Telework and digitization were the two big changes driven and accelerated by the pandemic. Those immature and skeptical organizations were forced to digitally transform, forcing the implementation of resources, culture and technological processes in record time. In other words, digital transformation was established globally as a way to survive, becoming the main tool to continue and strengthen the business operations of companies.
The most innovative organizations embraced the paradigm shift, achieving a sustainable maturity model to keep their business operations at the forefront. However, there was a less visible threat that was on the rise in the digital space: the risk of cyber attacks taking advantage of the increased dependence on digital tools and the uncertainty caused by the crisis.
“The challenge for organizations is to understand the criticality of the problem and to have adequate technologies to prevent such threats, along with the awareness of their employees, who remain the weakest link and the main responsible for the entry of cyberattacks”.
According to Entel Ocean’s second Cybersecurity Report, a large part of the exploitation of vulnerabilities has been caused by a lack of timely mitigation. In fact, in Chile the scenario is quite unfavorable, since less than 16% of cyber-attacks are corrected within seven days of notification by the brands.
Also, the report shows that less than 41% of companies have mature policies for patching their systems and digital platforms. “This means that more than half of the organizations are not applying the necessary updates to their network and website infrastructures, which leaves a significant open field without protection, favoring cyber actors to exploit these vulnerabilities with the consequences already warned about”, explains Delaere.
The main threats in 2021
In 2021, the theft of credentials or access data to digital accounts was the leading cause of cybersecurity incidents. According to statistics gathered from different national companies, 84% of people admit to reusing passwords across multiple websites, which triggers risk indicators for companies.
In order to prevent and avoid this type of threat to a large extent, “in our report we recommend protecting identities with multiple authentication factors, as well as establishing the habit of not storing credentials in Internet browsers, but rather using managers for this type of data, such as Keepass”, says Delaere.
One of the most notorious cases of information theft and leakage was baptized as PWCOMB21 (PassWord Compilation Of Many Breaches Of 2021), becoming the largest compilation of credential leaks of all time, with more than 3.28 billion records obtained from different companies and organizations that occurred over the years, concentrated in only one file organized by email, username and password.
“The leak not only exposes current or past credentials, but also provides information on key password elements and patterns along with some reuse habits; it’s an unprecedented bank of information. In many cases, there are up to 30 passwords linked to a single email, leaving exposed those users with password reuse habits",, explains the manager of Entel’s Cybersecurity Unit.
This type of crime occurs when malicious actors use fake emails or access to accounts of this type that are valid (through leaks or another method) with the aim of tricking them into making payments or transferring funds to the wrong bank accounts. This is achieved by monitoring conversations within the network and then intervening in a timely manner at the time of payment to provide the criminal organization’s bank details before the real organization does so.
In the view of Entel Ocean’s cyber intelligence specialists, one solution is layered security and multi-factor authentication, as cyber criminals often target those organizations that are easiest to hack. “Because cybercrime is always evolving, there is no perfect solution. However, organizations that adopt a defense-in-depth framework and have a contingency plan in place to deal with an attack are far less likely to face a costly and debilitating attack, especially as cloud-built, as-a-service models make it easier for criminals to get into the game. This concept is known as defense in depth”, clarifies Cyril Deleare.
Another major threat detected by Entel Ocean in 2021 is phishing. According to the report, last year this technique set new records both in companies and in the personal sphere, where cybercriminals took advantage of people’s vulnerability as a result of the pandemic to generate malicious emails in which they impersonated health institutions or companies that provide economic aid to a certain group of citizens.
According to research by Entel Ocean, at least 75% of an organization’s employees have received a phishing email, of which 14% have fallen for the scam. “During 2021 we saw a substantial increase in infostealer malware and campaigns that use phishing as the main entry vector”, explains Delaere.
Increased awareness and regulation
At the national level, from 2017 to date, thanks to the National Cybersecurity Policy (PNCS, by its Spanish acronym), organizations have become more aware regarding this issue. In fact, some sectors have been forced to do so from critical experiences, such as the attacks on banking in 2018 and 2020, and the same international regulations that audit them.
The PNCS is based on a vision that aims at the year 2022, to have a free, open, secure and resilient cyberspace. Progress at the national level can be seen in the latest study by the International Telecommunication Union (ITU), where Chile is ranked 74th in the international cybersecurity ranking and 7th in the Americas.
Specifically, new roles have been created in public bodies that are responsible for regulating, auditing, supervising and sanctioning when appropriate, work that has been coordinated by the Networks and Information Security Division of the Ministry of the Interior. This division has within its areas and functions the Government CSIRT (Computer Security Incident Response Team), which on the one hand is responsible for the security of the State and on the other hand is in charge of these roles in the private sector.
The strategy for 2022 is to be aware of “Security by Default”, which means that it is urgent to avoid bad practices that privilege finalizing projects without a cybersecurity perspective. Likewise, understanding how the main threats act, it is also necessary to focus on identity protection with internationally defined strategies, such as CyberSecurity Mesh: Zero Trust + SASE.
To learn more about the main threats and what is coming in terms of cybersecurity, the report is available here.
31 May, 2022
Telework and digitization were the two big changes driven and accelerated by the pandemic. Those immature and skeptical organizations were forced to digitally transform, forcing the implementation of resources, culture and technological processes in record time. In other words, digital transformation was established globally as a way to survive, becoming the main tool to continue and strengthen the business operations of companies.
The most innovative organizations embraced the paradigm shift, achieving a sustainable maturity model to keep their business operations at the forefront. However, there was a less visible threat that was on the rise in the digital space: the risk of cyber attacks taking advantage of the increased dependence on digital tools and the uncertainty caused by the crisis.
“The challenge for organizations is to understand the criticality of the problem and to have adequate technologies to prevent such threats, along with the awareness of their employees, who remain the weakest link and the main responsible for the entry of cyberattacks”.
According to Entel Ocean’s second Cybersecurity Report, a large part of the exploitation of vulnerabilities has been caused by a lack of timely mitigation. In fact, in Chile the scenario is quite unfavorable, since less than 16% of cyber-attacks are corrected within seven days of notification by the brands.
Also, the report shows that less than 41% of companies have mature policies for patching their systems and digital platforms. “This means that more than half of the organizations are not applying the necessary updates to their network and website infrastructures, which leaves a significant open field without protection, favoring cyber actors to exploit these vulnerabilities with the consequences already warned about”, explains Delaere.
The main threats in 2021
In 2021, the theft of credentials or access data to digital accounts was the leading cause of cybersecurity incidents. According to statistics gathered from different national companies, 84% of people admit to reusing passwords across multiple websites, which triggers risk indicators for companies.
In order to prevent and avoid this type of threat to a large extent, “in our report we recommend protecting identities with multiple authentication factors, as well as establishing the habit of not storing credentials in Internet browsers, but rather using managers for this type of data, such as Keepass”, says Delaere.
One of the most notorious cases of information theft and leakage was baptized as PWCOMB21 (PassWord Compilation Of Many Breaches Of 2021), becoming the largest compilation of credential leaks of all time, with more than 3.28 billion records obtained from different companies and organizations that occurred over the years, concentrated in only one file organized by email, username and password.
“The leak not only exposes current or past credentials, but also provides information on key password elements and patterns along with some reuse habits; it’s an unprecedented bank of information. In many cases, there are up to 30 passwords linked to a single email, leaving exposed those users with password reuse habits",, explains the manager of Entel’s Cybersecurity Unit.
This type of crime occurs when malicious actors use fake emails or access to accounts of this type that are valid (through leaks or another method) with the aim of tricking them into making payments or transferring funds to the wrong bank accounts. This is achieved by monitoring conversations within the network and then intervening in a timely manner at the time of payment to provide the criminal organization’s bank details before the real organization does so.
In the view of Entel Ocean’s cyber intelligence specialists, one solution is layered security and multi-factor authentication, as cyber criminals often target those organizations that are easiest to hack. “Because cybercrime is always evolving, there is no perfect solution. However, organizations that adopt a defense-in-depth framework and have a contingency plan in place to deal with an attack are far less likely to face a costly and debilitating attack, especially as cloud-built, as-a-service models make it easier for criminals to get into the game. This concept is known as defense in depth”, clarifies Cyril Deleare.
Another major threat detected by Entel Ocean in 2021 is phishing. According to the report, last year this technique set new records both in companies and in the personal sphere, where cybercriminals took advantage of people’s vulnerability as a result of the pandemic to generate malicious emails in which they impersonated health institutions or companies that provide economic aid to a certain group of citizens.
According to research by Entel Ocean, at least 75% of an organization’s employees have received a phishing email, of which 14% have fallen for the scam. “During 2021 we saw a substantial increase in infostealer malware and campaigns that use phishing as the main entry vector”, explains Delaere.
Increased awareness and regulation
At the national level, from 2017 to date, thanks to the National Cybersecurity Policy (PNCS, by its Spanish acronym), organizations have become more aware regarding this issue. In fact, some sectors have been forced to do so from critical experiences, such as the attacks on banking in 2018 and 2020, and the same international regulations that audit them.
The PNCS is based on a vision that aims at the year 2022, to have a free, open, secure and resilient cyberspace. Progress at the national level can be seen in the latest study by the International Telecommunication Union (ITU), where Chile is ranked 74th in the international cybersecurity ranking and 7th in the Americas.
Specifically, new roles have been created in public bodies that are responsible for regulating, auditing, supervising and sanctioning when appropriate, work that has been coordinated by the Networks and Information Security Division of the Ministry of the Interior. This division has within its areas and functions the Government CSIRT (Computer Security Incident Response Team), which on the one hand is responsible for the security of the State and on the other hand is in charge of these roles in the private sector.
The strategy for 2022 is to be aware of “Security by Default”, which means that it is urgent to avoid bad practices that privilege finalizing projects without a cybersecurity perspective. Likewise, understanding how the main threats act, it is also necessary to focus on identity protection with internationally defined strategies, such as CyberSecurity Mesh: Zero Trust + SASE.
To learn more about the main threats and what is coming in terms of cybersecurity, the report is available here.
Telework and digitization were the two big changes driven and accelerated by the pandemic. Those immature and skeptical organizations were forced to digitally transform, forcing the implementation of resources, culture and technological processes in record time. In other words, digital transformation was established globally as a way to survive, becoming the main tool to continue and strengthen the business operations of companies.
The most innovative organizations embraced the paradigm shift, achieving a sustainable maturity model to keep their business operations at the forefront. However, there was a less visible threat that was on the rise in the digital space: the risk of cyber attacks taking advantage of the increased dependence on digital tools and the uncertainty caused by the crisis.
“The challenge for organizations is to understand the criticality of the problem and to have adequate technologies to prevent such threats, along with the awareness of their employees, who remain the weakest link and the main responsible for the entry of cyberattacks”.
According to Entel Ocean’s second Cybersecurity Report, a large part of the exploitation of vulnerabilities has been caused by a lack of timely mitigation. In fact, in Chile the scenario is quite unfavorable, since less than 16% of cyber-attacks are corrected within seven days of notification by the brands.
Also, the report shows that less than 41% of companies have mature policies for patching their systems and digital platforms. “This means that more than half of the organizations are not applying the necessary updates to their network and website infrastructures, which leaves a significant open field without protection, favoring cyber actors to exploit these vulnerabilities with the consequences already warned about”, explains Delaere.
The main threats in 2021
In 2021, the theft of credentials or access data to digital accounts was the leading cause of cybersecurity incidents. According to statistics gathered from different national companies, 84% of people admit to reusing passwords across multiple websites, which triggers risk indicators for companies.
In order to prevent and avoid this type of threat to a large extent, “in our report we recommend protecting identities with multiple authentication factors, as well as establishing the habit of not storing credentials in Internet browsers, but rather using managers for this type of data, such as Keepass”, says Delaere.
One of the most notorious cases of information theft and leakage was baptized as PWCOMB21 (PassWord Compilation Of Many Breaches Of 2021), becoming the largest compilation of credential leaks of all time, with more than 3.28 billion records obtained from different companies and organizations that occurred over the years, concentrated in only one file organized by email, username and password.
“The leak not only exposes current or past credentials, but also provides information on key password elements and patterns along with some reuse habits; it’s an unprecedented bank of information. In many cases, there are up to 30 passwords linked to a single email, leaving exposed those users with password reuse habits",, explains the manager of Entel’s Cybersecurity Unit.
This type of crime occurs when malicious actors use fake emails or access to accounts of this type that are valid (through leaks or another method) with the aim of tricking them into making payments or transferring funds to the wrong bank accounts. This is achieved by monitoring conversations within the network and then intervening in a timely manner at the time of payment to provide the criminal organization’s bank details before the real organization does so.
In the view of Entel Ocean’s cyber intelligence specialists, one solution is layered security and multi-factor authentication, as cyber criminals often target those organizations that are easiest to hack. “Because cybercrime is always evolving, there is no perfect solution. However, organizations that adopt a defense-in-depth framework and have a contingency plan in place to deal with an attack are far less likely to face a costly and debilitating attack, especially as cloud-built, as-a-service models make it easier for criminals to get into the game. This concept is known as defense in depth”, clarifies Cyril Deleare.
Another major threat detected by Entel Ocean in 2021 is phishing. According to the report, last year this technique set new records both in companies and in the personal sphere, where cybercriminals took advantage of people’s vulnerability as a result of the pandemic to generate malicious emails in which they impersonated health institutions or companies that provide economic aid to a certain group of citizens.
According to research by Entel Ocean, at least 75% of an organization’s employees have received a phishing email, of which 14% have fallen for the scam. “During 2021 we saw a substantial increase in infostealer malware and campaigns that use phishing as the main entry vector”, explains Delaere.
Increased awareness and regulation
At the national level, from 2017 to date, thanks to the National Cybersecurity Policy (PNCS, by its Spanish acronym), organizations have become more aware regarding this issue. In fact, some sectors have been forced to do so from critical experiences, such as the attacks on banking in 2018 and 2020, and the same international regulations that audit them.
The PNCS is based on a vision that aims at the year 2022, to have a free, open, secure and resilient cyberspace. Progress at the national level can be seen in the latest study by the International Telecommunication Union (ITU), where Chile is ranked 74th in the international cybersecurity ranking and 7th in the Americas.
Specifically, new roles have been created in public bodies that are responsible for regulating, auditing, supervising and sanctioning when appropriate, work that has been coordinated by the Networks and Information Security Division of the Ministry of the Interior. This division has within its areas and functions the Government CSIRT (Computer Security Incident Response Team), which on the one hand is responsible for the security of the State and on the other hand is in charge of these roles in the private sector.
The strategy for 2022 is to be aware of “Security by Default”, which means that it is urgent to avoid bad practices that privilege finalizing projects without a cybersecurity perspective. Likewise, understanding how the main threats act, it is also necessary to focus on identity protection with internationally defined strategies, such as CyberSecurity Mesh: Zero Trust + SASE.
To learn more about the main threats and what is coming in terms of cybersecurity, the report is available here.