Cybersecurity: ‘Tomorrow’ May Be Too LateBy John Clayton | Thu, 11/04/2021 - 11:19
I’ve heard this common saying so many times: “I’ll do it tomorrow.” In fact, tomorrow is often too late.
Our natural behavioral tendency is to wait. Wait to see what happens. “I’ll wait until somebody else does it.” “I’ll wait to see change or the trend increase or decrease.” The fact is, we try to rationalize by trying to convince ourselves that it won’t happen to me or us because, one, it’s never happened before and, two, we don’t usually see threats coming at us in cyberspace if we’re blindfolded by having no cybersecurity measures in place. The reality is that it’s not the direction we should go in to tackle an ever-increasing threat to businesses, organizations, governments and society as a whole.
Being involved in cybersecurity, I make it my business to carefully study and analyze growing trends and, of course, statistics – keeping my finger completely on the pulse. In doing so, I want to give you facts and stats that are not from me or Arista Technologies but from independent research from various sources in relation to cybersecurity in Mexico and Latin America.
It should be noted that so far in 2021 there have already been more than 78,000 cyberattacks per hour in Mexico.
Mexico has suffered more than 800 million attempted cyberattacks against personal computers, public organizations and companies.
According to the popular online media company Entrepreneur.com, Mexico has become one of the main victims of cyberattacks in recent years. Recent analysis by the International Telecommunications Union shows that Mexico ranks 52 out of 182 countries in terms of cybersecurity levels.
These are easy obtainable sources from various online articles and the threat is real indeed. What most people do not understand is the devastating consequences of cyberattacks, who they're attacking and why it’s increasing. I’ll start with the first one: the devastating consequences.
Ten years ago, when smartphones appeared, criminal gangs and hackers hacked into phones, stealing information, taking data and using that data. Now the trend is changing. These days, hackers prefer Industrial Control Systems (ICS).
What is an ICS? It is a term used to describe different types of control systems that include the devices, systems, networks, and controls used to operate and/or automate industrial processes. They are very different to Information Technology (IT) and hackers are seeing more benefit from hacking ICS and that has a consequence, potentially creating much more damage.
Imagine this from an ICS context. You have a manufacturing plant, a hacker hacks into your
system and stops your entire production line. There’s nothing you can do. It causes financial
damage to your business because it stopped producing, causing a huge backlog, potentially causing a supply chain problem and damaged reputation, to name a few.
The hackers will demand a ransom which can run into millions of dollars, which then causes an even bigger problem. Do you pay and rely on them to be true to their word and reactivate your production line and return to some normality? If you do this, then you run the risk of two things: one, they may receive the payment from you and not fulfil their promise or, secondly, you’ve just created a reputation among organized criminals that you pay ransom attacks.
The worst-case scenario, however, is loss of life or serious injury to people. For example, if you are a business manufacturer that deals in highly flammable or toxic products and hackers take control of your automated industrial process, they have the power to destroy tangible assets, potentially harming or killing people.
Why is it increasing you might ask? We now live in a world where increasingly, everything is going online. Most people have heard of the term Internet of things (IoT), which are physical objects that are embedded with sensors, processing ability, software, and other technologies that run things. For most people, it could be your TV, car, fridge, or home security systems. And it’s increasing.
For the purpose of this article, I personally would like to change IoT to IoE (internet of everything) because that’s where we’re heading. People are using more Smart technology and businesses now also rely on the internet and network systems to control all aspects of their manufacturing or production line.
In many cases, it’s 24 hours a day, seven days per week for the business to function and meet the needs of its clients. With this in mind, businesses that operate this way are more vulnerable and most susceptible to risk and the rewards to hackers are high. Because of this, it's now more fashionable for hackers to penetrate Industrial Control Systems (ICS) and the trend is rising.
As I state on a regular basis, we live in a different world compared to 20 years ago, where we once worried about our IT systems going down and, at worse, we might have our credit card information stolen. These days, the risks to businesses and society are becoming bigger, more dangerous, and having more of a lasting effect.
My advice is to be hyperaware in a hyperconnected society where if one company is at risk, then you can be too, whereby you could be a part of the domino effect in terms of disastrous consequences.