The British cybersecurity company Tanium published a survey on investments in digital protection in UK companies with alarming results: 79% of them only approve investments in cybersecurity after suffering a data breach; 92% experienced a data attack or breach, of which 74% occurred in 2021. Leadership reticence is also high, with 63% of leaders convinced cybersecurity is only a concern after an attack.
New work practices
The complexity of the situation has grown with the digital transformation of work. If it streamlines many processes, it can also open up serious security gaps. A sensitive point is the “home office”: Companies need effective solutions to eliminate gaps that may appear between employees’ computers (often shared devices) and the company’s internal network.
In this sense, using a tracker blocker is a measure that can help prevent security problems. Also, a VPN is a great option too. In the business context, this kind of protection not only secures users’ privacy but also allows the establishment of protected connections through private servers between employees and organizations.
But this solution is just the beginning of a necessary strategy and investment effort in virtual protection. Complex scams based on phishing, reverse engineering, and backdoor-type malicious programs (“planted” discreetly on a device and sometimes inactive for months) often combine real-world and virtual-world fraud.
The escalation of corporate data hijacking appears in this scenario. The most notorious case at a global level of such an incident, with a million-dollar ransom demand, was launched in 2021 on Colonial Pipeline. This US company paid $40 million to regain control over strategic data after fuel supplies through its pipelines to several states were threatened for days.
Due to this type of scam, cyber risk insurance has attracted the interest of companies worldwide.
New technologies
New cybersecurity technologies will also play an increasingly important role for companies, which must be aware of new developments. The decentralization of operations and backups of a system in clouds is one of them, multiplying the efforts required by cybercriminals to profit illicitly.
Solutions such as XDR incorporate the great analytical capacity of artificial intelligence in the electronic defense of companies. XDR is the abbreviation for extended detection and response and uses artificial intelligence and automation to detect and stop cyberattacks, from the vulnerable end to the email and electronic identity of people in an organization, for example.
The analysis of large volumes of data in a short period of time is extremely relevant to reducing the gaps for cybercriminals, especially in environments where many people work.
With these technologies proven to be effective, the tendency is for them to be widely implemented, leading to a gradual cheapening – until the threats become more sophisticated again.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.