What are the main cybersecurity threats, risks and challenges that companies face?

• attacks social engineering, attacks on people, al human factor, or attacks of any other type, which begin with a knock action social engineering, which, in most cases, arrive through phishing in any of its variants (smshing, wishes, qrshing, spear phishing, etc.) or other channels, media, or tactics employed by cybercriminals. These types of attacks usually target employees within companies and, almost always, very specific employees (managers, accountants, purchasing staff, VIPs -Very Important People- I VAPs -Very Attacked People-), who are tricked into revealing private and confidential information, or into downloading and running malware without being aware.

• The attacks of phishing in themselves, whether they are identity fraud (type BEC - Business Email Compromise) or not, in any of its modes of delivery and “flavors” (by email, by SMS, in a call from telephone, by WhatsApp, when reading a QR, etc.).

• The previous two (social engineering and phishing of all kinds), among other types of attacks, in turn produce data exfiltration, O data and information breaches. This is a very serious problem since customer data, personal information, or legal, industrial or financial information of the attacked company is exposed.

• The cyberkidnappings the attacks of ransomware, whose number of cases increases considerably as time goes by, becoming more and more sophisticated, being more harmful and targeting companies of all types of sectors and sizes (businesses, self-employed, micro-SMEs, SMEs, large companies, multinationals). These attacks encrypt information and documents, blocking access to data and systems, demanding a ransom to restore access, and decrypting them.

• He malware in general (virus, trojans, worms, botnets, spyware, etc.), which reaches the company (its perimeter, internal and external devices, corporate network, new, infrastructure, etc.) through different channels (email, phishing, downloads, USBs, etc.) and carries out the malicious activity, illegal or harmful for which it is programmed. In many cases, there are variants or samples of malware still unknown (recently created) that can be used to attack and infect. These types of attacks are often known as attacks Zero Day, 0-Day, that of Day zero.

• The vulnerability exploitation It involves attacking the weakest points detected in any of the applications or software for corporate use, as well as its network, hardware architecture, infrastructure, cloud, the organization's computer systems, and even devices (IT, OT, IT/OT It is IoT). In many cases, there are vulnerabilities still unknown that can be exploited by those who have detected them before anyone else. This type of attack is also known as Zero Day, 0-Day, that of Day zero.

• The denial of service attacks (DoS / DDoS), carried out achieving alignment, in a way simultaneous, massive requests from a multitude (thousands, hundreds of thousands, millions) of points or devices, to a single common element (web server, database, access system, data entry form, API, etc.), which saturates, collapses and leaves Out of service to that system, without the need to infect it or perform any other type of action. They can be of type DoS (Denial of Service attack) the type DDoS (Distributed Denial of Service Attack) and are generally launched from a BotNet (a network of computers, known as zombies, that have previously been “captured” to take control over them and be able to request them to perform certain actions, such as connecting all at the same time and on a recurring basis to a web service to cause a Of the, and DDoS, and cryptocurrency mining, etc.).

• Attacks to (or from) the Internet of Things (Internet of Things - IoT) It is corporate infrastructures They are also common, especially in companies in industrial environments. In this case, they take advantage security holes and settings incorrect data of devices such as cameras, printers, PLCs, smart appliances, etc.

• The code injection, O SQL injection, which consists of attacking a service web (usually through a form with fields for data entry), introducing SQL code in vulnerable fields where possible, to achieve access databases and extract their information.

• The APTs O Advanced Persistent Threats, considered some of the most evolved attacks, which adopt more sophisticated, complex and targeted technologies, mechanisms and strategies. In this case, it consists of cases of hacking that are carried out continuously on an organization to gain entry and stay in it for a long time, carrying out its harmful activity.

• Those who attack their cloud infrastructures, internal or external from a third party and the applications existing therein. In this case, for example, we could talk about shadow IT or infrastructure risks that are not controlled by the organization's IT department (such as cloud infrastructures contracted from cloud providers).

• Related to the previous point, especially due to the increasing dependence on third-party services, one of the most common risks, which is less taken into account but which is gaining special relevance and attention, is that of supply chain. That is to say, those risks that, not being own or inherent to the company as such, can affect it since they are risks of a third party in which its services are hosted or with which it collaborates for something specific, including partners. , partners, etc.

• Insiders or internal threats who, as internal users of the organization's systems (whether they are employees, suppliers, collaborators or partners), intentionally or unintentionally, can carry out harmful and harmful actions due to their lack of knowledge and training, laziness, carelessness, incorrect configurations, cessation of access, credentials and permissions, use and connection of external devices to the corporate network, etc.

• Direct attacks on their information assets, such as databases (or elements containing information) of clients, suppliers, partners, users, collaborators, or the organization's own (intellectual property, patents, legal, corporate, financial, etc.), with private and confidential, which can produce, in addition to information leaks, important problems for the company in terms economic, of normative compliance, legal, and of image, reputation, brand and business continuity.

• He unsafe development of corporate software and applications, which do not have a philosophy of cybersecurity by design, incurring bugs, security breaches and vulnerabilities that can be exploited by third parties. To correct it, a model of Secure Software Development Cycles (SSDLC).

• The lack of technical adequacy for the due normative compliance (lack of compliance) is another factor to take into account. In this case, failure to comply with certain defined cybersecurity and legality standards and frameworks, with certain rules, regulations and laws, can lead to serious problems. No longer for not complying and sanctions O fines what this can entail, but also for the security holes and the lack of quality protection What will it mean to fail to comply with them?

• The lack of awareness, training and training of the employees.

• The continuous evolution of technology and digitalization that require constant and almost immediate updating. And, in the same way, the evolution (lagging behind) of the new legislation, regulations and norms that try to regulate it and "establish a certain order of conduct", with a vision that is as holistic as possible, in a multitude of countries with characteristics common or not.

• The economic, financial, investment and resource capacity within the organization. An organization may have certain knowledge and skill to carry out its own cybersecurity strategy, But it is not usual. If this is not your core business or your IT area does not have those capabilities, resources or time, what is normal and advisable is turn to external experts and the acquisition of software, applications, tools and services cybersecurity.

Íñigo Ladrón Morales, Content Editor for Zerolynx.