Cybersecurity is an area of ​​technology that began to be taken seriously since the lesson left by the Y2K error. Since then it has been a path of trial and error, learning and putting into practice mechanisms that seek to mitigate the effects of the attacks received. In that sense, we are always learning new lessons in this regard and these are the ones that cybersecurity has left us in 2021.

From cases involving ransomware, to the FBI, they have left us interesting lessons to continue to have a magnifying glass over the security aspects.

Cybersecurity lessons from 2021

Ransomware generates more losses from inactivity than from ransoms

During the year 2021, ransomware attacks were the order of the day and we even presented a website that registers them and shows them on a map. Data hijacking is becoming more and more common and we might think that the great losses of companies come hand in hand with the payment of ransoms.

However, the reality is that the biggest losses after attacks of this type do not come from the payment of ransoms, but from inactivity. The time that elapses between the hijacking, the recovery and cleaning of the systems, directly affect the transactions of the companies, generating a more significant loss of money.

The Federal Trade Commission in the USA and its power over spyware

When we speak of power over software, we do not mean that the US Federal Trade Commission controls them, but that it can lead its manufacturers to comply with obligations. In 2021 this precedent was left with the case of SpyPHone, an app accused by the commission of “Stalkerware”, that is, spyware.

The Federal Trade Commission vetoed the application and also, ruled that they should erase all data obtained illegally and also, notify the victims of intervened equipment.

Investment in cybersecurity doubled that of 2020

This movement seems motivated by the lessons that cybersecurity left in the tough year 2020 and by 2021, companies decided to take the step forward. In 2020 with the confinement, the implementation of the home office and the entire context of uncertainty, cyber attacks soared.

Until the month of August of this year, an approximate of 11.5 billion dollars was calculated in investment for cybersecurity. This amount far exceeds the expenditure made in 2020 of 4.7 billion dollars, during the same period.

Microsoft and its obligation of confidentiality in a third of the legal orders on your data

It is no secret that large technology companies have all kinds of data about their users. In that sense, when governments need to do research they turn to it. However, Microsoft has warned of a growing trend in the government to send legal orders to review data, with confidentiality restrictions.

The company alleges that this prevents them from notifying their users when their information is being investigated. A third of the legal orders they receive to collaborate with access to data, have these secrecy provisions.

FBI hackers

There are many cases in series, movies and even in real life of hackers who ended up working for the government. However, until 2021 there were no operations like the one carried out by the FBI, based on exploiting vulnerabilities and then repairing them.

This was carried out as part of an operation to remove the back doors that had been created in thousands of email servers in the United States. Microsoft, for example, blamed the Chinese government for exploiting vulnerabilities en masse in its Exchange servers. These exploited breaches gave access to hackers who seeded hundreds of back doors.

This not only affected Microsoft but the rest of the companies in the United States that use their services. The companies took their measures, however, they were not effective and this led the FBI to deploy its operation. The action was about doing the same as hackers, that is, exploiting vulnerabilities, finding the back doors and then eliminating them. This type of mechanism has been dubbed “Hack & Patch” and began to be replicated in other countries.