For several years, finance companies have been the target of cybercriminals and although this is still the case to a certain extent, In 2021 there were two sectors that were most attacked: manufacturing and retail.
“It’s like the story of the bear: so that the bear that is chasing you doesn’t eat you, you have to run faster than the rest of the people”, said the Cyber Security Services & Solution Manager of IBM, Diego Macor. “The finance area has been preparing for years with cybersecurity programs and thus managed to reduce attacks“, he explained.
According to the IBM report X-Force Threat Intelligence Index 2022, in Latin America 22% of the companies attacked were manufacturing, 20% retail and 15% finance.
However, protecting oneself is not the solution to the problem. This year’s study shows that As businesses continue to adapt to an ever-changing global marketplace, attackers remain adept at exploiting those changes.
The pandemic encouraged the approach of the manufacturing and retail area to the digital market. They did it so suddenly that companies in these sectors began to operate without being as protected as those in finance. Then, the criminals saw the opportunity to deceive them and generate attacks: “Take the credentials and do business with it,” according to Macor.
A weakness that hackers found in manufacturing and retail companies are OT networks, This is the name given to the Operations Technology dedicated to changing the physical processes through the monitoring and administration of devices; this happens, for example, when cameras are turned on or switches are activated by Wi-Fi or remote means. In this type of device there was an increase in attacks: more than 2,000%.
“Generally they went after the banks, that’s where the money is. Now they have realized that the return is greater when they attack a company that is not prepared,” Macor said.
The companies attacked
In Latin America, data access blocking, credential theft and email attacks were the most common in the region and in Uruguay. According to Macor, this type of cyberattack is oriented to any type of company because it goes against people: “Criminals try to steal employee credentials when they go for coffee, when they go to the gym, etc. because those places give free internet with little security,” he explained. With those credentials they begin to look for a way to enter the company and generate attacks.
“The attacks are very planned and they hit everywhere,” Macor said.
Along these lines, the expert assured that all companies —small, medium and large— suffer and will suffer attacks, the only thing criminals need is for them to make just one mistake. Therefore, they must be prepared to defend themselves against the best criminal in the world.
