:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/lanacionpy/BW2HRBGKFNC5JJJRXC6S2HYERU.jpg)
The pandemic and digitization have reinforced attack vectors that hackers exploit to steal data and demand large sums of money as rewards. What kinds of strategies can address this problem and what are the risks of not implementing them?
The recent extortion of $500,000 from the Medusa hacker group to Argentina’s National Securities Commission puts an increasingly common problem on the agenda: cyberattacks on private companies and government agencies to steal information.
On the one hand, Criminals run a profitable business where they can demand hundreds of thousands to millions of dollars for data recovery. Meanwhile, companies suffer a wide range of repercussions ranging from losing money to damaging reputations with their users.
This situation is noted internationally and according to official IBM data, the average cost per information breach in 2022 was the highest in history, exceeding 4 million US dollars. In this context, Latin America is one of the hardest hit regions. so much that Over the past year, half of the companies in the region have claimed to have been subjected to some type of cyberattack.
“The pandemic has increased the number of cyberattacks that have been carried out due to more attack vectors being unlocked. As hybrid work has increased, so have vulnerabilities. Today, businesses are faced with the challenge of protecting their on-premises infrastructure, and that of their remote employees, And information that moves little by little to the cloud when it is digitized,” explains Matias Bailo, Director of Security Practices for Argentina, Paraguay and Uruguay. in Logicales.
To deal with this problem, companies must implement comprehensive digital security strategies., which is a complex process because it adds costs to annual budgets. However, failure to do so can create detrimental difficulties for both operations and customer experiences.
All productive sectors are currently undergoing digital transformation. While this has many advantages, such as lower operating costs and the ability to provide users with more choices, it also creates many challenges. Stealing information from hackers is one of them and More than 60% of companies in Latin America say they are concerned about this situation.
To avoid this, the strategy to be implemented requires multiple factors. The first is implementing security solutions that detect cyber attacks and establish defenses that prevent protected data from being exposed. In any case, this is only the first step and is only effective when it is supported by other actions and business dynamics.
In this context, the expert highlights that, unlike the solutions applied, It is important to modify cyber security strategies periodically and proactively. This is because threats evolve rapidly and a hard approach ends up being of little use.
On the other hand, a commercial trend has been observed to develop areas of internal cybersecurity with specific budgets in recent years. In any case, a study by ESET Latin America showed that In the region, more than 60% of companies budget for this area, which is not enough.
“It is important to design a strategy with limits in the short, medium and long term and to create reserves in the budget. We know that it is a cost to companies, but it must be seen as an investment. Security is measured in all that you can lose and not in all that you can spend.” Bailo said.
Although scarcity of resources is considered a disadvantage, it does not necessarily mean not developing a cyber security strategy. In the event that this happensExperts recommend an assessment to determine security priorities within the company. This way you can implement specific solutions for those areas and then extend the planning to the rest of the company.
Concluding on this aspect, Bailou emphasizes this Ultimately, all businesses will experience some form of cyberattack, and the difference will be how quickly they are willing to mitigate them. “It is inevitable today and part of our task is to develop a plan, both technical and communication, so that when this happens there is greater observation of what is happening in the network, less damage and trying to maintain operability,” says the expert.
Information collected fromDuring 2022 in Latin America, it shows that 73% of the cyberattacks carried out were aimed at asking for a financial bailout. Therefore, the first consequence of suffering from information theft by hacking is financial consequences.
The numbers vary depending on the criminals and the companies that were extorted, but without going any further, the insurance company La Segunda de Argentina was recently attacked from which they demanded $50 million to return the stolen data.
Another direct consequence of experiencing a cyberattack has to do with corporate reputation. “The cost of reputation today is sometimes higher than the cost of losing information. It depends a lot on the company and the sector, but suffering from a cyberattack can generate so much mistrust in users that they stop buying the products or services being offered.”
finally, A cyberattack can interrupt business continuity for hours or even days. This means a huge loss of money which can be very serious, depending on the type of company and the production sector. Therefore, when calculating the amount to be invested in cyber security, it is recommended to assess potential losses when operations cease to have a more complete idea of the benefits that will be created by having a solid and effective strategy that avoids these situations or mitigate them if they occur.
