Image credits: FLY:D, Unsplash

Cybersecurity Boost is COVID-19's Silver Lining

By Andrea Villar | Tue, 06/08/2021 - 05:00

The pandemic has completely changed the landscape of cybersecurity around the world. The new environment in which businesses find themselves has created a huge opportunity for cybercriminals, who have been able to take advantage of the growing attack surface, while introducing new challenges for company security teams.

As businesses go through their digital transformation and many employees remain home-bound, cybersecurity has become a major concern, not only legally and operationally but also because many businesses have already realized how much they stand to lose if their data is compromised.

“A few years ago, the IT department was in charge of this area (cybersecurity) and it was rare for a company to have its own cybersecurity department. Today, many companies have it and that is a reflection of the growing awareness of this risk,” Oswaldo Palacios, Director of Sales Engineering for Mexico and Latam at Guardicore, an Israeli cybersecurity firm, told MBN. “However, Mexico continues to be the third-most cyberattacked country in Latin America and this means that there is still a long way to go. There are many companies that still do not measure the risk and consequences of an attack. Among the biggest challenges facing cybersecurity companies are budget and the inaction of companies, which prefer to take the risk,” he added. “The budget a company allocates to cybersecurity is equivalent to the risk it is willing to take. If a company's customer database costs US$10 million, investing US$100,000 is not a financial sin.”

According to Palacios, being informed is the first step for companies to start taking cybersecurity seriously. “There are many solutions in the market but they are very difficult to implement, complicated to manage and also very expensive. In my experience, the most expensive product is not always the best and sometimes it is not what a company needs,” he said.

In the last year, companies have also learned that cyberattacks are not only executed from outside but that employees are a potential risk, as well. Employees working from home with less supervision and fewer technical controls may be tempted to carry out fraud or other criminal activities, Deloitte reports. According to Forcepoint Director General Adriana García, “Sometimes data is seen as static but it is not. Data moves around the company and so does the user.” He added that changes in employee behavior must also be factored into the equation. “An employee who is good today, for example, may try to steal the entire customer list tomorrow because he is going to move to another job. It can also be the simple fact that the user took his equipment out of the company office, connected it to an unsecured network and compromised the system,” Garcia told MBN. 

This is a scenario for which security experts have also prepared. Andrés Gueci, Director General of cybersecurity company Kiara Tech, explained to MBN that by having visibility over time, the company can detect a pattern that indicates fraudulent or negligent behavior. This includes employees who aim to steal confidential information. “They normally prepare for this over days, weeks or months and our software can intercept signs that this will happen. For example, if the employee starts opening directories with confidential information or manages volumes of data larger than their daily or monthly average, we will know about it. They may be converting the info to images or PDF documents. The pattern of events is detected by our software, allowing us to identify the culprit,” Gueci said.

Nobody Is Safe

2020 was proof that no company, whether small, medium or large, is off the radar of cybercriminals. Over the last year, reports of cyberattacks have been increasingly common and crimes are more difficult to track due to new technologies such as blockchain and bitcoin.

The most recent large cyberattack took place on May 7. Colonial Pipeline Company, which operates a large artery pipeline for refineries in the Gulf of Mexico to the South and East Coast of the US, was forced to shut down operations after its IT systems fell victim to cybercriminals. The pipeline supports roughly 45 percent of the gasoline, coal, home heating oil, jet fuel and military supplies for the US East Coast, which led many to believe that a fuel shortage was coming. Numerous media outlets, including NBC News, Bloomberg and the New York Times, reported that the company paid almost US$5 million in ransom to the cybercriminals to resume operations on May 13.

Mexican companies have also fallen victim to ransomware attacks. In late-2019, a group of cybercriminals hijacked a series of computers at Mexico’s national oil firm PEMEX and crashed its servers. The hackers asked for 565 bitcoins (US$4.9 million at the time) to liberate the information. The attack on the NOC is just one of probably thousands that have occurred in the country in the last year. Unlike the US, Mexican authorities do not require companies to report when they have been the target of a cyberattack.

Ransomware attacks have become more common during the past year and Claudio Martinelli, Managing Director of Latin America at Kaspersky, wrote in an article for MBN that one of the most common risks has been attacks against the protocols used by employees to access corporate resources remotely. He said that as companies continue working remotely, it is necessary to make home office assessment and certification a must. "These (risks) can be overcome by taking proactive actions to ensure an organization remains protected,” he wrote for MBN. “These include gaining a full understanding of how specific threats are being carried out and where they are coming from, ensuring the protection of the data stored in third-party services, equipping remote employees with the right security solutions and policies to keep their home office networks safe and secure."

ransomware, attacks

Photo by:   FLY:D, Unsplash
Andrea Villar Andrea Villar Journalist and Industry Analyst