Cyberattacks, a real threat in 2021
Has the number of cyberattacks increased during the pandemic? With this in mind, what can we do to reinforce our organization’s security?
This period of uncertainty and constant change that we are living has made most organizations see their defence against cyberattacks reduced or weakened, no matter the size, sector or activity.
Digitisation has been a key factor in this context. Its advantages include easing our work, speeding processes and tasks, and reducing business costs. Nevertheless, we must not forget that digital transformation brings us closer to the surface when it comes to being possible victims of cyberattacks.
That surface is precisely what enables hackers to carry out cyberattacks. Which are the consequences? Loss of confidential information, financial damages, bad reputation, legal issues, etc. Financial consequences are reflected in the paralysis of any organization’s daily activities or, in many cases, in the financial outlay they are forced to make in cases where a ransom is demanded for the stolen information, etc. On the other hand, the reputational implications for the company affect the credibility and perception of its customers, suppliers, employees, etc. In short, trust is diminished when they learn that sensitive information about them may have been extracted.
How do these attacks affect us?
This last year, the arrival of teleworking has made millions of companies alter the way in which they carry out their activities. Furthermore, this has made thousands upon thousands of people access corporate information and data from their homes without a single barrier that guarantees correct data security and governance. This type of scenario is perfect to carry out all kinds of cyberattacks, and their goals may be of different nature: access internal data of the company, carry out industrial espionage or extract sensitive information about clients, providers, etc., among others. Experts claim that in 2020 phishing attacks have increased by 64%. These attacks are the ones that use social engineering to trick the user into sharing their password, credit card number or any other confidential information, pretending to be a trustworthy institution through an email, a call, an SMS, etc.
After its inauguration in 2020, the Hospital in Torrejón de Ardoz suffered a ransomware cyberattack. Among its more prominent consequences was the blockage of their IT services, which made it impossible for them to access the patients’ medical history, appointments, etc. In addition to this attack, throughout 2020 many other companies suffered this kind of threat, such is the case with Mapfre (August), Fresenius (May), SegurCaixa (September) and Honda, whose cyberattack affected the production within their factories. In March of 2021, the cyberattack of SEPE (Spanish State Public Employment Service) made the news; it affected the availability of their IT and communication services.
Hackers don't care where the organization comes from, how big it is, how active it is, or what sector it belongs to.
A pending task for many: Reinforcing the security
In addition to having an optimal security system, with technical measures that protect the company’s connections, data, processes and operations, we can carry out certain simpler actions that will help improve your global security.
- User training and awareness: “A chain is as strong as its weakest link”. Making users aware of existing cyberattacks is considered good practice in information security, and it can prevent future attacks to the organization.
- Multi-factor authentication – Implementation and use: A password can be easily compromised. Multi-factor authentication increases the security of any account, requiring a second verification factor (SMS, biometric technology, authentication apps, etc.) to prove a real identity when logging into an application.
- Software updates: Keeping systems and programs updated is key to security. Vulnerabilities arise often, and hackers can take advantage of them to send threats and carry out cyberattacks. These hackers take advantage precisely of security breaches in operative systems that aren’t updated or programs that aren’t in their last version.
- Backup copies: Very important. There is still a possibility that we are attacked even if we take all the possible security measures, which is why it’s essential that we make backup copies of the organization.
We were attacked: What is the next step?
Technology provides us with a great number of advantages; however, we must be aware of all the risks this may imply, such as cyberattacks.
From Integra, we stress the importance of having organizational and technical security measures in place to ensure our data, operations, processes, products and/or services are properly safeguarded, as well as our company’s connections. When it comes to this, the key is having trustworthy security solutions available, such as the SIEM, which may allow us to respond to the cyberattack once it has taken place, since they have a wide range of security operations use cases.