Cyberattacks not only generate millions of dollars in losses for companies, but also hit their reputation hard and fines on account of the impact on users, so this will be an increasingly relevant issue in 2022 at a time when information hijacking is booming.
It is estimated that the average cost faced by companies due to ransomware attacks in the world is around US$1.85 million and in the case of financial services firms it reaches US$2.10 million in 2021, affecting not only their finances but also their productivity taking into account downtime, the number of people focused on solving the problem, among other factors.
The A3Sec, a business group specializing in this area and with a presence in Spain, Mexico and Colombia, believes that cybersecurity will be a key pillar for the future of businesses and their sustainability in 2022, taking into account the million-dollar ransoms that organizations have had to pay to recover their information in 2021.
A clear policy in this area will help companies to capitalize on opportunities in 2022 in a scenario in which technological infrastructures are in the sights of criminals and many organizations are exposed by not shielding themselves with tools based on big data, machine learning or cloud computing.
With the digitalization of work activities due to the pandemic, many critical business processes were exposed to cybercriminals, and as a result, it is estimated that cyberattacks grew more than six times during the coronavirus crisis in some markets.
In this scenario, it is key to be able to protect infrastructures to reduce exposure time and attack surface from three approaches: prevention, detection and response to face both known and unknown threats.
A relevant topic on the agenda
An indication of the relevance of this issue during the pandemic is that 12% of CEOs surveyed in Australia, Canada, China, France, Germany, India, Italy, Japan, Spain, the United Kingdom and the United States (core countries) considered cybersecurity to be the greatest risk to the growth of their organizations in the next three years, while in South America this percentage is 14%, according to the KPMG 2021CEO Outlook.
CEOs were also asked what are the key steps they will take to develop digital resilience over the next three years, to which 42% of them, in the so-called core countries, answered "establish a strong digital and cyber risk culture that is championed by senior leaders", lower than the percentage of South American leaders who gave this answer (51%).
In addition, 58% believe that they are prepared to respond to an eventual cyber attack in core countries, as cybercriminals are more specialized and combine different strategies to achieve their purposes through social engineering or much more advanced methods.
A year of major attacks
A3Sec sees that 2021 will be remembered as the year of several of the most critical cyber attacks in history, as between May 6 and 7 the extensive Colonial Pipeline, located in Alpharetta (Georgia), fell victim to malware that not only crippled its operations, but also put the U.S. oil industry in check to the point that President Joe Biden had to declare a state of emergency.
Unlike a few years ago, cybercriminals are no longer focusing their strategies on the financial services sector alone, but are exploiting the vulnerabilities of organizations of all sizes and in different sectors.
This year, the Brazilian company JBS, considered the largest meat packing plant in Latin America, also fell victim to cybercriminals and paid US$ 11 million to recover its systems following the actions of REvil, an organization dedicated to spreading ransomware. Among the large-scale cyber attacks that occurred during the year, the one suffered by the live streaming platform Twitch in October, which exposed the entire source code of this service and also leaked a file with 125 GB of information.
Ransomware: the enemy of the year
According to the report The State of Ransomware in Financial Services 2021, published by Sophos, 34% of financial services companies were victims of ransomware in the last year, which shows that this attack based on the kidnapping of information continues to be at the top of the cyberattackers' list.
Some 51% of companies that were victims of ransomware acknowledged that cybercriminals managed to encrypt their data and 25% paid the ransom to get it back, according to Sophos, which commissioned a survey on the subject from research agency Vanson Bourne, which consulted 5,400 IT managers in 30 countries.
As part of the research, it was reported which sectors of the economy were most affected by information hijacking, and retail and education were the most impacted (44% of respondents in that industry said they had been affected).
Further down the list are business and professional services (42%); central government (40%); IT, technology and telecommunications (37%), manufacturing and production (36%); energy, oil/gas and utilities (36%); healthcare (34%), among others (graph source: The State of Ransomware in Financial Services 2021 - Sophos).
Given this scenario, A3Sec sees that 2022 will be a decisive year for organizations in this area, and therefore, it is essential not to continue postponing the decision to adopt a cybersecurity strategy that contemplates different layers of protection, something that cannot be improvised and in which it is a priority to have expert advice to ensure that the most valuable asset of the XXI century, the information, is safe.
