The Fire Sale is a total cyber warfare attack that conducts a systematic three-stage attack on an entire nation's IT infrastructure. The hackers called it Fire Sale because “Everything must go,” making an analogy with the auction of the products in a store that survive a fire.
The greatest vulnerability to a terrorist attack for Peru today is a Firesale-type cyberterrorist attack that would sow chaos and generate incalculable costs in lives and money. There would be a Peru before and after such a devastating attack.
A Firesale is a cyber attack that can bring a country to its knees consisting of three stages of attack on a country's IT infrastructure:
- First: Make all transportation systems inoperable, such as traffic lights, railways, subways and airport systems,
- Second: Disable financial systems (stock exchanges, banks and financial houses),
- Third: Make public service systems, such as electricity, gas, satellite and telecommunications, inoperative.
This type of threat is not a fantasy, it is real and Peru (and, by the way, most developing countries) is extremely vulnerable to this type of attack and constitutes, in my view, the greatest threat. that Peru faces in the 21st century.
In the case of an attack on public organizations and private companies, where the greatest vulnerability exists is undoubtedly found in the government sector.
In my experience, having worked as a public official and as a provider of IT solutions for the State, I can attest to the shortcomings in cybersecurity in the majority of public institutions at the three levels of the executive branch and in the three branches of the State.
Undoubtedly, the level of preparation varies from organism to organism. In the Peruvian public sector, some key institutions are highly developed at the IT level, however, this is not the rule, it is the exception, which makes most of the national public infrastructure extremely vulnerable to this type of attacks.
Let's not be naive. This type of attack is carefully planned and orchestrated well in advance.
The exponential advance of computing and the strategic dependence of countries on it means that institutions are unable to keep pace by shielding their technological infrastructure from the increasingly high level of sophistication of hackers.
Let us be consistent with the times that the planet is experiencing in the 21st century: All corners of the world are at war on this front, with millions of attacks on computers and mobile devices every minute.
«Governments, more digitally advanced, have now recognized the enormous seriousness of the situation and are launching multiple initiatives to address the great threat posed by cyber attacks. But the public sector cannot shoulder the full burden of responsibility and needs to work very closely with the private sector to raise awareness and shield the state's IT systems. For reference, globally, more than $500 billion is lost due to cybercrime.Cisco
Ongoing police training to handle the increasingly wide variety of cybercrimes then becomes a strategic priority, as does education on how to share appropriate information on social media without exposing our personal safety or security. of ours. Mixed work teams that combat cybercrime (public + private) must collaborate with other international organizations in order to join forces and share knowledge.
There is an entire cybercrime market to which public security agencies do not have access where criminals can buy and sell access to servers, computers, cell phones and compromised digital accounts and malware to attack people and public and private institutions.
Statistics indicate that EVERY device in the country will have been attacked by some type of malware in the last three months.
Nowadays, with the very wide adoption of smartphones, which are ultimately increasingly powerful computers, the number and variety of malware with which these devices are compromised has increased exponentially.
Mobile risks include ransomware, infected apps on official marketplaces, spying, mobile web browser hacking, intellectual property theft, remote device hijacking, data theft, and mobile banking Trojans. Such is the threat to Smartphones that we now see in banking Trojans, that 25% percent of attacks are directed at desktop computers and 75% at mobile devices.
The motivation for all this variety of attacks is not just money. They are looking for innovations, projects, business plans, patents, budgets, data and access channels to shareholders and partners. They want digital certificates and credentials, scientific research results and physical access codes. The intent is to disrupt your business, damage your reputation, and find ways to control your company.
How can this scourge be combated?
It is essential that public institutions implement a proactive culture of digital security, since acting under merely reactive initiatives could put their digital infrastructure at risk. In the information age, this is the greatest asset of any institution. Let's start because the State prohibits the use of pirated software and implements mandatory security regulations in all public institutions.
It is essential that the government implement a Cyber Response Committee, made up of representatives of the public, private and civil society sectors, that has regulatory and budgetary protection and that maintains the continuity and constant training of the team and ad-hoc software and hardware acquisition.
Furthermore, it is strategic to have international agreements for cooperation and exchange of knowledge and information, particularly with the most developed countries and organizations in the field of cybersecurity.