the same time not require an individual for its operation.
- Frauds in electronic commerce. With the rise and expansion of online shopping throughout Latin America, the risks also grew. In Argentina, for example, Internet scams increased by 50% in online purchases, while in Mexico, 34% of users rejected unacknowledged purchases.
- Identity Theft. Reports of this crime grew more than 700%. By not having a control center, individuals lose sight of what may be happening and how fraud of this type affects their lives. The rapid adoption of DiD – identifiers that allow to validate the authenticity of people, organizations or devices; and decentralized identity methodologies will, in a short time, improve the experience.
- Connection from multiple devices. Employees connect from different teams, so they can expose critical systems in organizations. Added to this are the risks of borderless infrastructure, derived from multi-cloud environments.
Keys to increasing cybersecurity and mitigating potential damage in 2022
In order to increase confidence and reduce risks, companies must continue to work on six key aspects:
- Protection with zero trust models. This scheme implies that organizations should not automatically trust anything, both inside and outside the perimeter of their network. Thus, it is required that everything that tries to connect to the company’s systems must be verified to gain access. Its main objective is to mitigate the risk of cyber attacks.
- Comprehensive protection of remote workstations. This ensures the safety of collaborators, no matter where they are or what device they are connecting from.
- Prevention against information leakage. It can be through software that detects possible attacks or with the incorporation of tools that prevent filtering. In addition, well-defined policies and procedures must be implemented that prioritize communication, confidentiality agreements, and the importance of security.
Do not lose sight that the new frontier is digital identity
It is necessary to continue working to protect the collaborators and clients of each institution. At the same time, it is essential to build an Awareness Plan on the Importance of Cybersecurity in Organizations. More and more attacks are being carried out focused on exploiting people’s vulnerabilities.
It is necessary to invest time in informing and training users, so that they have more and better tools to make their decisions. This will minimize the risk of unauthorized access to confidential information, which can have a profound negative impact on the business. The leak, theft and loss of confidential information; They can cause brand reputation crises, legal breaches (GDPR, etc.) and face fines, which in many countries with strict regulations can reach up to 4% of the company’s annual turnover.
Source From: Ambito
