Cybersecurity is a concept that, in all its breadth, covers all the elements considered as "technology", so its real impact on today's society is very important.
by Óscar Quero Hijano*
Cybersecurity in times of pandemic: The before and after: Although cybersecurity is very important today, before the pandemic 75% of companies could live without security plans about potential attacks, without being prepared to react appropriately. During the pandemic, there were a total of 133,155 cases of cyberattack.
The panorama in Latin America is very different from the Spanish one since in terms of maturity and digitalization it is low, there are few or no advances in two thirds of the countries, this impacts on a low use of digital systems, so the risk of cyberattacks is lower, however, the pandemic has caused an acceleration of adoption in these countries.
Attacks during the pandemic
The most common attacks during the pandemic were those whose purpose is the theft of information for criminal purposes such as pishing, cyberattacks against health centers, false job offers and, finally, false pages to collect aid for those affected by COVID-19.
Teleworking and cybersecurity
According to data from the Adecco Group Institute, in Spain there are 3 million people who telework, of which more than 1 million were generated by the pandemic (33%). One of the big reasons why many companies hesitate to telework is security. How can companies protect themselves? The first thing is that employees do not use their personal computer to access company resources. In addition, it must be ensured that the employee has a good antivirus correctly configured, so that it cannot be disabled. On the part of companies, they must implement the necessary infrastructure to cover all the above, in addition to establishing a consistent backup policy, which protects the company from loss of information. The recommendation is always that several backups are made, keeping at least one of them outside the company.
Cybersecurity and new digital services
Telemedicine and electronic banking: Since the pandemic, the use of medical services by digital means is becoming the majority option by companies and users since, being able to have an online consultation without the waiting time or the fear of infecting you helps them not to be left without attention between mild or moderate ailments.
One of the big problems of telemedicine is the flow of our data from a multitude of devices. To protect this type of information they are creating specific applications for both Android and IOS. The same goes for electronic banking. Theft of sensitive data remains the leading banking scam. Although cybercriminals have expanded the methods to achieve user information: email (Pishing), SMS (Smishing) and phone call (Vishing). Another scam that has become popular in the last year is the duplication of SIM cards.
Cyber insurance is a type of insurance that protects users and companies from situations caused in the digital environment. This can be contracted by companies to protect any type of incident that occurs in the digital habitat, either in the infrastructure or due to some activity. Insurers assess the risk and require companies to adopt a series of security measures to contract the service. This covers civil or third-party liability, liability for loss of personal data, Coverage of data hosted in the cloud, coverage of claims, etc.
It is important to note that the different insurers that offer this type of product do not work all sectors, but exclude some more complex ones such as the health sector, given the extreme sincerity of the information managed.
The challenges of cybersecurity
Cloud Security and Zero Trust: Companies used to control the security of their infrastructure. Now, in the cloud (especially public clouds), this security is implemented by the service provider, so you have to clearly establish the security measures that the company needs.
On the other hand, zero trust is a trend that is based on the continuous monitoring and authentication of users accessing the company's private network. By using Zero Trust, the volume of data compromised by an institution is drastically reduced.
This trend, considered by large corporations such as Microsoft, Google or Cisco as "the future of enterprise cybersecurity", is based on something very simple: continuous monitoring and authentication of users who access the company's private network.
This technology, which competes with other solutions such as VPNs, is based on putting "guards" at any door and place in our network, ensuring that if someone enters fraudulently we have a greater chance of detection (in the VPN the watchman is only at the front door and, if someone crosses that security barrier, it can move inside without being controlled.) Therefore, by using Zero Trust, the volume of data compromised by an intrusion is drastically reduced.
Another benefit of Zero Trust is the better user experience. The saturation of VPN connections during the pandemic has caused communications to suffer, so many of them have been made without an active VPN. By implementing this type of security system in the cloud, we avoid these saturation issues and don't rely on users always communicating with the VPN turned on.
But it's not all advantages. This increase in controls requires a greater investment in resources and implies a greater complexity in the implementation, which translates into a greater need for economic resources, both for its implementation and for its maintenance (recurring costs).
Based on the data reported by INCIBE in Spain and the own estimate made, since 2013 the reported cases have increased by 2,000%, experiencing in the last two years an increase of 50%, cumulative.
Cybersecurity has become at the center of business strategy, as it is necessary to secure the operation. Companies are obliged to continuously invest resources if they want to ensure their survival in the coming years, in addition to their competitiveness. Those who do not will be at risk.
* Óscar Quero Hijano, Business Information Manager, Certificate in Fundamentals of ITIL and with a Postgraduate degree in Business Intelligence, and with more than 15 years of experience managing Business Intelligence projects for different multinational companies, belonging to a multitude of sectors (Pharma, Banking, Media, Insurance, Retail, Services). He is currently Business Information Manager at the multinational Teladoc Health, being responsible for analytical systems, supporting different departments and customers in EMEA, Asia and Pacific. He has experience in a wide variety of Business Intelligence platforms: Microstrategy, Business Objects, Microsoft BI and PowerPivot, Qlikview, Pentaho, among others.
* The full report can be viewed by clicking here.