Building a Proactive Cybersecurity Strategy

As vaccination moves forward in our country, more and more companies are encouraging their employees to return to the office or they are adopting a hybrid model. Unlike the frenzy companies experienced at the beginning of the pandemic to get everyone working from home, companies have the opportunity to carefully examine their IT infrastructure and design a proactive cybersecurity strategy to ensure a safe transition.

Recently, Kaspersky presented its 2021 Threat Landscape for Latin America, an annual report prepared by the company's Research and Analysis Team. The report, based on the Top 20 malicious programs detected in the region, revealed a 24 percent year-over-year increase in cyberattacks. For Mexico, this represents more than 103 million infection attempts in the first eight months of 2021 — an average of five attacks per second.

The report highlighted a key finding that we have previously addressed in this column: remote access technologies, used for home office, and unlicensed software are the main vectors of attack for companies. Now that many companies are deciding on whether to return to the office or keep their staff working from home, it is important for them to carry out a detailed evaluation of the state of their cybersecurity, as well as understand the short- and midterm requirements needed to ensure an active defense strategy.

From Kaspersky, the following are three simple steps to help companies design a proactive cybersecurity strategy to stay ahead of the cyberthreats affecting the region.

The first step is to conduct a risk assessment analyzing the company’s detection and prevention systems. This can be done by reviewing the details of previous incidents, including the vector used and type of attack. Companies should also check their infrastructures to rule out any active but unknown threats. Similarly, they should seek to learn about the types of attacks targeting companies within the same industry.

The second step is to make the industry’s intelligence work for you. This insider information will help minimize the impact on your budget and reduce the reaction time when facing a potential attack. Kaspersky’s IT Security Economics Report revealed that 41 percent of companies and 39 percent of SMEs consider threat intelligence as an investment. Services, such as Kaspersky Threat Intelligence Reports, provide a holistic strategy to deal with the entire spectrum of current threats, APTs, and targeted attacks.

The third and final step is perhaps the easiest and most important: spread the knowledge and train your staff. Everyone. It is useless to have the best cybersecurity policies if your employees don’t follow them. A recent study revealed that 25 percent of Mexican companies have cybersecurity policies in place but their staff is either unaware of them or not required to comply. As we have said in the past, employees, the human factor, are the weakest link in a company’s cybersecurity chain. Cybercriminals know this and often direct their attacks to personnel in areas unrelated to IT as they are usually not familiar with online threats and the potential risks.

Overall, it is fundamental for every company to invest in permanent and adequate training for all staff, according to the different levels of knowledge of every team member. There are tools like the Kaspersky Automated Security Awareness Platform, a simple and comprehensive cybersecurity awareness learning system for businesses of all sizes, that offer a new approach to online educational programs that deliver knowledge and develop authentic digital hygiene skills. The platform adjusts to the individual pace and learning skills of each employee, delivers helpful recommendations, and ensures skills and knowledge.

By following the three steps outlined here, any company can build a very solid IT security strategy that fits their budget. Cybersecurity does not have to be abstract or complicated. On the contrary, it can be very rewarding, especially when working with industry experts that help you achieve an optimum defense strategy.