Recently, the media reported an impressive attack on the SolarWinds company, becoming classified as the most sophisticated and dangerous because high-level official organizations such as the Pentagon or the Treasury Department were compromised. How it happened? The cyberattack was carried out through the company's software supply chain to introduce the malware into one of the updates. Do you know how long it took the company to discover the malware? Surprisingly, it took several months for IT staff to spot the problem to the point of discovering four different strains of the virus at that point.
Cases like that of SolarWinds are happening more and more and without doubt, for companies, the shift towards telecommuting and financial limitations due to the economic recession are not the biggest of their problems and it is that the growth of cyber threats due to the global pandemic has been identified as one of the main concerns that will most affect the daily routine of security professionals during 2021, leaving an uncertainty for the subsequent years in the field of security.
It is clear that the evolution of threats is constant. This is no longer treated as it was 20 years ago when the fault was probably a bright-minded teenager who, out of boredom and mischief, could put companies in check. Currently there are real criminal organizations with numerous resources and incentives to commit crimes in activities related to cybercrime. Imagine that in this war, the adversary is constantly looking for new forms of fraud, identity theft, fraud and access to information. Are you prepared to defend and protect your company from an attack of this level?
It is worth noting that the gap between companies that years ago undertook the journey to increase their cybersecurity is beginning to be noticeable, and today they have good results in terms of maturity, in contrast to those that are still perceived with efforts that go from the initial to the intermediate.
Cyberattacks happen all over the world, recently the French National Cybersecurity Agency announced the cyberattack carried out through the servers that run the “Centreo” tool and which is used to monitor applications, systems and networks, being an attack style Phantom threat since the company did not realize what happened until after three years. The problem with malware is that once they gain access to the servers that run the operating system, it spreads through the networks of the companies that use it, so it is important to be alert to possible threats.
Avoiding ending up in such a situation where malware uses encryption to hinder analysis and enforcing access control when deployed on a compromised host is never-ending work to stay one step ahead and prevent these cybercrimes from being committed. Therefore, training, specialization and updating are essential in the field of cybersecurity. It is worth emphasizing how fundamental it is to keep companies protected and prepared to understand the challenges and perceive the opportunities in cybersecurity and IT management.
It is a fact that there is no magic formula that allows us to be 100% protected, however we can make the path very difficult for attackers. Given the vulnerability of companies to cyberattacks and the fact that the COVID-19 pandemic led to an increase in cyberattacks in the world, it is important to consider the employees and the protection they have from the company, at the time they carry out their work activities. At this point we must add that the use of social networks increases the frequency of personal attacks since it is a way where people expose themselves too much and lower their guard by feeling in their comfort zone. In 2020, as a result of these virtual attacks, a person's identity was stolen every three seconds, and the average cost of data breach to a company was $6 million dollars.
Nowadays we must overcome the shift to telecommuting and be prepared to combat the growth of cyber threats. While each organization related to the business of cybersecurity will face its own set of challenges and opportunities to move forward, the main one is clear: to seek success in all aspects of an organization to safeguard its critical information, its infrastructures and its collaborators.
Given how worrying to think about the question, what activities would be a priority for a company in the event of an attack? We share the following list that will help you act quickly and cope in case a situation like the one mentioned happens:
- Provide evidence that vulnerabilities have been overcome.
- Make the problem known to customers, before third parties report it.
- Provide frequent updates on the situation.
- Fix identity theft problems and other damages to affected customers.
- Offer a direct line to customers for information security inquiries.
- Guarantee compensation to victims.
- Apologize to the injured parties.
In these cases, it is evident that the support of Senior Management to improve cybersecurity issues is not limited to sensitivity, but also includes the budget and greater investment in these capacities. Demonstrating that this investment is being effective for the organization will be a great challenge for those responsible for this area in the coming years, so it is important that this investment considers having comprehensive solutions for the entire security ecosystem and a visibility that combines the policy mechanisms that allow the organization to be protected both for those who work within the company's facilities and for those who access it remotely.