Let’s talk about recent cyber attacks. The cost for the hijacking of systems grows by 60% and increases the theft of data through emails.
Internet security has become one of the major concerns. The demand for security experts continues to grow and the Center for Cyber security and Education foresees that in 2022 there will be 1.8 million jobs of this type not covered (350,000 of them in Europe). The Cyber Incidents and Noncompliance Trends Report published annually by the Online Trust Alliance(OTA), with an analysis of violations and incidents on the Web, estimates that there were more than two million computer attacks in 2018, although these are the recorded data and the actual amount is likely to be significantly superior because not all victims report. In total, the cyber incidents of last year had a financial impact of more than 45,000 million dollars, about 40,000 million euros.
As the publication explains, the OTA conveys a general idea of what the situation on the Network is currently, but it is difficult to obtain a complete and accurate picture of the global landscape, since a large part of the databases are regional. Threats that arise on the Internet are not reported. For Hervé Lambert, director of Consumer Operations at Panda Security, it is essential to denounce all kinds of attacks “to do forensic analysis and find out where they have entered and what tools they have used.” “It would allow us all to do a better job,” he explains. . In addition, Lambert believes that most of the time it is not done by image, since organizations do not want to know that they have been victims of data theft.
The OTA has analyzed for its report ranswomware attacks (kidnappings of computer systems accompanied by a rescue request), obtaining compromised data from emails, denial of service attacks (the inability to use certain services) and the vulnerability of connected devices, among other threats to Internet security.
The study reflects that the kidnapping of data systems decreased in the number of incidents recorded last year compared to the previous year, but their financial impact increased by 60%. The cryptojacking – theft criptomonedas- also declined as the year progressed, in line with the decreasing value of virtual currency.
In addition, the study has highlighted that the largest data breach occurred in the records of Aadhaar ( the national identification database of India), which compromised 1,100 million data, and by the Facebook and Cambridge Analytica scandal , which affected 87 million people and involved a debate about the protection and use appropriate to user data.
Miguel Juan, managing partner of S2 Grupo, a cybersecurity company that works with the Ministry of Defense, believes that it is necessary to raise awareness by corporations because any company, even if it is small and thinks it has no relevance, is likely to be attacked . This is due to three reasons: “Many of the attacks that are made start automatically because criminals have botsthat surf the web looking for vulnerabilities. In addition, they all have interesting information, especially that which has to do with people and means of payment. On the other hand, if you can take control of the company’s computer equipment, they can be used to make attacks on other sites (and become part of the network that is being used for attacks) or to undermine cryptocurrencies, ”he explains. Juan. Another study , prepared by the company ESI ThoughtLab and focused on the analysis of cybersecurity in companies, estimates that more than one in ten companies lose about 10 million dollars in a year.
Regarding the attacks known as Business Email Compromise (BEC), that is, those with which data are obtained from the emails of the companies, have increased during 2018. With this threat, the employees of the organizations are deceived by attackers who pretend to be sellers or executives, to send funds (or equivalents, such as gift cards) in response to emails. The FBI said that there were 20,000 attacks of this type in the United States alone, which have resulted in losses of $ 1.3 billion.
Awareness is required by corporations because any company, even if it is small and does not have relevance, is susceptible to attack.
From the content of this report, it is noteworthy that 95% of the infractions could have been avoided. Lambert also believes that awareness, both of companies and people, is essential to avoid these threats: “In the business field there are more nuances, but in particular, there is no awareness. Organizations have more resources than people, but we must start by applying common sense with the practices we follow in technology, ”he says. For Lambert, there are some basic steps that must be followed to protect against these attacks: use a state-of-the-art antivirus, secure networks, store data on company resources (not personal devices) and use nuble with discretion, among many others.
In recent months, in Spain there have been important computer attacks, such as hacking the e-mail of Judge Marchena (one of the magistrates of the process ), or the attack on the online ticketing system for the Alhambra , where they stole 4, 5 million data.