Constancy in Cybersecurity

At present, we know that there are many fields of action in the area of information technology, given its impact on companies and governments, without a doubt this adds to a reality that many of the world's cities have and is already present as a normality, in these cities they have sensors and cameras connected to the Internet that permanently collect and send information to operate different services, many of us live in these cities and in the not too distant future we will spend a large part of our working day living or doing tasks in hyper-connected and technology-filled buildings, although all these advances can be exciting and captivating, we must not forget that behind all this there must be, above all, people who are in charge of the information security of these intelligent systems.

A little advice:

What to do when one or more of the events for which you have been preparing happen?

Well, I recommend you first take a deep breath, and immediately you have to embrace the panic and fear, let that adrenaline take you through the first few minutes, regain control, remember there is a team that is waiting for your leadership, mentally review the plan, instil confidence and apply the guidelines to mitigate the event, I highly commend this that I have practised for many years, since, in the face of despair, everything is bigger and we may not exercise correct judgment.

You will be thinking, how did we go from smart cities? As to how to respond to an event? I think so because there are those who are prepared in case something happens and there are those who believe they are invulnerable, that cyberattacks are the work of fiction and that an effective event of exploitation of a vulnerability will never happen to them.

Those who prevented themselves by shielding their networks and computer systems already have a great advance, those who think that it will not happen to them, because they will not even notice, until it is too late, I know those who say I will hire all my cyber defence with AI and the latest technology and that way I'll be safe, and it won't happen to me, what do you think? Cybercriminals also have these technologies and without fear of being wrong, I'm sure they have much more sophisticated tools, an example: let's see how malware has evolved and very punctually the ransomware.

I would like to tell you that the security measures and considerations to deal with these threats are the same that I have been reiterating in most of my articles on cybersecurity, emphasizing the following with each new technological evolution:

• Allocate a budget according to security, have vulnerability management programs, keep systems updated, monitor the network and its devices, of course have security tools and continue working on raising awareness among business administrators, as well as requesting their inclusion and support, I personally include Zero Trust as a preliminary framework for action.

In these times of health contingencies and absurd wars, I understand that we are uncertain about what will happen, and it is quite correct to think something like this in the face of unexpected events such as a pandemic or the events in Ukraine, or Israel, Palestine, without However, information technology personnel similarly to a doctor must be in the first line of defence of their computing environment, since remote connection services are being provided in many variants and methods, we must not relax and go down the guard, remember: many interests of the companies where we work depend on us.

In this way, the rapid evolution of Information and Communication Technologies (ICT) has not stopped either, which has decisively contributed to the well-being and progress of societies, let us bear in mind that for now we continue to adapt to new alternatives for the remote work or Home Office that originated in the pandemic, without a doubt, this evolution has established an indisputable dependence on their socioeconomic development, however, we can negatively observe that an increasing number of risks and threats have also appeared, giving rise to an increasingly hostile cyberspace.

I am very insistent on this issue, so I recommend that we review the security plan, from our homes of course, always keeping in mind that it is essential to effectively manage the security of digital technologies, enhancing user confidence in their use of advanced services and the relationship through electronic means, this being an element of many doubts, due to operation problems of said services.

If I can define by sector of activity, I am sure that banks spend more on cybersecurity solutions, they have the obligation to discreetly manufacture this infrastructure and follow government regulations such as the Law to Regulate Financial Technology Institutions (FinTech – CONDUSEF, this in Mexico), according to the trend in 2023, it is revealed that these markets represent almost 30% of total security spending worldwide in the first semester, with managed security services as their highest expense, the side effect is that the public sector, telecommunications and resource industries will experience the fastest spending growth in the coming months, even if not at the same rate, as the demand for protection increases.

According to the trend, it is evident that in terms of cybersecurity, Mexico and Latin America will face great challenges in 2023 in cybersecurity:

• ?????The vulnerability of instant messaging applications.
• ?????Use of Targeted Ransomware.
• ?????Attacks on corporate environments and supply chains.
• ?????Cybercrime will displace conventional crime on the global stage.
• ?????The proliferation of tools will open up new security vulnerabilities.
• ?????They will take advantage of the cost of living crisis to attack individually.

Returning a bit to the case of smart buildings and cities, although the reported security incidents can still be considered as isolated cases, attacks on these control systems have been identified among the objectives of cybercriminals, these computer risks will continue to be present in areas ranging from personal life to the processes of international corporations and governments.

It is clear that currently speaking in individual terms, users are facing disinformation campaigns on social networks, scams, extortion, theft of streaming service credentials, and personal identity theft through SIM Swapping (identity cloning using cards). SIM), I remind you that the ability of cybercriminals to take advantage of the expanding attack surface and the resulting security breaches generated during the digital transformation process have also increased.

One aspect of technological progress that we should not stop contemplating is the most sophisticated Techniques by integrating the benefits of AI and swarm technology. It seems to me that this model is very fortunate, since it is about to change to the extent that more organizations protect their networks by applying the same type of strategies that criminals are using to attack them.

Undoubtedly, one of the vulnerabilities that we cannot control is the data breach caused by third parties, it is a fact that does not want to be recognized, it is common for many companies to outsource most of their business processes to external providers, since this allows them to It allows reducing costs and speeding up production and delivery times, so far, the problem is that some of these providers have little experience and operate in very competitive markets and their level of data protection is not as efficient as that of the big organizations.

There are those who want to generate the greatest damage and affect the greatest number of people through cyberattacks against critical infrastructures of public services, water management, trains, electricity in entire cities, nuclear plants, even when it is not published, this trend is on the rise and has become one of the main targets of cyberattacks.

This aspect is not very visualized from business thinking, however, Infections to regional suppliers in attacks of the supply chain type have always been latent, let's pay attention, this can be asymptomatic, and we may not realize it, however, it is reasonable to believe that IT companies that produce massive software in Latin America are a target of such attacks, so we must raise the level of maturity of computer security in many companies of this type, for example: those that produce accounting software, The penetration of the software originated by these companies in the market is usually important, so that for the attackers this modality will mean a low investment with a high impact on their victims who use the compromised software delivered through a hack attack supply chain (Distributors) over time.

At present, it is quite common to talk about scams and those related to bitcoin are in order, not only those known as sextortion (extortion) where the victim is accused of having seen pornographic material on his computer and publicly denounce it, but other scams more elaborate to raise funds through Phishing aimed at users of cryptocurrency trading and exchange sites.

The disadvantage of mobility drives the increase in attacks on financial institutions, specifically, for example, events that we can see with reports of attacks on Banorte, this means that cybercriminals are attacking not only financial services customers, now they are seeking to compromise the banks themselves or any institution or organization that offers this type of service.

“Employee compliance is the main challenge to implement the cybersecurity strategy”

Humanitarian emotional exploitation of attacks on financial institutions and their clients related to regional migration and displacement of people for various reasons, these scenarios will bring new challenges even for countries where high-profile cybercrime has been seen as almost non-existent.

A trend that is not mentioned is the exponential increase in the expansion of SIM Swapping as a service in Latin America, where criminals offer to clone a particular line so that other individuals can carry out illegal activities such as identity theft or gain access to financial sites with the objective of stealing money from the victim, however, the scenario of access to large social network profiles protected with 2FA through SMS is quite worrying.

This trend is becoming a classic, and it is the theft of credentials related to entertainment sites such as Netflix, Spotify, Steam, etc., they are based on the launch of new streaming services and an increasing number of people using media digital for entertainment, and it is clear that this type of crime will increase and credentials sold in illegal markets will be a bargaining chip among cybercriminals.

What I show you is just the tip of the iceberg, let us consider that we are somehow a few steps behind cybercriminals and their technology, but that this does not scare us, on the contrary, it gives us the desire to know more, to learn and practice With many more software and hardware tools that help us strengthen our security systems, as well as the tireless spirit of providing support to our users, we need to carry out more awareness tasks as something daily and very fruitful for the care of the computing environment and reward for the business with more informed and trained employees.

It continues to be a sensitive issue, the threat of internal sabotage and data theft, we know that it has always been high in government organizations, there it proliferates that employees require privileged access to carry out their work, therefore the highly confidential information they have at arm's reach may be compromised, accidentally or otherwise, we know that in some places due to the current economic crisis, there will be no leftover vulnerable employees who may be particularly susceptible to blackmail by these groups like Lapsus$ in Latin America, for So public sector organizations must now strengthen their defences from the inside out, using sophisticated penetration testing methods such as red team assessments.

Cybercriminals with no technical IT background can carry out the most devastating cyberattacks by exploiting the advantage that “as a service” models give them, creating a means of making quick dirty money for a fraction of the effort.

That's why don't let your guard down, find out, talk to your peers and stay up to date, don't rest on your laurels, be constant, very constant and don't fall into the egocentrism that you are superior to cyberattackers.

Let's think if:

• ?????Why should continuous learning be an imperative in the digital age?
• ?????What prevents leaders from making decisions?
• ?????We can define How CIOs can drive a continuous learning migration?
• ?????When should we implement strategies on the critical path to strengthen cybersecurity?
• ?????Do you have a comprehensive approach to protecting high-value critical path data?
• ?????How does your company carry out the Management of cyber incident response teams?

Tell me, what is it like in your country, on your continent, in your economic environment? Knowing more, sharing and finding trends helps cybersecurity specialists a lot, there are many tools, even that have stopped attacks, however, They have not succeeded without information, let's open our minds and be better, let's not be selfish, if the attackers can unite and organize, we as those responsible for cybersecurity can too.

I await your comments, as always welcome.

His friend,