Ransomware, the most common virtual risk for companies

Cybercrime does not rest and finds more ways to attack its victims and obtain information or resources; however, an old acquaintance remains at the top as the virus most used by cybercriminals and through which they manage to obtain large incomes, the so-called ransomware or the hijacking of information, confirm specialists consulted by The Day.

Companies in the financial sector are the most vulnerable to this type of attacks, in which cybercriminals, through a false email or with the help of someone within the organization, manage to enter a company’s systems, violate them and then request large amounts of money to recover the data and not be disclosed in the dark web.

According to a survey by IBM, the technology multinational based in the United States, worldwide, the average cost of a cyberattack can be around 4 million 400 thousand dollars, while in Latin America it is estimated at 3 million 600 thousand dollars.

Most cyberattacks may remain the same from 20 or 30 years ago, but what has changed is the quantity and now there are more people connected. It must be remembered that during the pandemic the number of people connected increased and they used their personal computers to access their office networks. It was not foreseen that there had to be certain controls to ensure that it was not an entry point to companiessaid Manuel Díaz, director of cybersecurity at Huawei Mexico, in an interview.

“A very big risk that organizations and companies must take into account is the ransomware, because it has become a lucrative business, in which criminals with certain technical knowledge violate an organization’s data, kidnap the information and ask for a ransom; It is one of the threats that continues to grow because more applications are being used,” said the expert.

Cost and objectives

According to Accenture – an international consulting firm based in Dublin, Ireland, and with a presence in Mexico –, globally, in the last year, the cost of information hijacking increased 27.4 percent, and the total price to recover information and Putting the systems back in order is around 133 thousand dollars.

“The objective of ransomware is to encrypt a victim’s data and demand payment of a ransom to release it, which has a large impact and associated cost, beyond the payment of a ransom. It impacts various industries, however, beyond the situations that each particular organization may have, such as infrastructure robustness or cybersecurity controls, there are certain industries that are naturally attractive to operators,” said Martina López, security researcher. ESET Latin America IT.

Huawei’s Manuel Díaz believes that the success rate of cyberattacks against people or companies today is high, and the worrying thing is that is that they continue to increase, it is becoming easier and with access to a low percentage of information attackers can have great income.

“The most vulnerable sector remains the financial sector and more recently in the attacks of ransomware It is the commercial one, but the first one is the main one, since cybercriminals can obtain quicker and easier profits,” said the director of the Asian firm.

ESET agrees with this, stating in an analysis that financial institutions operate with massive volumes of daily transactions involving significant sums of money, which creates an attractive environment for attackers looking to exploit the disruption of these services to extract a ransom.

At the same time, ESET specifies, the public sector is also in the crosshairs of cybercriminals, since government agencies, municipalities and other state entities handle a large amount of critical information such as identification numbers, addresses, tax and health information, among others. others.

This data is highly sensitive and valuable on the black market, as it can be used for fraud, identity theft and other crimes. In addition, government systems handle sensitive information related to national security, critical infrastructure and political strategies, which further increases its appeal.

Now, he added, they are also seeking to hijack information or systems from the health sector, since these institutions “manage a wide variety of sensitive information, including complete medical records, insurance data, laboratory test results and research studies.

“The interruption of health systems due to attacks of ransomware can have serious consequences, from canceling surgeries and treatments to the inability to access critical information in emergencies.”

What is to be done

Manuel Díaz, from Huawei Mexico, believes that although there are currently public policies on cybersecurity, they simply and simply Organizations have to, first, raise the relevance of these issues at the level of general management or boards of directors..

This risk must be analyzed, prevented and competence and response capacity developed. Organizations can hire prevention services, cybersecurity aspects must be incorporated… but it must be considered that there is a shortage of talent in this matter,” he stated.

For his part, Óscar Currea, director of financial lines at INTERprotección, estimated that by 2027 cyber attacks could cost 23 trillion dollars worldwide, and “this means that cyber risks are increasingly complex, since today everything is interconnected … An attack can lower a company’s share price, which should be a concern of the board of directors.”