2 The door closed and the windows open
2.2 External devices
2.4 Beware of wi-fi
3 Cybersecurity Tips
4 Solutions for your company
The stereotype of cybercriminals associates them with guys hiding in a bunker equipped with the best technology; Although there are well-articulated organizations that operate in this way, in many cases the weak point of cybersecurity begins with the user inserting a USB found in the parking lot into a work or personal computer.
Incidence of cyber attacks
Cybercriminal activity can be devastating for businesses and governments. According to the Ponemon Institute and Accenture , the total cost of cybercrime to businesses rose from $ 11.7 million in 2017 to $ 13 million in 2018 . Research indicates that the total value at risk from cybercrime could reach $ 5.2 trillion in the next five years. Regarding the business segments and areas where the highest incidence is recorded, the Bulletproof study highlights the following:
The scenario for SMEs is no less worrisome, attacks in the global environment increased 243% in 2019, and progress is observed with respect to the objectives. In some cases, they focus on internal systems or controls, as well as data and information theft.
The closed door and the open windows
Criminal techniques and methods evolve; However, in most cases, it is the inhabitants themselves who neglect security, therefore, the creation of protocols and training for users in all areas is key.
The most common cyber attacks in Mexico occur through email, a threat known as phishing. It consists of impersonating an identity to collect personal data, for example, an email from a bank whose subject is: Held transfer . When opened it contains the graphic identity of the financial institution and requests attached documents to continue with the transfer.
Although it sounds incredible, the history of the USB with a suggestive nomenclature found in the parking lot, in the bathroom or on the desk, is usually more common than you think. The user can open a photo ending in .dll. or .exe. and, with it, execute a code inside the disk that allows to absorb information.
Passwords are a separate issue. It is almost certain that all the user’s credentials are in an email or, even more, a list with all the passwords. By using the same passwords or logging in to insecure places, any cybercriminal’s job is easier . Remember that 123456; password or Luis1984, they are easy to crack.
Beware of wi-fi
Wi-fi is a great way to welcome strangers. Someone comes to the company and asks for the password to check their email; no one will change the password after that unknown access. In this way, you can enter the router firmware and access the operating system. No one will know, because the internet works fine, but internally there is a piece of code that absorbs the network traffic and redirects it.
These are just a few avenues for criminals, which allow you to install internal operating systems or malicious software (malware). An example is ransomware or ransomware, which takes over the hard drive and encrypts it ; hackers ask for a payment to release the information. In 2019, Thief’s Wannacry and Predator ransomware stood out due to attacks on banks in Mexico and Chile.
In a context that shows the ease with which corporate and government security systems are breached, it is important that the responsible areas update the technology and security licenses, but, above all, that they train and educate users . A good security plan must fall into the areas of information technology and operations (IT and OT). An internal communication campaign with Marketing support will be important to land the information with all users.
Socializing the security protocol will allow an adequate reaction to emails with unexpected attachments, and, of course, will eliminate the temptation to introduce external devices without prior review. On the other hand, updating and renewing operating systems and software should not be taken for granted, in many cases it is wrong by omission by not communicating the arrival of an update message to the corresponding areas.
Corporate communication is a good place to start with security protocol. If collaborators communicate by WhatsApp, other options can be recommended , including Webex Teams and Cisco Meetings or other closed tools. As for more advanced attacks, there is Cisco Umbrella3 and Cisco Advanced Malware Protection for Endpoints (AMP4E) , which work through global threat intelligence, advanced sandboxing , and real-time malware blocking.
Solutions for your company
It is important to consider the targeted threats, but it is also important to attend to the habits of the users , for example, connecting to open and unknown Wi-Fi networks; use tools not designed for the treatment of sensitive data; indiscriminately install insecure applications or applications with excessive permissions; use removable devices or open emails without any precautions.
If you are about to start or renew a cybersecurity plan, contact us. We have more than 30 years implementing collaborative strategies, business consulting and high quality service. Our portfolio offers security , collaboration , consulting and adoption solutions , among others. Get to know us and let’s find together the security solutions for your company.