This is how the recent report published by Europol describes the current scenario that evaluates organized crime in cyberspace in 2020 (IOCTA – Internet Organized Crime Threat Assessment).
Despite the trend that points to increasing sophistication of some criminals, most cyber attacks originate from social engineering, an evolution of the old “vicar’s tale”. Promises of lucrative investments, miraculous medicines, hot romances, payment complaints, or any other situation that may cause the user to react to an email, phone, SMS, or a message on social networks, are sources of daily attack.
Another example is ransomware, which is nothing more than holding hostage essential data as well as the computer systems that support most of the activity of any company.
Over time, the cybernetic element of crime infiltrates almost all areas of criminal activity and in all activities and geographies. These attacks are largely successful due to inadequate security measures or insufficient awareness of users.
All of these scenarios and ways of communicating are common and effective for obtaining information, accessing systems, and essentially significant profits.
Last week a well-known organized cybercrime group proudly published that its malware-related activity had earned $ 100 million in the last year and that it expected to reach $ 2 billion a year.
The global pandemic has enabled these cybercriminals to take advantage of our society when it is most fragile, both personally and in business.
The answer needs to be a revolution. Cybersecurity, so often overlooked, has become a priority. The old security perimeters are outdated with the new realities of mobility and teleworking. The focus has widened to such an extent that a small revolution needs to happen in each entity. People and organizations need to be alert and know how to deal with threats and companies need to look at their systems seriously and assertively. One-off measures, with questionable investments, proposed by inexperienced “professionals” are not enough.
It is necessary to understand the business, adequately assess weaknesses, and implement appropriate measures, both in terms of effectiveness and value.
Develop new applications and solutions thinking about security from the first step, and above all implement control mechanisms that allow raising awareness, limit, control, and alert access to critical information or systems.
The old strategies do not work, it is proven, the paradigm has to be changed. Zero trust, behavioral analysis, and artificial intelligence are some of the technologies that have to be leveraged to create types of defense, where identity is the perimeter and trust has to be won.
By Rui Carvalho, Head of Cyber Security at InnoWave
Source : Dinheiro Vivo – https://www.dinheirovivo.pt/opiniao/o-cibercrime-e-uma-evolucao-nao-uma-revolucao-12995301.html