What is Cybersecurity and why is it important?
What are the types of Cybersecurity that exist and the risks of suffering an attack. Also, which countries in Latin America are the most affected by this situation and six vital recommendations.
The pandemic caused billions of people to turn most of their activities to digitality. Work, social life, purchases and payments to employees and suppliers went virtual due to the contagion risks that in-person interaction brought. However, this also unleashed a problem that is very difficult to control cybersecurity attacks.
What is cybersecurity
All electronic devices, especially computers and smartphones, generate information. Many of them, are of great relevance and sensitivity for the owners of these artifacts. Being valuable, this data becomes attractive to criminals, who try to steal it through different methods such as phishing. If obtained, criminals can use them to extract money from victim accounts, claim rewards, or trick other individuals close to their original victim.
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.
Cybersecurity arises to prevent this from happening. This concept encompasses a large set of procedures and tools used to protect people’s personal information. To achieve this, they use everything from simple tips to implement on a day-to-day basis to sophisticated software designed by expert engineers in this sector.
Since there are tools that work with electricity and codes, there are people who are dedicated to hacking them. As early as 1903, a man named Nevil Maskelyne first intercepted a wireless telegraph transmission. Although it is far from what is currently happening with cybersecurity, it marked a starting point.
By the mid-1970s, when the ARPANET (predecessor of the Internet) was used, a group of cybercriminals generated malware called Creeper. It was quite simple and only infected devices to display the following message: “I’m the Creeper, catch me if you can!”.
Perhaps the most important contribution of Creeper was to precipitate the creation of the first antivirus. This one was called Reaper and it consisted of another virus that spread through the network of devices to find those that had been infected and eliminate Creeper.
For the last 50 years, a “war” has been waged between cybercriminals and cybersecurity experts to protect Internet users. But in addition, a multimillion-dollar data protection industry was created. Data from Research and Markets, a company that analyzes global markets, indicates that by 2027 the cybersecurity industry will be worth more than US$120 billion.
What are the types of cybersecurity?
Over the last few decades, cybersecurity has become more sophisticated. The different technological advances and the emergence of computer systems that work in different ways forced experts to diversify the tools to protect devices.
For these reasons, there are currently different types of measures to be taken into account depending on the purposes. In addition, cybercriminals can affect different components and elements of the systems, so there are specific cybersecurity modalities for each one of them.
Any digital activity carried out by an individual or a company is carried out through a device. This type of cybersecurity focuses on protecting physical equipment that includes everything from computers and smartphones to servers and instruments that allow interactions through the cloud.
Put the focus on the software
On the other hand, there is an extensive package of cybersecurity measures aimed at computer systems. Those who act in this field are the developers because users cannot directly access the programs. These professionals are dedicated to detecting bugs in the software, programs or applications installed on the devices in order to avoid inconveniences in their operation.
In general, this type of cybersecurity includes practices that prevent the unwanted intrusion of malicious programs or codes. The best example of this is antivirus aimed at protecting data and the software, programs and applications used. To achieve this, users must constantly update these tools as for every virus that emerges, developers create barriers to remove them. However, for them to fulfill their task they must be activated in time.
Take care of the networks
Another type of cybersecurity is the one dedicated to the protection of the information contained in the hardware. This sector is known as “network security” because it deals with data transmission. Therefore, cybercriminals try to break into them to steal this information and use it to their advantage.
The focus of this type of cybersecurity is to protect the data that is sent and received through the emission, transport and reception processes. Throughout this journey, hackers can implement techniques to intercept information and therefore measures are implemented to restrict this possibility.
To achieve this goal, you can use everything from simple tools such as anti-spam filters and the installation of VPNs (Virtual Private Networks) to Firewalls and perimeter security.
The risks of receiving a cyber attack
Many times, users or companies underestimate the security of their electronic devices. Whether due to overconfidence or an attempt to cut costs, decisions are made that can have serious consequences for daily operations.
One of the main risks of not implementing appropriate cybersecurity measures is receiving malware. This is a program developed to generate damage to a computer system. The user may or may not be aware of this, which is even more serious because he continues with his operations without knowing that the processes are being affected.
At the corporate level, or of individuals with a high level of exposure, a problem that arises from this risk is cyber espionage. It is increasingly common for hackers to infect computers to obtain sensitive information about the operation of a company. It also happens with the agendas of people with high roles in companies or international organizations.
Not properly protecting equipment can lead to data leaks or vital figures for companies. In turn, this can lead to blackmail or even the exposure of this information with the aim of causing economic or social damage.
A risk that has been seen frequently since the beginning of the pandemic is the attack on supply chains.Currently, there are companies that work 100% digitally.Both the sale and the supply and distribution of the products are carried out through virtual platforms. This leads to an increase in cyberattacks at the different stages of the chain with the aim of harming the daily operations of a company. What could cause the cessation of the activity and, therefore, a great loss of money.
Finally, another digital space that must be protected is “the cloud”. With the increase in the remote work modality, this tool has become of vital importance for the operation of companies of all sizes. In fact, a report by the Institute of Electrical and Electronics Engineers highlights that 60% of companies carry out most of their activities through “the cloud”.
This implies that a large amount of information of all kinds is stored in this space. From internal records to meeting dates and access, codes are recorded for the internal use of the organization. Experts indicate that it is of great importance to increase cybersecurity measures in this field since a cyberattack on the cloud can cause the loss of relevant information and data.
The most common cyber attacks
Cybersecurity experts are careful when talking about the most common cyberattacks. Especially since these crimes tend to mutate rapidly and new modalities emerge every year that replace the previous ones. “There are thousands of ‘Zero Days’ per month. In 2021, the techniques that we recorded and analyzed exceeded 220, a number higher than the 130 of 2020”, indicate specialists in the cybersecurity sector in Latin America.
If this trend continues, in 2022 new cyber scams should appear that not even professionals in the area are aware of yet. However, it is possible to make a list of the most common and, probably, the most frequent of the next twelve months
Fake shopping sites on the web or social networks
Especially on holidays, it’s full of stories about fake shopping sites and it’s only expected to get worse over the course of the next few years. Some of these fakes are so good that they are almost impossible to identify and even appear at the top of Google searches as legitimate.
With digital currencies gaining in popularity, scammers are looking to cash in. Therefore, it is important to be wary of fake cryptocurrency offers and hackers looking to take advantage of digital wallets.
It is very likely that all people will be victims of a cyber attack in 2022. On the black market, a record with the complete, personal and bank details of a single person can be sold for up to US $ 1,000. This causes criminals to try to seize information from as many people as possible.
Social Engineering Scams
Scammers research social media pages in order to design a particular scam. “I started following a guy on Tik Tok and as soon as I became friends with him, a guy pretending to be him sent me a private message saying he works for a charitable foundation and wanted me to send him money,” says one victim of this modality. A separate chapter are romantic scams, those that no one reports out of shame and in which scammers use social networks to learn about a person with the aim of scamming them.
Internet of Things
Currently, SmartTVs, toys, refrigerators, washing machines, security cameras, a fish tank thermometer, more and more devices are constantly connected to the Internet. The default setting is usually a common place to vent people’s privacy. In fact, many users turned off devices like Alexa for fear of being listened to all the time.
SIM Swapping is a new deceptive way to bypass two-step authentication for mobile banking. The criminals call the cell phone provider, pose as the victim and get a SIM card with their phone number transferred to their phone. Thus, not only do they steal passwords, but they have the phone to bypass two-factor authentication.
Government Grant and Bond Scams
The emails, text messages, Whatsapp and phone calls or advertisements that promote bonuses and subsidies impersonating the identity of the governments, the victims are captured and attracted by the need to make money and already represent a popular scam at this time.
Job scams, work from home scams, and other job opportunities are major scams. Working from home is very attractive as it avoids the need to travel. But which also leads to higher exposure to cybercrime.
Tech support scams
Fake tech support scams perpetrated by pop-ups on computers/devices or phone calls are one of the top scams today. The scammer convinces the victim to pay for unnecessary and possibly dangerous fake tech support.
The most dangerous malware downloaded by people on their computers and smartphones is almost always downloaded unintentionally. Socially engineered phishing, through emails, WhatsApp text messages and direct messages from social networks, is the most common cyber threat. Impersonating identity through this technique seeks to hijack emails, whatsapp or RRSS to demand ransom and then defraud contacts.
Cybersecurity in Latin American companies
According to a report from the University of Maryland United States, which measured cybersecurity data in more than 157 countries, Latin America is among the regions with the least computer protection. Mexico, Colombia and Argentina are the countries with the most cyberattacks and a large part of them are directed at companies or corporate organizations.
These data are complemented by another recent Fortinet report in which it is stated that 70% of companies in Latin America suffered from one to four cybersecurity attacks during 2021. In addition, 17% of companies in the region claimed to have been victim of five or more of these crimes during that period.
The report carried out is called Cybersecurity Skills Gaps 2022. One of the most significant data that emerges from it is that cyberattacks cost up to one million dollars for 37% of the companies surveyed in Latin America. And that for 26% that figure was more than a million dollars.
Cybersecurity Skills Gaps of 2022
“In the countries of the region, 89% of the organizations reported that their board of directors specifically questions what the company is doing to face the increase in cyber attacks,” the study points out. “And 80% of those surveyed said the board is pushing them to increase the amount of IT and cybersecurity,” he continues.
However, this is another difficult problem to solve. The report comments that 88% of the leaders of the companies that participated assure that “it is difficult to find professionals with knowledge and skills in these sectors.” Although 95% say they are willing to pay high salaries and grant benefits of all kinds to get employees with this profile, they are unable to fill those positions. Such is the seriousness that it is estimated that in Latin America there are around 700,000 employees missing to manage cybersecurity in companies.
Finally, 52% of leaders believe that their employees do not have the necessary knowledge in cybersecurity and that is why it is necessary for everyone to receive training in this regard, since attacks can be carried out in any situation and place.
Measures for Latin American companies
Data on cybersecurity clearly show that this is a problem that affects Latin America in high proportions. For this reason, experts recommend certain measures to be taken immediately. The first being the development of a cybersecurity area within the company with an expert to lead it.
“A primary issue is to improve communication between managers. There is potential to optimize communication between teams, but until now, the conversations do not have much structure and often do not have a regular cadence”, says Juan Marino, Cybersecurity expert in Latin America . And he adds: “This will be enhanced by a structured governance model with high-level representation, an agreed set of KPIs that reflect business requirements, and regular opportunities to demonstrate how security is a business enabler.”
Another recommendation is that the cybersecurity policy be adopted in the long term. According to professionals, it is often the case that companies modify their activities or businesses without including cybersecurity experts in those conversations. Each activity has its own characteristics and, therefore, particular protection measures. Therefore, it is important that professionals in the sector are consulted before each modification so that they adapt their strategies in parallel with business transformations.
Finally, constant training becomes vital. “A growing problem is new IT tools being adopted without the knowledge of security teams, even when clear guidelines are in place not to do so,” says Marino. “Often, speed and availability tend to trump security factors. As a result, they constantly face problems. If this is not fixed, they will increase as more and more companies incorporate tools such as the cloud.”
Six vital recommendations on cybersecurity
One of the most important companies working in the field of cybersecurity is ESET. In addition to offering products that protect devices, the company develops educational content that works for both businesses and individuals. For this reason, ESET has generated a list of six cybersecurity recommendations that can prevent future problems:
Learn about security and privacy protection
Protecting devices and personal information from potential threats is essential. The first step in protecting yourself is learning about privacy and security, the various threats that exist, and ways to protect yourself from them.
Talk to kids and family members about online privacy
It might be challenging, but an important aspect of cybersecurity has to do with family awareness of the risks associated with networking, privacy, and the use of social platforms. First of all, make sure you know what platforms children and their friends use. It is necessary to know the basic functions of these, as well as to know their limitations, security characteristics and risks.
Detect phishing attacks and test yourself with exercises
Is it possible to identify a phishing attack? Even with the best training and implementation of security awareness procedures, there is still a risk of facing a cybersecurity incident at some point, either as the primary target of the attack or as a result of personal information being stolen.
Taking the time to think logically and deliberately about how to protect computers before having to deal with any security incident can help determine what steps to take to prevent and react to any incident. For companies, plan the steps to take if faced with an incident and how to inform employees, customers, partners and authorities, and regularly review the steps to take in the event of an incident through a cybersecurity incident response plan.
Use reliable security software
If you already have security software installed on your devices, do you know what kind of protection it offers? From antiphishing technologies to antimalware, and from antispam to the firewall and information theft protection, there are many different ways to understand security and stay protected. It is important to use security software that includes multiple layers of protection and to ensure that the solution used is always up to date.
Ensure that the workforce has cybersecurity training
Obviously, cybercriminals also target companies. From phishing campaigns to ransomware attacks to data breaches and theft, businesses of all sizes and across all industries have plenty of reasons to take cybersecurity seriously. In cybersecurity, an organization is never stronger than its weakest link. This is why providing awareness and training to all team members is essential.
Stay informed about threats and vulnerabilities with regular updates from trusted sources
Cyber threats are constantly evolving. Legislation related to privacy and security protection is always changing. This is reason enough to follow the security news. Stay informed about the latest vulnerabilities, patch releases, and steps to take to keep computers and loved ones protected.