The strong push towards digitization caused by the pandemic over the past two years has generated a simultaneous increase in computer crimes. Hackers, coordinated in real criminal organizations, target not only individuals, but also companies, public and private infrastructures.
The data indicate that this trend will continue into 2022. Let's see what the potential risks are for IT security and what can be the countermeasures to protect yourself and your e-commerce.
Data breach
In the year that is about to end, the companies affected by the so-called have increased exponentially ransomware. That is computer viruses that are able to block access to the infected device or encrypt its contents.
The result is that the cybercriminals responsible for this cyber security breach they hold stolen data "hostage". The methods of extortion by hackers are usually divided into four phases: the first involves a "simple" ransom request. The operator of the site in question, in order to gain free access to his portal or device again, is forced to pay the hackers responsible for the attack.
The next step is the threat of disclosure of the compromised data, which, depending on the affected company, can also be very sensitive. If that's not enough, the threat can spread to the company's customers and, ultimately, even to the site's technology providers.
Data theft
Another aspect of the same problem is represented by the data theft, which can be found on social networks, forums, blogs, messaging apps and e-commerce sites.
The business of stolen data is growing strongly, with the numbers indicating a + 18% compared to last year. The most commonly stolen data are login credentials, i.e. username and password, and bank details. Unlike the previous point, in this case not only the website is at risk but also the private users who access it.
The information collected could be used to carry out scams against the victim, could be sold (for example on the dark web) or, in the case of bank details, used to carry out real thefts.
Most crimes, however, involve personal online gaming accounts, online dating sites, social networks, websites and streaming platforms. In these cases, thieves use the victim's account without his knowledge, often making purchases with the credit card that the unsuspecting victim has linked to their accounts.
Countermeasures for greater IT security
If so far we have talked in general terms of the risks that a cyber security breach implies, it is now appropriate to make a distinction between companies and individuals. As we have seen, in fact, the risks involve both parties.
So let's see what are the most effective countermeasures for all interested parties.
Private
To avoid risks to the IT security, a user must pay attention, first of all, to the sites he visits: in fact, there are more and more dangerous sites.
As of November of this year, over 5,000 websites are putting the data of those who visit them at risk, with an increase of 178% compared to previous months. To avoid these dangers, always check that you are browsing safely, visiting only sites that have the protocol in the domain HTTPS (where the S stands for SECURE) and not the unsecured HTTP protocol.
Fortunately, Google automatically blocks some sites that it considers dangerous. If, however, you want to be sure of the IT security of a site, a quick and easy method is to examine its URL. Before clicking on the URL, simply copy the link and analyze it using an analysis tool. There are several and they are mostly free. They will be the ones to verify the danger of the site for us.
The second tip is not to take the bait phishing, which is the most popular and most effective scam among hackers. The system is very simple, it involves sending text messages (usually SMS) pretending to be an institutional body, such as the Italian Post Office, or a well-known company, such as Amazon, with which cyber criminals persuade victims to give up personal information. , financial data and / or credentials.
In case you receive such a message, DO NOT click on the attached link. You risk compromising not only your personal data, but also the integrity of the device you are using.
Companies
The above advice is also valid, of course, for the managers of e-commerce sites. Avoiding dangerous sites and not engaging in phishing messages also reduces the risk of your device being affected by computer viruses (such as ransomware).
For the same reason it is good that the site is monitored and updated regularly. It is, in fact, imperative that the site be kept up to date with antivirus protections and the latest updates, as cybercriminals seek to take advantage of the widespread use of cloud environments, which are increasingly used.
The aim is to reduce the risks of violation of the IT security to a minimum, as far as possible.
A threat that is expected to become more serious in 2022 concerns the so-called “zero day” vulnerabilities, or software flaws that even developers are not aware of. Recently, for example, there has been a lot of talk about security breaches Log4Shell, a framework used by the vast majority of software developers.
Not having a site updated with the latest patches also means exposing yourself to this type of risk. Also due to these kinds of problems, it is estimated that the total expenditure on cloud security services for 2021 will increase by 54%, compared to last year.
General advice
We conclude with some general indications for greater security against cyber attacks, valid for everyone:
- use complex passwords, more difficult to "steal";
- use prepaid cards, avoiding the use of credit cards linked to the personal account;
- do not connect work and personal accounts, keeping the login credentials separate (for more details see this article).