People are more connected to technology than ever, and while that is making life easier in many ways, it also poses risks. According to Microsoft data, a person is connected to four devices on average, which has increased the surface of attacks by cybercriminals on people and companies.
At the Latin American level, the big problem in digital matters is cybercrime, that is, those people who carry out various types of attacks for financial gain, said Marcelo Felman, director of cybersecurity at Microsoft Latam.
And it is that since the beginning of the pandemic there has been a 600% increase in this activity, which demonstrates its potential, in addition to the fact that they often act without great reflectors, unlike hacktivists, who make more noise during their offensives and the consequences they generate.
Ransomware, an old acquaintance that will continue to affect
As corporate networks increase their use of the cloud, cyberattackers are taking the opportunity to have a greater impact on their ransomware attacks, Felman says. Fortinet figures indicate that ransomware increased by 1,070% between July 2020 and July 2021.
In addition, the severity of the attacks is increasing, since it generated close to 20,000 million dollars in damage in 2021 and it is expected that in 2031 that figure will exceed 265,000 million dollars.
Felman points out that today, attackers are more motivated because they are in the best time for their profits while still affecting business. According to a Microsoft survey of more than 500 security professionals, 65% of victims who paid a ransom got just over half their data back, and a third received less than half their information.
It also problematizes that just as there are more access points to information, defenses do not have visibility over all parts of the business, which represents a greater security risk, generating from economic losses to intellectual property.
In this regard, he points out that now companies not only face hackers working for themselves, but entire ecosystems, groups that divide their operations into large branches to affect on a larger scale, since they are organizations that recruit, carry out social engineering campaigns , they share knowledge among themselves and that establishes an asymmetry with cyber defense, which is often fragmented.
“Cybercriminals always take the path of least defense and attack when they are sure that there will be a return on investment,” highlights the specialist, who also highlights that it is a moving target that defenses are always chasing.
Against this background, prevention is a key point. Given the variety of access points to monitor, he recommends using Artificial Intelligence to scale the human ability to detect and illuminate blind spots that represent a risk.
From the side of access to equipment, the expert advises giving a higher priority to multi-factor authentication, as this tool makes it possible to stop identity-based attacks, which are the new security perimeter.
Governments, an easy target for their bureaucracy
Attacks on government institutions generate a lot of controversy due to the impact they have on public life, but to counteract this problem, a cultural change must be made within organizations, which is too complex, admits Felman, since they are reluctant to change of processes to the updating of knowledge, something fundamental in view of the advancement of technology.
Likewise, these sectors can be an easy target if they use pirated software that does not receive the necessary security updates, since being large organizations, they generate more interest for cyber attackers.