Situation analysis of the last 12 months
Cybersecurity in every company goes far beyond having a set of products and services to protect against attacks, blockages, or unavailability of our technological and production environments. Below, we present a series of data and considerations on the current situation in terms of cybersecurity.
An analysis of the situations over the last 12 months leads us to the following considerations:
- The number of cyberattacks in our country has been reduced by more than 20%.
- On the contrary, the average amount of “rescues” has multiplied by 5 (not including recovery costs, which have multiplied by 3).
- Ransomware attacks have been the dominant threat, with two trends depending on the type of criminals. One focused on operations with multimillion-dollar ransoms and others, in smaller amounts, but with higher volumes of attacks.
- Vulnerabilities were exploited as the most common method (over 32%). This type of attack had a greater impact on the companies attacked, both in terms of the compromised technological infrastructure and in the operations and finances of these companies. This attack method was followed by compromised credentials (29%) and malicious email (23%).
From IT to the spread of OT and the activity of so-called nation-state attacks
- The current trend is going beyond ransomware attacks. We are seeing an increase in attacks aimed at stealing data (the most popular are health data and secondly financial data) and are aimed at using the reputational impact if the success of the attack is made public as a mechanism of pressure or blackmail, in addition to the illicit trade typical of this type of information.
- Strategic attack activity has increased in critical sectors with the participation of cybercriminals from the so-called “Nation-State”. These attacks focus on infrastructures and companies that provide, produce and distribute products and services (industrial and essential supplies). Thus, the most common attack up to now, from the IT technological infrastructure, to the areas of industrial sensorization and distribution elements such as power plants, water, refineries… which are in the OT area.
Guidelines for organization and action in cybersecurity
We must analyse and decide what our individual strategy should be as a company in the face of this real threat to our survival and evolution. This is not just about having certain more or less advanced products, it is about defining and effectively implementing our CYBERSECURITY strategy.
Guidelines to follow
To do this we must have and execute a specific action plan that includes:
1. Know and assess the strength and availability of our own technical, technological and human resources. Our resilience to security breaches in our on-prem and cloud environments, and verify that we have truly operational strategies for contingency and recovery services in the face of “disasters” such as cyber attacks.1. Know and assess the strength and availability of our own technical, technological and human resources. Our resilience to security breaches in our on-prem and cloud environments, and verify that we have truly operational strategies for contingency and recovery services in the face of “disasters” such as cyber attacks.
2. Design an architecture and train your organization to operate in the event of a cybersecurity impact. At all levels, both technical and senior management, in contact and collaboration with the competent Public Bodies.
3. Task simulation exercises and performance of all resources (people and infrastructure) in the event of an attack. (Red Team, etc.)
4. Have a continuous system (own or contracted) for detecting, monitoring and eradicating threats, with alert management and containment mechanisms (MXDR).
5. Containment and response mechanisms (CR). The critical element is the response time. This will have a decisive impact on a faster recovery of the company. The team will act according to the trained action plan, containing the damage in the impacted areas and preventing its spread to other areas. At the same time, the damage produced is managed and the attacker's action is defeated.
It is difficult for any company or organization to be able to tackle these critical situations with only its own resources.
We are a company present in our market since 1997, which has specialized Technical and Technological resources to provide coverage and support for the products and services required in this area of Cybersecurity, regardless of the size of each company and we are leaders in this area of products, services and solutions.
Our portfolio includes essential services to comprehensively protect our clients' IT infrastructure. Through our solutions, we guarantee security and resilience against cyberthreats.
We collaborate with experts such as Tenable and Sygnia, who provide us with advanced technologies and effective strategies to offer high-quality cybersecurity solutions and rapid response to incidents.
Protect your business with our cybersecurity solutions!
If you would like more information or a personalized consultation, contact us today and take the first step toward a stronger defense.
