By Héctor Guillermo Martínez, President of GM Sectec
With the arrival of the pandemic almost 2 years ago, it became clear that companies are increasingly vulnerable to attacks by hackers and cybercriminals. In this period, in particular, these incidents have occurred in large part due to the fact that most companies have had to work with their workforce from home, which has opened up a huge gap that cybercriminals have been able to exploit. Below, we share some reflections that assess critical trends that CISOs (Chief Information Security Officer) must take into account during this 2022.
Ransomware or data hijacking is not going away anytime soon. Thanks to the particularity of working from home or home office, this attack modality has become standard and has increased considerably throughout 2021 due to the fact that workers do not have the necessary protection of their equipment to avoid any kind of vulnerability of their data. The 2021 figures seem to ensure that in 2022 this type of cyber threat will continue.
In 2021, almost 500 million cyber-attacks of this type have been recorded, which is equivalent to an increase of 148 percent compared to 2020, according to a SonicWall report presented at a conference held at the White House. The most affected segment, and one that will surely continue to be targeted by cybercriminals, will be the banking sector.
Log4j will be the most serious cybersecurity flaw in decades. The flaw is present in a popular software called Log4j, which is part of the ubiquitous Java programming language. Log4j is used by millions of websites and applications, and the software flaw potentially allows hackers to take control of systems by writing a simple line of code. This bug is more serious than other cybersecurity flaws because of its ubiquity, simplicity, and complexity. It is a piece of software, open source, that is in millions of devices, from video games to hospital equipment to industrial control systems to cloud services.
Website cloning and online fraud. Website cloning will be one of the threats that users in general will have to watch out for, because cybercriminals have become expert cloners of “official” web pages, through which they carry out frauds that put personal and banking data at risk.
Verifying the veracity of the website and providing tools for users to understand how to perform this verification will be the key in 2022 for cybersecurity companies to support their customers.
The normalization and massification of the use of cryptocurrencies. Although there are already many places where the use of cryptocurrencies is becoming widespread, we must not forget that this is the preferred method of payment for cybercriminals, and that thanks to its use it is possible to access user data.
This payment method, unlike regular money, does not have the protection of banking regulations and could make its holders easy targets for cybercriminals, who could use any type of ransomware to hijack and use their data.
The use of cybersecurity will be mandatory. Much has happened throughout these almost two years of pandemic, but if we have witnessed anything, it is that cybersecurity should not be an option but the norm.
Not only have large corporations understood that their cybersecurity systems must be updated and extended to personal devices, but Latin American governments have understood that cybersecurity must be regulated and become a mandatory standard to be applied.
During 2022, we will see how governments in much of the region will impose on public and private companies the use of new cybersecurity tools that expand their scope and protect the data of the people involved with a broader spectrum.
More contactless payment technology, fewer physical transactions. The use of digital channels in banking has had a positive impact during the confinements, which has led banks to encourage the use of different technological options during the day-to-day life of consumers. Electronic payment, in its different modalities, will continue to gain strength. This makes it even more important to establish controls and standards (such as PCI DSS) in organizations that process, store and/or transmit cardholder data, to secure such data, in order to avoid fraud involving debit and credit payment cards.
Already in 2022, and with the expectation of a return to normality, the question to answer is: has the learning from these two years of pandemic helped companies to understand that the protection of their human resources’ data goes beyond the walls of their organization?
About the Author
Hector Guillermo Martínez is President at GM Sectec. Hector G is responsible for the growth, vision, and execution of the company. GM Sectec creates innovative tailored solutions that help accelerate business breakthroughs in the areas of managed detection and response services, digital forensics, multi-tenancy, business continuity, information security, automation, and process orchestration with the goal of ultimately delivering outstanding cost efficiencies to our customers and partner community. GM Sectec is a global company with Headquarters in Puerto Rico and offices in Florida, Mexico, Panama, Colombia, Brazil, Chile, Spain, and Australia with clients in over fifty countries. GM Sectec is a global Cybersecurity150 listed company, a Top 100 MSSP Listed organization, a certified PCI Forensic Investigator, and a member of the Forum of Incident Response and Security Teams (FIRST.org). Hector G. has been with GM Sectec since 2014.
Prior to GM Sectec, Hector G. was based in Singapore leading EMC Corporation’s security practice across the Asia Pacific region. Hector G. joined EMC in 2008, focusing on physical & information security initiatives, projects, and evangelizing EMC’s leadership in the vertical as well as managing Aerospace & Defense alliances with Raytheon, Insert Corporate Image Here (May 2020) General Dynamics, BAE, Lockheed Martin among other MSI’s (Mission Systems Integrators). With over 20 years in business development, security & safety platform integration and cross jurisdictional law enforcement, Hector G. has been involved in project implementation, development, and investigations in the United States, Israel, Asia-Pacific, and Latin America.
Reporting directly to EMC’s APJ Chief Technology Officer, Hector G was tasked with developing markets for EMC in Asia Pacific / Japan across the entire EMC & RSA product and solution portfolio of market leading technologies. The CTO office owns the technology evolution for EMC Corporation, including responsibility for technical strategy in EMC’s entire product portfolio including Storage, Backup/Recovery/Archiving, Information Lifecycle Management and Security. Hector G worked closely with EMC’s Office of Technology, which is responsible for defining the company’s evolving technology vision and technology strategy, as well as working with the industry on standards.
Since 2004 Hector G. has been a licensed Private Investigator, focusing on investigation and forensics with government, academia, and the private sector. Other areas of focus have been in executive and dignitary protection, serving with a Louisiana Parish Police Department, certified as a practicing Personal Protection Specialist (P.P.S) from the Executive Protection Institute in Berryville, Virginia. Assignments have been from single focus to multi-jurisdictional task forces focusing on advance work and perimeter protection. Hector G is PCI-QSA certified and an ISO 27001 Lead Implementer & Auditor. Hector G. has an MBA from CUNY, Zicklin School of Business and is an alum of Harvard Business School.