International. While attacks increase in volume, complexity and scale, companies are forced to invest in more advanced solutions and services that allow them to avoid, among others, the theft of critical information and DDoS attacks.
Strengthening information security has become a major need for companies, especially since 2017, when, according to Cordium, global cyber attacks registered an unprecedented increase.
"The upward trend of attacks, in volume and scale, has been growing as the revenues of hackers. At such a level, it is expected that soon the profits of the cybercriminals will surpass those of the drug trade as a whole, "says Pablo Dubois, manager of Security Products of CenturyLink for Latin America.
In this context, says the specialist, organizations and governments around the world have begun to take note of the new scenario and the demands to combat cybercrime. "The 2018 was a year of transition and growth of security products and services, a market driven, in addition, by the digitalization of business, all of which meant a global expenditure in the area estimated at 93 billion, according to Gartner, "adds Dubois.
The expert points out that there are three factors or conditions that make the subject of security more complex today. The first has to do with the status that the information itself has acquired in current business, in addition to the massification of technologies such as artificial intelligence and automation. "Security, practically, is a matter of survival for organizations, since the availability of their systems and the protection of their information assets will depend not only on the operational or productive part, but also on the strategic value of their business ", sentence.
Dubois adds that a second element to consider relates to the way in which cybercriminals are organized. In this regard, he explains that these are groups with global presence, technological infrastructure and advanced tools to develop their misdeeds. "In addition to these real mafias, structured to obtain economic returns through scams, identity theft and fraudulent transactions, there are new organized groups, of activists or political affiliation, that are capable of damaging private or public companies and governments through cyber attacks, performing actions of sabotage or espionage in their systems, "he says.
In this context, adds Dubois, attack vectors have not only increased but also the methodology of cybercriminals has evolved. "There are attacks that are real distractions for the theft of information. So, for example, while there is a problem with a server or a service provider, an activity that focuses attention for mitigation, someone else may be stealthily stealing confidential data, "he says.
In this regard, he affirms that one of the most damaging attacks at the moment is DDoS or distributed denial of service, which is characterized by causing the fall of servers of an organization, generating an overload of traffic or demands, in order to cause economic losses or discredit to their customers. "These attacks - of which 22 thousand are registered every day worldwide - are multi-layered, point to the network or to the applications and are very difficult to detect, because they disguise themselves as normal traffic. They can cause severe damage even to large companies, which have advanced backup systems, "he emphasizes.
In the opinion of the executive of CenturyLink one of the most neglected aspects in security are people. This aspect, he says, is now becoming more important than ever because employees tend to increasingly access sensitive data or information systems from anywhere, using proprietary devices. "Mobility has become a new challenge in this area by itself. Organizations strive to make compatible the facilitation of productivity with adequate protection of portable devices and their critical data, "he says.
Dubois emphasizes that this condition, turns employees into a focus of double attention. This is because the organization must be able to control the devices and not affect their privacy, while, on the other hand, they must strengthen their general policies and adapt them to the new profiles of collaborators, which are more open and "technological".
Likewise, the expert warns that the authorized accesses of the careless employees can be in an important focus for the theft or loss of critical data. A study by the Ponemon Institute revealed that the negligence of employees is the main cause of information breach in small and medium-sized companies in the United States. "This aspect, that is, negligence, when added to deficient security policies, makes the human factor the direct or indirect cause of most security incidents," he says.
On the other hand, disgruntled employees or former employees are usually also an open door. In the first case, they can help steal information or become third-party informants, while many accounts of people who no longer belong to the organization are still valid and facilitate data theft, as the privileges and profiles of those accounts are not revoked in a timely manner. . "The theft of information may be due to negligence or social engineering, but there are also cases of disgruntled employees who even deliberately introduce malware to a company. Therefore, the current approach must be comprehensive, proactive and based on the use of intelligent tools, many of which are now available as services, "concludes Dubois.