The cyberattack market is one of the largest and fastest-growing, it is difficult to quantify due to its clandestine nature, however, it is estimated that it moves about one hundred billion dollars a year and grows between 10% and 12% per year.
The cyberattack market is the number one priority for corporate IT managers, whether they are large multinationals or small businesses, and that is because cyberattacks have been growing year after year in frequency and complexity for two decades. These attacks, moreover, are being marketed more and more quickly.
You may also like:
In Latin America, Mexico tops the list of attempted cyberattacks with 85 billion attempts, followed by Brazil with 31.5 billion and Colombia ranks third with 6.3 billion. In addition to the economic cost they generate for different organizations, they can have a significant impact on their reputation and trust, as well as the privacy and security of the individuals affected by the attacks.
With the data mentioned above, it is pertinent to ask the following question:
Are there more cybercriminals or are they getting more sophisticated?
According to Kris Hagerman, CEO of Sophos, more and more sophisticated and advanced zero-day threats are appearing (zero-day attacks in technological language). A zero-day threat is a vulnerability that has been identified in a system and that no one else knows about, not even the developer of the system in question. Finding them is very complicated, it can take months or years to identify and develop them; In addition, an increasingly professional cyber-attack trading market is emerging.
So, for example, there’s something called initial access agents and they only do one thing: they find a way to break into a network and then they sell that information or enter the key.
Security within an organization has to do with three elements: people, processes, and technology, it is not enough to have good software, you also need employees to know how to use it and how to manage their lives online. It would be complex to try to put an end to cybercrime, but with a good organizational culture and data management it can become a manageable problem.
If a stranger asks for your credit card, you won’t give it to them, but on the Internet, if they ask you the right way, you will; we are more inexperienced in managing our online lives than our physical lives. Therefore, it is vital to train people in this field.
The rise of remote work and various activities that we carry out online increases the field of action for cybercriminals.
There are policies such as the so-called Zero Trust (zero trust) which consists of creating an environment in which it is assumed that none of the devices connected to the organization is secure so that when the device connects, it requires a series of steps before enabling them. This approach can also help those who work remotely.
Other suggested points to have a better defense against cyberattacks are the following:
• Assign a specific role (qualified personnel)
• Continue strengthening the technological infrastructure
• Create a password and access control policy within each organization.
• Create training programs on cybersecurity
• Extend and create cybersecurity best practices
• Preserve the physical security of the physical elements of the infrastructure and the digital ecosystem.
• Establish a backup policy (back up)
• Implement floating security protocols (For home office users and/or external actors)
• A governance approach around information security
A specialized accompaniment in the design and implementation of the security strategies of our companies is very relevant today.
It is necessary to start taking action in this regard.
David Monarque Saenz
Director of Commercial Channels Mexico and Brazil at Convergia