The dynamics of reduction of social contacts to which the world has been subjected during the Covid-19 crisis have awakened in companies the urgent need to bet on teleworking and expand the use of both their internal networks and the services offered by virtual clouds.
In this way, many companies have increased their operational presence in what is known as hybrid environments - that is, services located on the company's own resources and resources provided by third parties such as cloud operators. This greater dependence on cyber services outside the company itself, together with the increase in personnel connected to the corporate network from places outside the office, represent two of the major vulnerabilities that companies have faced as a result of adapting to the times. pandemic. It is also worth noting the growth in the functionality and use of online collaborative tools and the increase in electronic commerce as circumstances that have increased the spaces susceptible to receiving cyberattacks. Taking these variables into account, in a study carried out by Forrester, they predict that by 2023, the global cybersecurity market - only in the field of virtual clouds - will reach a value of $ 12.7 billion. Quite a considerable growth if we put it in perspective with the 2018 data that valued it at $ 5.6 trillion.
The rapid implementation of these ICT changes required strategic adjustments in business architectures and greater cybersecurity controls, as indicated by the Marsh consultancy. At the time of the progressive return to normality, it is time to stop to analyse the results of these readjustments and dedicate ourselves to making the pertinent improvements.
Although VPN networks have already provided the internal security necessary for the successful business development of companies for years, with this paradigm shift, they may fall short in terms of flexibility to provide a service with sufficient quality and security, as well as control and visibility appropriate to current times.
For this reason, it is essential to use the double authentication factor in both VPNs and SaaS (Software as a Service) application accesses. Among the next-generation alternatives that aspire to fill the gaps left by VPNs, interconnection technologies based on the SD-WAN concept stand out. These provide a coherent intermediate layer of communications, regardless of the location of the resources involved in the process. In this way, corporate communications can be optimized through the networks involved, making them more transparent and secure.
Once the origin of the increase in the willingness to cyberattacks has been explained, we can point out some of the main modalities that most concern companies and experts:
- Phishing or identity theft, produced mainly through emails.
- This malware infection becomes especially dangerous due to the geo-dispersion factor of communications, being able to spread uncontrollably causing dramatic damage
- Man in the Middle attack. In this case, the attacker can eavesdrop on the communications and even trick the participants into modifying the traffic exchanged between the participants. It is produced mainly in places of exposure for the user such as public Wi-Fi networks
- Attacks on the authentication layer annually there are many thousands of hacks in all types of service providers, as well as automated attacks by botnets and hackers to gain access to the systems and passwords of their users. That is why it is essential to have centralized authentication and monitoring systems, with multiple factor authentication technology, such as IAM (Identity Access Management) technology.
- The human factor. Lastly, it is important to point out the risk posed by the access of the people themselves, either due to ignorance or bad intentions.
According to a report by satista.com, cybersecurity spending increased by 64% in just 5 years, going from $ 75.6 billion in 015 to $ 124 in 2020. They also point to a compound annual growth rate of 9.2% during the period. 2018-2022. The upward trend in the price of this sector, as well as the greater degree of awareness of employers and employees, is easily demonstrable. For the efficient management of spending on these issues, from the Business Horizons magazine they propose a risk calibration model in a quantified way. This is divided into four layers of analysis: the cyber ecosystem (business environment and stakeholders), cyber infrastructure (internal organizational factors of the company), assistance against cyber-risks (identification, quantification and investment against these threats) and cyber action (execution of investment plans, prioritizing the main threats).
As we can see from the different alternatives that are posed against the range of cyber risks, there is no single palliative that eradicates the virus of cyber-attacks. Rather, the question is to bet efficiently on the investment and administration of the different remedies that any organization has to deal with these threats.
I appreciate your time spent reading this post.
If your company requires talent related to cybersecurity or you are a professional in this field willing to take on new professional challenges, do not hesitate to contact me at:
Spain, A. (2021). Asseco Spain. Recuperado 25 mayo 2021, desde https://es.asseco.com/notiias/details/retos-de-la-proteccion-post-covid-en-materia-de-ciberseguridad-4330/
Seguridad cibernética post COVID-19: 10 formas de proteger su negocio. (2021). Recuperado 25 mayo 2021, desde https://coronavirus.marsh.com/mx/es/insights/research-and-briefings/cybersecurity-after-covid19-how-to-protect-your-business.html
Anteportamlatinam, O. (2021). El día después: claves de ciberseguridad para la etapa post-covid. Recuperado 25 mayo 2021, desde https://www.redseguridad.com/especialidades-tic/cloud-y-virtualización/el-dia-despues-claves-de-ciberseguridad-para-la-etapa-post-covid_20200417.html
(2021). Recuperado 25 mayo 2021, desde https://pdf.sciencedirectassets.com/272044/AIP/1-s2.0-S0007681321000240/main.pdf?X-Amz-Seecurity-