Research Identifies Cyberattack As A Growing Threat In The Companies Of The Planet
The Global Cybersecurity Outlook 2023 , presented at the World Economic Forum and published at the beginning of the year, showed that concern about cybersecurity has increased worldwide. According to the report, 93% of experts and 86% of business leaders fear a cyber attack within the next two years. In this same scenario, 70% and 76% of those, respectively, trust the effectiveness of data privacy policies and internal control procedures.
This concern stems from the fact that, even with growing systems technology, there are still gaps from which attacks can happen. “For the attacker, it is enough for him to find a gap, while for the defender, he has to defend all gaps”, says Professor Marcos Simplicio, from the Laboratory of Architecture and Computer Networks (Larc) of the Department of Computer Engineering and Digital Systems of the Polytechnic School of USP.
The professor explains that it is easier to destroy than to build something that will survive these attacks. There is, therefore, an asymmetry between defense and attack. In his analysis, this has to do with how many people work in the area: there is a difficulty in finding people specialized in attack and cybersecurity. Even in the slightly more popular area of computing, there is a gap, particularly in Brazil.
The problem, however, is worldwide. There are not many professionals trained in the area, much less specialized in security. An attempt to reduce this gap in the country is the creation of specific training courses in cybersecurity , offered both in the private and public spheres. “There have been some courses in this sense of specialization, perhaps the tendency is to increase in the coming years”, says Simplicio. Some countries have a tradition in training and end up exporting knowledge and professionals. An example is Israel, obliged to have a strong cybersecurity due to the amount of attacks it receives.
“The world saw this need more, perhaps with the increase in organized crime, the kidnapping of data and the demand for payment for you to have access to your system and with the war in Ukraine”, he says. The kidnapping of data and the demand for payment, as well as the war in Ukraine, sparked a worldwide alert: not only is it possible to destroy a country with the use of war weapons, but also through attacks on fragile systems, at a low cost. .
“For the attacker to find an opening, that would potentially be enough,” he explains. The cost is often training. Apart from that, it is enough to have a good attack team and a certain number of computers. Simplicio still gives two examples of attack. The first is the denial-of-service attack, which is difficult to defend because it is inexpensive and crashes systems, such as websites. The other is called a volumetric attack, when the attacker sends too many requests and intentionally overloads the system. There is no way to defend yourself, since it is an attack by those with more resources. The important thing, therefore, is to invest in personnel training.
What do we need to invest in cybersecurity?
What has been discussed in the world is the concern with critical infrastructure. For example, it is possible to take down a country’s power system through a cyberattack. Other systems, such as gas pipelines, oil pipelines, urban transport – especially the Metro – are also susceptible to attacks.
“The more technology you put in the system, the more you are open to a potential attack”, explains the professor. It is much more difficult to attack a manual system than a fully automated and electronic one. Today, private companies are already completely automated. “When you give that kind of capability to a company, you are also giving the attacker the ability to find a problem”, warns Simplicio. Automation, unfortunately, comes with a war mentality.
The economic crisis and the difficulty of investing on a large scale prevent companies from acting more precisely against cyber attacks. In the midst of a crisis, one of the first areas to suffer cuts is security. One of the discussions in the report is even the presence of large companies in other countries: a company has to think about how to defend its branches from the country where they are located. It is not every place that has a skilled workforce and regulations focused on cybersecurity.