"With every action there is always an equal and opposite reaction". Thus formulated, few would believe that Newton's third law could have practical application in a field as recent as cybersecurity.. Well, nothing could be further from the truth, as some of the most prominent rules in the fight against digital crime may become, literally, against us. This is the case of the much-talked about GDPR (General Data Protection Regulation), a European regulation which - when it enters into force -, in May 2018- oblige companies to ensure the confidentiality of all information and notify any breach in its security to the authorities, under threat of severe financial fine.
"We don't think companies are ready for the GDPR. But, what is more serious, regulation is also causing an incentive for attackers, because they will be aware that a company can lose a lot of money if it suffers an attack, both for the financial fine and for the reputational damage and loss of trust with its customers", explains Ramy Houssaini, BT's Vice President of Security in Europe, a INNOVATORS. 'In those cases,, hackers can simply access some data or just breach the corporate network, forcing to notify the threat and take advantage of the stock market changes that occur».
And it is that, as Houssaini defends, "any regulatory or political move creates an opportunity for cyberattackers". No wonder, therefore, that computer security has been an essential element in the U.S. election debate or that, more and more, let's see practically daily attacks against all kinds of companies in any corner of the planet. "We are seeing a remarkable acceleration of attacks targeting banks., retail firms or telecommunications operators», adds the expert. "That's mainly due to the substantial drop in the cost of a cyberattack.: now launch a DDoS attack (denial of service) of 650 Gb per second costs just five dollars.".
This is where the term 'cybercrime-as-a-service' comes into play.: "Cybercrime is becoming commoditized., becoming a 'cybercrime-as-a-service', and that makes it harder to defend ourselves.. We have to change our approach and be more offensive, disrupt them and provide more intelligence to security systems", concludes Houssaini.
And how can it be won in this particular war?? "You have to put your own company at the feet of a criminal and think like him.: how it would enter, what data you would be interested in and how to minimize the impact of an attack", details the manager. "It's like car accidents.: there will never be zero incidents, what needs to be done is to prevent them and reduce their consequences."
For Houssaini, there is nothing random in the world of cybercrime. "Attackers are not random at all, are very focused on certain companies. Create business cases, they analyze their objective and determine the profit they will obtain with their operation». One of his favorite examples is ransomware that affects Mac computers.: as of February this year, no such viruses had been recorded, mainly because these teams hold a market share of less than double digits. But, as there is no competition, a cybercriminal found in this lagoon his place to do business.
"Nothing happens randomly., everything is calculated, optimized and oriented to make money, at least among the organised groups engaged in these activities', supports Ramy. "Hackers analyze risks and rewards of each attack, to see if it pays them to circumvent more complex systems in exchange for greater reward or focus on less secure companies with less valuable data. Although, if we take into account that attacks can be industrialized and in the same campaign you can attack 500 organizations at the same time in a very simple way, many times it pays to go to the weakest because the big ones take time to analyze and understand their systems».
Fountain: The World