By: Diana Bello Aristizábal
In recent years, cyberattacks on large and medium-sized companies have become the common currency to such an extent that it is already said a ransomware attack occurs every eight minutes. This fact, which began to worsen with the arrival of the pandemic, not only has an impact on the corporations that suffer it but on the entire population.
This was the case of the attack suffered by Colonial Pipeline in May that ended up affecting fuel supply on the east coast for roughly a week, as well as that of a water treatment plant in Tampa (Florida) that almost poisoned the water supply and that of JBS meatpacking that processes about a fifth of the country’s meat, among many others.
Even more concerning are the attacks that have been perpetuated on hospital networks preventing access to patients’ files, which has put their lives in danger of death.
“We are seeing a significant increase in these types of attacks on corporations in the supply chain and the manufacturing industries,” explains Ross A. Seay, Cyber Security Subject Matter Expert at Maverc Technologies.
These attacks, in addition to impacting the safety and health of millions of people by being interrupted or altered essential services, also create economic losses not only to large companies that have to pay millionaire rewards for having their data back from he hands of cybercriminals but also the pocket of consumers.
“Many people were unable to go to work during the attack on the gas pipeline because they couldn’t find a place to fill up their vehicles’ tanks,” explains Ross. This in areas such as South Florida, which doesn’t depend on the pipeline, was generated when people flocked to find gas driven by fear, which caused a fuel shortage.
In addition to the above, citizens are also directly affected when much of the data that is stolen from large corporations belongs to their clients, putting their identity and more confidential information at risk.
What motivated the increase in cyberattacks?
In the face of this bleak outlook, which affects us all equally, it is important to ask ourselves where the problem lies and how cybercriminals now operate. According to Ross A. Seay, they began to develop more sophisticated ways of accessing information from the beginning of the pandemic when everyone started working from home.
“This fact added an additional risk to corporations, especially those of medium and small size that did not have the financial means to buy a robust security system, something that hackers took advantage of to access their data through their employees that were working from home, ”says Ross.
But the attacks began gradually and on a smaller scale with Zoom, the most used virtual meeting platform during this pandemic, becoming the first one to be compromised.
“Whenever something is used massively and for the convenience of a large number of people, someone will come to try to use it for malicious purposes,” says Diego Tibaquirá, computer science professor concentrated on cybersecurity and cloud computing at Miami-Dade College.
According to the professor, the problem was that employees of all types of companies were poorly trained on good digital security practices, which made them not take the necessary precautions to avoid this scourge.
“If I am an employee and suddenly I am struck by a pandemic, I am not thinking about how to protect my data but about continuing to do my job well from home and how to communicate. I do it without thinking that someone could enter my system and this was precisely what increased malicious acts during last year,” he adds.
On the other hand, these acts began to be more common when all the companies started paying the ransoms requested by criminals. “Companies pay to protect their reputations, but each time they do so, they give hackers more strength to continue their illegal activities,” says Professor Tibaquirá.
In his view, although it is true that a corporation that has dedicated time to build its reputation cannot risk losing a large number of customers, this in the long run only worsens the problem.
“If ransoms are not paid, citizens may be affected in different ways when an essential service is interrupted. However, if companies start involving agencies like the FBI on the issue and don’t pay, criminals more and more often will have to find other ways to make money because it’s no longer profitable for them to commit cybercrimes,” he says.
Also, according to Ross, the failure of corporations to prioritize cybersecurity has too aggravated the problem. “Many do not see this as a worrying issue to address because they are more focused on those areas that allow them to create income.”
Therefore, some corporations still operate outdated and old systems, exposing themselves to more sophisticated threats that these systems are not capable of attacking or tracking. Many generally choose not to replace them due to lack of resources.
So, what would be the most effective solution? Give cybersecurity the priority it deserves. “There must be a cultural shift from corporations and individuals, understanding that knowing this topic is as important as when you leave home and lock the door. How can you stop a problem if you don’t have the information to end it?” Ross asks.