The digital world in which we currently live has given rise to interconnection scenarios that have allowed us not only to be more connected, but also exposed to various attacks and threats that could endanger our physical and emotional integrity. Aware of this reality, the Risk Committee of the British Chamber addressed the issue this Tuesday afternoon with three specialists, who, based on their experiences, shared valuable data with the participants.

Our director at MásQueDigital and MásQueSeguridad, Rafael Eladio Núñez Aponte, was one of the invited panelists and presented the paper IT Risks 2022.

Rafa began his speech by recalling that he has been in the computer security area since 1998 and that since that year, until now, not many things have changed. He stated that the topic of social engineering (which is the art of deceiving cognitive biases in the human factor as the weakest link) continues as a trend, but added that currently the pandemic has joined, which has brought with it the implementation of telecommuting and the use of sensitive company assets at home.

Modelo de trabajo híbrido y phishing

In that sense, he referred to four factors that he considered relevant to explain in detail and have to do mainly with the hybrid work model and the challenges for the company. He recommended having the antivirus updated, as well as the operating system with its updated and legal patch.

He then talked about phishing and the human factor as a key model. “We have seen in the news how millions of dollars have been stolen from people, simply by posing as any bond that you have of an affective nature, of a behavioral pattern nature or how you can be looking for information on the Internet and the phisher goes and he sends you a booby trap”, he expressed.

He mentioned Instagram’s privacy and image safety policies. He explained that when the user publishes a photo or music, and they ask him to fill out a form so that his account is not closed, people practically end up giving away the password.

He also mentioned the case of a journalist who recently had his Telegram hacked.

He explained that this person received a text message from a company offering him a promotional code and ended up delivering his download and validation code from the aforementioned network. “We helped him report it, he recovered his Telegram, he activated two-step verification, but at the end of the day the criminal kept his entire contact list. What does the criminal do? He pretends to be him from another number and begins to say that he has financial problems, that they send him a Zelle and he scammed about 5 people. Imagine the reputational damage that this can cause in a public figure.”

The next factor he alluded to was that of the technological challenges for the company: “The biggest challenge is that you expand the surface of the attack, which means greater risk,” he said while recommending having all the prevention mechanisms with this work hybrid, “up to a VPN that not even companies implement to encrypt information between home and office.”

Future of cybersecurity

• That the organizations of the region improve their security policies, migrating towards Zero Trust management.
• Use Blockchain to guarantee the integrity and availability of information.
• Implement powerful technologies such as Blockchain and Machine learning, since it is what is being used a lot at the server level.

Finally, he referred to the 2022 cyberattack forecasts, among which he mentioned: development of remote access banking Trojans, QR code attacks and Skimmers or card cloning devices that are used with the aim of stealing payment data. of customers.