Over the last few years, we have become accustomed to using great concepts such as digitalization or globalization, phrases like «information is power» or «data is the new oil» and anglicisms to describe the great advances that are already disrupting the way businesses operate, such as the Cloud or Machine Learning. Behind all these issues there is a broad and complex panorama of opportunities for companies in an era in which the physical is merging with the digital. All this magma of business opportunities is also accompanied by cyber risks. Not only have companies gone digital, but bad criminals have gone digital as well. For this reason, every company and institution with a digital presence must rely on the cybersecurity services that are essential to arm itself against attacks.
The war on the digital plane is like this one: infinite. Companies that want to successfully overcome the challenges of the present and the future and the aggressions of criminals have to place cybersecurity as a strategic element as relevant as their business model, their infrastructures, and their talent.
We will now explore the main risks faced by companies and institutions in the digital era and which cybersecurity services are essential to protect themselves proactively against vulnerabilities and the development of new malicious techniques.
1. No organization can turn its back on cybersecurity
On January 2 of this year, with the grapes still in their throats, students and teachers at the Universitat Oberta de Catalunya (UOC) discovered that they were unable to access the University’s Virtual Campus. The UOC’s systems had been the victim of a successful cyberattack. Bearing in mind that we are referring to a fully digitalized distance university, the incident affected both its educational model and its business model, just before the first semester exams. The case of this institution is not an exception; in recent times many Spanish universities have been attacked: the Autonomous University of Barcelona, the University of Castilla-La Mancha, the University of Oviedo… The list is growing.
1.1. Crises in the digital world move to the physical world
Some companies may think that cybersecurity crises are only serious for fully digitized businesses. Where everything they do and everything they market takes place in the digital world. While companies that build and sell physical products are safe, after all. Big mistake. For example, something as every day as beer. A year ago, Estrella Damm, one of the leading beer companies in our country, had to paralyze its production for two days as a result of a cyberattack.
Two days in which the company was unable to produce its products, but in which costs remained unchanged. Not to mention the inconveniences that this paralysis caused in its usual supply chain or its stock management. In addition to the direct economic damage, any security incident of this magnitude is associated with reputational and, in the worst case, legal damage.
In many cases, the attackers’ objective is not to paralyze the business’s systems, but to steal customers’ data. This was the case earlier this year with a large-scale attack against Iberdrola. The energy company suffered a data leak affecting 1.8 million people. Although bank details were not breached, the attackers got hold of customers’ contact details. This information is of great value when it comes to implementing other techniques such as phishing.
According to the insurance company Hiscox, in 2021 Spanish companies had to pay an average of 100,000 euros to deal with cyber-attacks. A figure that doubled compared to the previous year. Hence we affirm that organizations cannot live with their backs turned to cybersecurity.
2. Leap to the Cloud and teleworking: There are also threats in the cloud
The digitalization of companies, institutions, and households experienced a dramatic acceleration in 2020 in the wake of the covid-19 pandemic. With physical mobility severely limited to contain the spread of the virus, digital mobility gained prominence. Distance medicine and education, e-commerce, and teleworking experienced an unparalleled boom.
This consolidated the process of digitalization of the economy and society, with all the advantages that this process has for businesses, institutions, and citizens. However, the leap to the Cloud or the extension of teleworking must be accompanied by solid security programs, capable of anticipating threats, resolving vulnerabilities, and successfully dealing with attacks.
Thus, companies must not only take up the challenge of migrating their systems and assets to the Cloud to become more operational and agile and reduce costs. They must also strengthen the leap to the cloud with essential cybersecurity services, from security audits of web platforms or mobile applications to advanced penetration testing to measure resilience against attacks.
The same is true for teleworking. Companies no longer have one or several offices, with telecommuting every home is an office and every computer and network must be efficiently protected against possible internal or external attacks. In this sense, in addition to the essential cybersecurity services, it is also of great importance to focus on the training of all personnel. The awareness of all workers is key to minimizing the possibility that human carelessness opens Pandora’s box and leaves the entire organization exposed.
3. Cyber exposure is as dangerous as any business uncertainty
Given the above, it is inescapable to note that cyber exposure is nowadays a major issue that companies and institutions have to take into account when designing their business strategies.
In a socioeconomic context as turbulent as the current one, all organizations are aware of factors that cast uncertainty on their business. From spiraling inflation to the effects of the war in Ukraine, from the political vicissitudes of each country to the general economic situation.
Cyber exposure is just as important an issue as all of the above-mentioned derivatives. Or even more, because unlike them, it is not cyclical, but systemic. Cyber-attacks on companies are not going to stop; on the contrary, they are increasing year by year. Without going any further, in 2021, the Government detected 180,000 malicious intrusions against Spanish citizens, companies, and public institutions.
If companies do not take ambitious measures to implement comprehensive cybersecurity strategies, they are exposing their assets and business continuity to all the intrusions and attacks that are launched daily on a global level.
We should also note that digitization increases cyber exposure. Since there are more and more assets that are in the cloud. This makes management and control more difficult and has an impact on the security that we have the information of our asset inventory updated.
4. The big security threats
The cybersecurity landscape is constantly changing. Different types, techniques, and attack methodologies emerge every day. As a result, the main threats to the security of organizations are also mutating.
Taking into account the likelihood of attacks and the level of risk associated with their impact on organizations, Tarlogic’s cybersecurity team has mapped the top ten security threats.
Furthermore, analysts and professionals at Tarlogic Security point out that 80% of cyber-attacks today leverage identity-based attacks to compromise legitimate user credentials and employ lateral movement techniques to evade detection by security systems and equipment.
So while technology is crucial to detecting threats and patching vulnerabilities, users also play a vital role in reducing risk and preventing malicious actors from succeeding.
4.1. Top 3 risks
Among the various security threats, the Tarlogic team highlights the top 3 risks, taking into account both the probability of these types of attacks occurring and their potential impact on organizations’ systems. We refer to ransomware attacks, phishing, and the pernicious use of credentials.
4.1.1. Ransomware
Malware has been tormenting companies and citizens around the world for decades. Viruses and Trojans have infected the systems, software, and hardware of thousands of organizations. And in recent years, ransomware attacks have come to the forefront.
This type of malware is software that infects systems and seizes the data and information stored on them. To free them, a ransom is demanded in exchange (hence the prefix ransom). In this way, by hijacking the data, the attackers manage to enrich themselves illegitimately at the expense of the victims.
Like other malware, ransomware enters the targeted systems via malicious links which, when clicked, download the attacking software. Or through fake applications that users download to their devices.
This is why user awareness is essential to prevent ransomware from infecting organizations’ systems, breaching their security, and getting their hands on confidential and valuable data. This is why Tarlogic professionals categorize the risk level of these attacks as critical for companies and institutions.
4.1.2. Phishing and spear phishing attacks
In addition to the spread of malware, social engineering attacks have recently gained ground and are becoming increasingly sophisticated and effective. Of these, phishing attacks are particularly noteworthy.
This technique consists of sending emails that appear to be genuine and which, theoretically, come from trustworthy organizations, such as banks, public institutions, or energy companies. However, behind these emails are not these organizations, but criminals who have supplanted their identity to manipulate the recipient and obtain crucial data and information, for example, the bank details of a person or company.
Phishing attacks result in identity theft, fraudulent access to organizations, and the commission of criminal operations. All of this can lead to large financial losses for the businesses and individuals who are victims of such attacks, as well as reputational and business crises.
In addition, phishing is commonly used to gain credentials that later allow you to enter an organization to remain in it and use that movement for other fraudulent purposes, or simply to remain hidden.
4.1.3. Use of credentials
Tarlogic Security professionals point out that the use of credentials to access an organization’s system can be used for different attack purposes. From brute force to social engineering, to credential theft or fraud.
The usual security controls around the use of credentials and more specifically the generation of credentials are evolving towards a model in which humans are no longer involved.
It is therefore essential to have an effective credential management system and to constantly audit and test the security strategy. Only by implementing essential cybersecurity services can a company’s software and hardware be secured and ensure that user credentials are not stolen, usurped, and/or misused.
4.2. Other relevant threats
Alongside these three major threats in the current landscape, Tarlogic’s cybersecurity team highlights seven other threats that it is pertinent to consider when hiring cybersecurity services that are essential to protect against criminals. We can systematize these threats according to their impact on organizations.
4.2.1. Very high risk level
- Information leakage. Depending on the extent of the leak, the impact of the leak can be very high in terms of the risk faced by a company.
- CEO fraud. This type of social engineering attack is similar to phishing, in fact, the main difference with the former lies in the type of victim selected: positions of responsibility within a company. Hence CEO fraud is also known as whaling. Through this social engineering attack, an attacker impersonates a CEO or director to request confidential data from a professional of the entity with access to it.
- Insider threats. When we think of cybersecurity attacks, most people think of external actors seeking to breach a company’s systems. But attacks can also come from within the organization. For example, a company employee can run malware on his or her work computer or conduct a data breach. The cybersecurity services that are essential today take into account this casuistry.
4.2.2. High risk level
- DoS attacks. Denial-of-service (DoS) attacks seek to disable the use of a system by illegitimately exceeding the number of user requests or connections that web servers can handle simultaneously.
4.2.3. Moderate risk level
- Disinformation. If companies and users are uninformed about cybersecurity and malicious attacks, they are more vulnerable to attacks and techniques such as ransomware or phishing.
- Physical catastrophes. Just as what happens in the digital world impacts the physical world, what happens in the physical world also reverberates in the digital world. Especially if a physical catastrophe, such as a fire, causes serious damage to the hardware and physical infrastructure that supports the systems of a company or institution. It can lead, for example, to the loss of crucial data about a business and its customers.
- Hacktivism. Of the 10 threats we have addressed, this is the least likely and its impact on the organization is moderate.
5. The main trends in cybersecurity: The biggest risks in the short term
Taking into account the threats we have just discussed, what are the main cybersecurity trends of today? What risks do companies face today? And tomorrow?
Based on our experience and daily work, the Tarlogic team has identified three major cybersecurity trends: exposure of organizations, attacks on the supply chain and user authentication mechanisms.
5.1. Increasing the attack surface
As we noted earlier, some of the major technological, economic and social changes of recent years have increased the level of cyber exposure of companies. The leap to the cloud, the expansion of teleworking, the existence of highly connected supply chains and the use of cyber-physical systems have had sensational consequences on the functioning of businesses, their economic results and the way their professionals work. But it has also increased the attack surface of organizations.
As a result, cybersecurity has become a strategic issue for any company. Thus, beyond having perimeter security systems and basic threat detection and response mechanisms, organizations must contract a series of essential cybersecurity services. From the different security audits to Red Team or Threat Hunting services and opening up to more holistic approaches such as the Zero Trust philosophy.
Only in this way will they be able to manage a broader set of risks, address vulnerabilities proactively, combat threats proactively and anticipate attacks.
5.2. Attacks on the supply chain
Let us imagine a company engaged in the production of Italian pasta. The company does not plan its wheat but relies on a supplier to supply it. Well, the supplier’s facilities have suffered a fire and the arrival of wheat is paralyzed. As a result, the company’s factories are paralyzed until an agreement is reached with a new supplier.
This example from the physical world can be transferred to the digital realm since the supply chain also extends to this area. To continue with the previous example, it is easy to imagine that the company has software suppliers (for invoicing, project management, etc.), suppliers that provide the digitized machines used to manufacture its products, and suppliers that provide basic services such as legal assistance or marketing and advertising.
Thus, not only is it essential for companies to protect their systems, software, and hardware, but it is also essential that the various suppliers that form part of their supply chain are also secured against cyber-attacks.
According to Gartner, by 2025, 45% of organizations will have suffered attacks in their software supply chains. It is therefore vital that companies pay attention to the risks in their supply chain, requiring their suppliers to implement best practices and have the cybersecurity services necessary to ensure their protection and that of the companies that contract their services or products.
5.3. Passwords and user authentication
Humans are fascinating beings, but we are far from perfect. As we have pointed out throughout this article, beyond purely technological issues, the human factor is still key in cybersecurity.
A relevance that is sought to be reduced, eliminating the human factor in the authentication process of users wishing to enter a given system.
Thus, one of the most important current trends revolves around the elimination of the human factor when creating user passwords or, directly, opting for new technologies to manage authentication and thus eliminate the risks associated with the creation of passwords.
Thus, multifactor authentication is making inroads in many companies and software vendors as a way to reduce cybersecurity risks and the attack surface.
6. Arming yourself to win the digital war: The must-have cybersecurity services
If in the previous sections we gave a brief overview of the main threats to which organizations should pay attention and the central security trends, now it is time to go further: Given the current context, what are the must-have cybersecurity services? What services should a company hire to protect itself against malicious actors and prevent both security incidents and the crises resulting from them?
Although the catalog of services is very broad, we can point to three major blocks of essential cybersecurity services for organizations in the digital era: security audits, penetration testing, and offensive and defensive services.
6.1. Security audit services
In ancient times, people waging war ensured, above all, that their walls and fortresses were well prepared to withstand the enemy’s onslaught. However much the world has changed, defensive strategies continue to follow similar principles and ideas to those of antiquity.
Thus, if an organization wants to protect itself against cyber threats and minimize security risks, it must submit its assets to security audits carried out by analysts and experts with extensive experience behind them.
So, when talking about today’s must-have cybersecurity services, it is essential to start with security audits. These audits identify the weaknesses found in the company’s various assets that can be exploited by attackers.
This allows analysts to detect the real threats that can jeopardize a company’s technological infrastructure and have a direct impact on the business.
To carry out security audits, a series of specific tests are performed, taking into account the latest developments in both attack techniques and securitization strategies. Among the different existing security audit services, we must highlight those focused on:
- Web applications
- Mobile applications
- Internet of Things (IoT)
- Cloud infrastructures
- Source code
- Advanced banking environments
- Denial of Service (DoS) Testing
- Reverse engineering
- Operating system and technology bastioning
6.2. Advanced penetration testing services
Security audits are the basis on which to build a comprehensive security strategy, but a company cannot only audit its technological infrastructure, it must also test it.
This is precisely what another of today’s essential cybersecurity services does: advanced penetration testing. Through these techniques, vulnerabilities can be identified, exploited, and mitigated.
Teams of pentesters are in charge of simulating cyberattacks and, through these simulations, detecting existing weaknesses in an organization’s systems. Once these are detected, professionals can exploit the vulnerabilities to build an accurate picture of the risks faced by the business and, based on all the knowledge generated, propose solutions to remedy the problems encountered.
Among these essential cybersecurity services we can highlight:
- Internal and external pentesting
- WiFi Pentest
- Social engineering
All of them bring great added value to the companies that hire them because they not only serve to map exhaustively the security breaches through which the attackers can sneak in. They are also used to correct them and to continuously secure the organization’s technological infrastructure, taking into account the most innovative techniques designed and implemented by malicious agents, which can breach an asset that yesterday was adequately protected.
In addition, the professionals who perform advanced penetration tests advise companies on how to prioritize threats to manage resources more efficiently and protect the most vulnerable areas first or reduce those risks whose impact on the business may be greater.
6.3. Offensive and defensive cybersecurity services
Audit, test… and take action. This is another of today’s essential cybersecurity services: offensive and defensive security.
These services are based on a proactive approach. Whether investigating new undetected compromise scenarios, employing unknown and targeted attacks, or simulating real attacks to test organizations’ systems and their ability to respond to aggressions.
Betting on this kind of service implies a change of paradigm and facing the securitization of the organizations’ systems not only as a set of defensive strategies but also as a proactive one. In other words, companies must not wait to be attacked, but must actively check that their systems are effectively fortified against known attacks, but also unknown ones.
In addition, organizations must have fully operational teams ready not only to detect and assess threats but also to successfully mitigate and resolve any security incidents.
With attackers constantly innovating in both the design of attacks and the methodologies they employ, offensive and defensive services are crucial to ensure that companies’ systems remain consistently protected.
Among the main offensive and defensive cybersecurity services, we can put focus on:
- Threat Hunting
- Red Team
- Blue Team
- Compromise Assessment
In short, the digital war is already being waged, those companies that want to consolidate themselves in the current market have to take into account that the security of their technological infrastructure is a capital issue and that the best way to protect it is to count on the essential cybersecurity services provided by companies with proven experience.