Last year ransomware cost companies around the world around $20 billion, a figure that is nearly 75% higher than in 2019.
Check Point Software Technologies Ltd. alerted that there is a clear threat acceleration taking place, leaving the field open to a potential cyber pandemic. The fact that a large number of employees now work from home presents a great risk to both organizations and states. Indeed, it is estimated that ransomware last year cost companies around the world around $20 billion, a figure that is almost 75% higher than in 2019.
In an increasingly digitized world, it is not surprising that governments, administrations and companies are constantly working with digital resources. Due to this technological dominance and as the economy becomes more digital, a potential cyber pandemic may increasingly become a reality. This growing threat is outpacing the ability of most companies to effectively manage their online side.
«The major risk is that, in a cyberwar, as opposed to a conventional war, weapons change hands much more quickly. So the real risk is that the tools used in the field of cybersecurity go from hand to hand,» explains Mario Garcia, general manager at Check Point Software for Spain and Portugal.
Teleworking and its management has resulted in many of the data and files that large corporations and institutions keep and store being hosted on online platforms (employees’ and customers’ personal information, corporate reports and key infrastructures). While this is a great step forward, it also increases the risk of a cybercriminal gaining access to them. In fact, if we take into account that, according to the Theat Intelligence Report, 71% of malicious files in Spain were sent via email, we can glimpse the great danger of teleworking if we do not maintain the highest level of protection and training for employees to prevent the entry of these cyber-attacks via email.
An entire U.S. coastline without fuel because of a hacker
In early July, Check Point Research discovered that the Chinese-speaking cybercriminal group known as «IndigoZebra» was behind an espionage operation targeting the Afghan government. This group used a popular application such as Dropbox to infiltrate Afghanistan’s National Security Council (NSC) using malware. In addition, the investigators’ research revealed that this espionage activity is the most recent activity by these attackers, but has also been targeting other Central Asian countries, Kyrgyzstan and Uzbekistan, since at least 2014.
Colonial Pipeline, a company that supplies approximately 45% of the fuel consumed on the East Coast of the United States, was the victim of an attack through which cybercriminals managed to disrupt all of its operations in order to deal with the threat.
Basic measures to protect institutions from a possible cyberpandemic
- Real-time prevention: as you have learned, vaccination is far better than treatment. The same applies to your cybersecurity. Real-time prevention puts an organization in a better position to defend against the next cyber pandemic.
- Securing the «whole»: every part of the chain is important. The new normal requires reviewing and testing the security level and relevance of network infrastructures, processes, compliance of connected mobile devices, endpoints and IoT. The increased use of cloud implies raising the security level, especially in technologies that secure workloads, containers and serverless applications in multi-cloud and hybrid environments.
- Consolidation and visibility: Drastic changes in an entity’s infrastructure present a unique opportunity to assess its security needs. Are you really getting what you need and are point solutions protecting the right areas? Are there areas that have been overlooked? A maximum level of visibility, achieved through consolidation, will ensure the security effectiveness needed to prevent sophisticated cyber attacks. Unifying risk management and visibility completes the entire security architecture. This can be achieved by reducing the number of point product solutions and vendors, as well as overall costs.
«What we need to do is certainly update the cell phone software using tools that provide better security. And I can say that, in the business world and the organization side, this aspect is very, very frustrating because only 3% of the companies actually protect mobile devices. This is the weakest link in our infrastructure. The cell phone spies on us 24/7. It is always on. It always listens to us. It always knows what we are doing. And yet most of the world does nothing to protect them. Always update your software. Don’t click on links you don’t trust or know about, in short, be very, very careful what you click on. And if you can use software that protects your phone, I think that greatly reduces the chances of you getting infected,» Garcia concludes.