How to Keep Safe Online? Imagine Everyone is at RiskBy Sofía Hanna | Thu, 06/17/2021 - 14:10
Today businesses increasingly depend on technology to operate. Some companies feel that if its services are in the cloud, they are safe but this is a misconception. If businesses do not prepare to avoid blackouts, operations will stop and customers will look for another company, explained Pablo Corona, Deputy Vice President of Cybersecurity at Asociación de Internet MX, during Mexico Cybersecurity Summit 2021 held on June 17.
The risks are numerous and constant so companies and individuals are often unprepared, he explained. “We think of hackers as shadowy figures, but most look like anyone else. Most attacks are successful because of people inside the company. With technology becoming something more and more necessary and useful in our lives, we need to give it the respect it deserves,” said Corona.
Companies operating in the cloud often forget that the cloud itself can be attacked so choosing the right partner is essential, he added. “We must know how to chose suppliers, review their infrastructure and validate them.” Attacks are not exclusive to individuals and companies as “cities also depend on technology,” and disrupting their operations can affect thousands. Furthermore, successful cyberattacks can compromise more than information; they could paralyze or close a business altogether. “There is no longer a border between what happens between the digital and physical world; there is no barrier and this implies new types of risk. When we talk about cybersecurity, we are not just talking about protecting bytes but life itself.” The goal now for cybersecurity companies is to keep the business alive, continuous and useful while protecting users.
Mexico has grown fast in internet penetration. Between 2018 and 2019, internet penetration grew by 7.9 percent and between 2019 and 2020 by 10.2 percent. This fast grown has permeated into other areas such as digital commerce, which grew by 22 percent just in 2019. After the pandemic, there are even more users but there are also more risks. If more users are easy to attack, the profits of cybercriminals will also increase, explained Corona. Moreover, the more attacks the greater capital incentive for potential cybercriminals. “Financial fraud has also increased significantly. In four years, it practically doubled and it will continue to grow.” In 2015, US$3 trillion were lost to cybercrime worldwide; by 2021, the amount doubled, explained Corona. “In 2021, there is an attack every 11 seconds. In 2019, there was one every 14 seconds.”
Most of these attacks occur via email or a website. Oftentimes, people leave their devices vulnerable, that is they opt-out of updating their system. The other attacks occur through a USB or a similar device, and the remaining are of unknown origin.
While the picture is dreary, businesses should not be afraid. “The idea is not to disconnect. The internet is a great tool for business; it brings us closer to other markets." Corona urged companies to see cybersecurity solutions as tools that will allow them to keep operating safely but the path to do so varies from company to company. He urged business owners to look at their companies as their own bodies. “We must imagine that everyone is infected and if we have to interact with others, we must wear masks, avoid touching anyone and anything and keep our distance.”
This “Zero Trust” strategy assumes all systems are compromised. Despite that, users and companies need to interact with them so authenticating users, identifying devices, encryption, structure reviewing and networks are must-haves. “By assuming that everyone is compromised, our system will be more robust. Attackers look for the easiest target. If we make it more difficult for them, we protect ourselves more.”
Companies should also identify and monitor their vitals as they would a body, added Corona. “One should check the symptoms and go to a specialist if necessary.” Companies should also avoid going through the motions on their own. “If I am not a specialist, I will not self-medicate,” said Corona.
His recommendations for companies are to allow entrance only to healthy and clean items and assume everything is compromised. It is also key to complement processes with patches and updates to avoid vulnerabilities, such as one would with a vaccine. Companies should also “mask” themselves to external risks by isolating from external threats, which in this case would be TLS / SSL or VPNs. Finally, companies must train and educate themselves and their workforce to remain calm during a crisis.
For users, Corona gave some recommendations to safely use e-commerce platforms: make sure the service comes from the provider and not from a third party, do not provide passwords and make sure that links lead to the provider’s website. Furthermore, “passwords should be easy to remember and as long as possible. Do not use the same in more than one platform, change them frequently and do not share them.”