International. As attacks increase in volume, complexity, and scale, companies are forced to invest in more advanced solutions and services that allow them to prevent, among others, theft of critical information and DDoS attacks.
Strengthening information security has become a top need for businesses, especially since 2017, when, according to Cordium, cyberattacks globally saw an unprecedented increase.
"The upward trend of attacks, in volume and scale, has been growing like the returns of hackers. At such a level, it is expected that soon the profits of cybercriminals will exceed those of drug trafficking as a whole," said Pablo Dubois, CenturyLink's Security Products Manager for Latin America.
In this context, says the specialist, organizations and governments around the world have begun to take note of the new scenario and the demands to combat cybercrime. "2018 was a year of transition and growth of security products and services, a market driven, in addition, by the digitalization of businesses, all of which meant a global expenditure in the area estimated at about 93 billion dollars, according to Gartner," adds Dubois.
Increasing Complexity
The expert details that there are three factors or conditions that make the issue of security more complex today. The first has to do with the status that information itself has acquired in today's businesses, added to the massification of technologies such as artificial intelligence and automation. "Security, practically, is a matter of survival for organizations, since the availability of their systems and the protection of their information assets will not only depend to an increasing extent on the operational or productive part, but also on the strategic value of their business," he says.
Dubois adds that a second element to consider relates to the way cybercriminals are organized. In this regard, he explains that these are groups with a global presence, technological infrastructure and advanced tools to develop their misdeeds. "In addition to these real mafias, structured to obtain economic returns through scams, identity theft and fraudulent transactions, there are new organized groups, of activists or political affiliation, which are capable of harming private or public companies and governments through cyber attacks, carrying out actions of sabotage or espionage in their systems," he says.
In this context, Dubois adds, attack vectors have not only increased but also the methodology of cybercriminals has evolved. "There are attacks that are real distractors for the theft of information. So, for example, while there is a problem with a server or a service provider, an activity that concentrates attention for mitigation, elsewhere someone may be stealthily stealing sensitive data," he says.
In this regard, it states that one of the most harmful attacks currently is DDoS or distributed denial of service, which is characterized by causing the fall of servers of an organization, generating an overload of traffic or demands, in order to cause economic losses or discredit to its customers. "These attacks – of which about 22,000 are recorded daily worldwide – are multi-layered, target the network or applications and are very difficult to detect, because they disguise themselves as normal traffic. They can cause severe damage even to large companies, which have advanced protection systems," he emphasizes.
Human Factor
In the opinion of the CenturyLink executive, one of the most neglected aspects of security is people. This aspect, he says, is becoming more important today than ever because employees tend to increasingly access sensitive data or information systems from anywhere, using devices they own. "Mobility has itself become a new challenge in this area. Organizations strive to make it compatible to facilitate productivity with the proper protection of portable devices and their critical data," he says.
Dubois stresses that this condition makes employees a focus of double attention. This, because the organization must be able to control the devices and not affect the privacy of them, while, on the other hand, it must strengthen its general policies and adapt them to the new profiles of collaborators, which are more open and "technologized".
Likewise, the expert warns that the authorized access of careless employees can be an important focus for the theft or loss of critical data. A study by the Ponemon Institute revealed that employee negligence is the leading cause of information breaches in small and medium-sized businesses in the United States. "This aspect, that is, negligence, when added to poor security policies, makes the human factor the direct or indirect cause of most security incidents," he says.
On the other hand, disgruntled employees or former employees are often also an open door. In the first case, they can help steal information or become informants of third parties, while many accounts of people who no longer belong to the organization remain in force and facilitate the theft of data, by not revoking the privileges and profiles of those accounts in a timely manner. "Information theft can be due to negligence or social engineering, but there are also cases of disgruntled employees even deliberately introducing malware into a company. That is why the current approach must be comprehensive, proactive and based on the use of intelligent tools, many of which are available today as services," concludes Dubois.
