:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/USLMQIMWRZD3FL7Z3J62OYL5RI.jpg)
The pandemic of COVID-19 It plunged us into a new ‘normality’ in which, for better or for worse, technology is increasingly present to carry out our daily activities. The ways in which we study, work and entertain ourselves went through a digitization process that was fully cemented in 2021 and aims to show its consequences this year.
Amazing as these technological advances can be, the digital world has proven to have its own number of risks over time and ever since the Internet became an essential tool in human life. 2022 will be a difficult period for cybersecurity due to the number of threats that have evolved compared to other years and the new modalities that have been developed.
YOU CAN SEE: Cybersecurity: specialists provide relevant information on computer security
Trade chatted with Jorge Zeballos, cybersecurity expert from ESET Latinoamérica, to identify the technological trends that will mark 2022 and the cyber crimes that will make us understand the situation we are experiencing. Also, provide tips and advice to avoid being easy prey for these digital criminals.
YOU CAN SEE: What dangers threaten my children on social media and what can I do as a parent to protect them?
The threats of the digital world and the Internet in 2022
The specialist commented that the year 2022 in cybercrime can be divided into 5 main sections, which are:
Hybrid work
With the vaccination process progressing favorably, company workers have found themselves in the position of being able to choose under which modality they wish to exercise their functions. For this reason, several have chosen to return to the offices, but many others continue to work from their homes. Zeballos explains that this means that companies do not have full control over their systems, documents and processes.
“More than 91% of the companies automated critical processes, but running. More than 77% of employees use their personal computers, not those of the company and this brings its own series of problems since there is not always a review of that equipment and the situation in which it is is not known, in addition to the fact that it is not for the exclusive use of the worker and it is quite probable that other members of the family have access to it “said the expert.
YOU CAN SEE: 48% of parents use parental control applications to monitor their children’s ‘online’ behavior
Likewise, Zeballos explained that 57% of employees were not provided with any cybersecurity tool to protect their equipment and only 52% were eventually trained on risks and threats of remote work. Now that many businesses and public spaces begin to reactivate, the danger for workers is even greater since they do not necessarily work from home, but from anywhere they have their equipment and an Internet connection.
Phishing
The malicious emails and messages that try to get you to access links that are only intended to capture your private information double every year. Zeballos explains that this modality is going to become more sophisticated this year 2022 with the implementation of Artificial Intelligence. In this way, attacks of this type are going to be profiled based on the interests of the user with the aim of capturing their attention and eventually misleading them.
“Phishing is going to adopt techniques and technology that the commercial industry uses today to generate relevant content, making it more difficult to avoid this type of threat. Added to the use of Deepfake tools to create photorealistic images, audios and videos, it will only make it more difficult to be able to discern if something is false or true since more tools will be needed “, mentioned the specialist.
The example that stands out is the “CEO attack”, a modality in which cybercriminals create a video or audio using the image and voice of an employee’s boss to ask him to do things that expose the company’s private information or even that of the same.
Exploitation of vulnerabilities
The systems, platforms and software that we use for work and other activities are not totally infallible since some vulnerabilities in their programming can be exploited by cybercriminals to access and modify them or take advantage of them at will. Zeballos explains that this situation is especially worrying in Peru because criminals continue to take advantage of the same vulnerabilities as years ago since people, companies and other entities do not update their programs.
“More than 70% of vulnerabilities are already known. Thanks to our telemetry we find that cybercriminals are using the same tools as 3 years ago and they are still effective. There are patches to resolve this issue but, in Peru, they do not consider the renewal of the platform or the software due to cost and other factors “commented the specialist.
Another reason why this exercise is one of the most used by these individuals in our country is because of informality. Companies and state entities hire people without the necessary experience to manage a digital platform and, obviously, the use of pirated software to cut costs also leaves the way for criminals, since users cannot access updates in a way automatic.
“It is understandable that the economy in many sectors is complicated and that they go to piracy due to costs. But ‘the wash can be more expensive than the shirt’ so you have to be very careful with this “Zeballos said.
Ransomware
Ransomware, malicious software that aims to hijack information stored on technological equipment, has evolved into a business with Ransomware as a Service (Ransomware as a service or RaaS for its acronym in English). There are platforms that criminals can access to obtain these programs and use them in their attacks.
Although Zeballos explains that ESET telemetry has found that between 2020 and 2021 the volume of ransomware attacks has decreased, the same has not happened in terms of effectiveness and in the profits it has generated for cybercriminals as a result of their attacks. Ransomware threats are now remote-controlled, that is, they are based on the value of the digital assets they can obtain and strategies are developed to install these files on a device.
“Ransomware is now doubly malicious since it not only prevents access to digital assets but also extracts them from servers and puts them into circulation, functioning as an extortion and blackmail tool since it puts the reputation of people in the market “Zeballos said.
Unfortunately, Peru has one of the first places in incidence of cyber attacks of the Ransomware type. , highlighted the specialist
Brute force attacks on connections
ESET studies showed that, in times of pandemic, attacks on remote connections to steal credentials and gain access to critical information in companies have been growing. This will continue in 2022 and these are not expected to decrease in terms of volume or results. Passwords and data of this type are becoming easier for cybercriminals to obtain.
How to protect yourself from the most prominent cyber threats of 2022?
To ensure our stay in the digital world this year, the main thing for both a person and for companies is to learn about the subject. If you do not know the types of attacks you can be a victim of, it is unlikely that you will be able to do anything about it. Awareness is essential and, above all, it must be constant as these dangers evolve at an alarming rate. Not only is it enough to know about the attacks, but also to train to recognize methods to avoid situations of this type.
Hiring highly trained cybersecurity personnel and updating platforms with legal software are other tips that Zeballos highlights, especially for companies that have embraced hybrid work this year. Of course, raising the levels of security filters is increasingly important with strategies such as “Zero Trust”, which states that each user should be given the least possible access privilege and, based on these, begin to raise them depending on of the position held by the member.
The management and classification in terms of importance of digital assets is something that companies will also have to work on to know what information should be prioritized when talking about security. Network segmentation, that is, providing the corresponding access to each member of the company according to their functions and not giving all access to all, is another process that should be given its place.
In the case of cell phones, Zeballos recommends that the software be updated because it may have some vulnerability that criminals take advantage of, either in the operating system or in the apps we use. Having strong and secure passwords for our accounts and for the same computer is something that must be taken into account since it can save us in more than one situation.
Finally, an additional program that serves as a security layer is becoming increasingly necessary due to the advance of cybercrimes in the world. A software that allows each application to be keyed and that can detect if the device has been infected by Ransomware by browsing a website with active content on the Internet is the way to go if you do not want to be a victim of these individuals during the year.
Remember that you are the maximum responsible for your corresponding team and the provisions you make to protect it will not benefit anyone other than you. Therefore, giving the devices that contain our most private information the relevance it deserves is vital if you do not want to suffer any inconvenience in the future.
!function(e,i,n,s){var t=”InfogramEmbeds”,d=e.getElementsByTagName(“script”)[0];if(window
:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/GIWFXYFCR5CO7ARURVU6PBTN2Q.jpg)
:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/FEFM2G7X7RANNG7QCPW54DZ24E.jpg)
