The Fire Sale is a total cyber warfare attack that performs a systematic three-stage attack on the computing infrastructure of an entire nation. The hackers called it Fire Sale because “Everything must go” making an analogy to the auction of products in a store that survive a fire.
The greatest vulnerability of a terrorist attack for Peru today is a Firesale-type cyber-terrorist attack that would sow chaos, and generate incalculable costs in lives and money. There would be a Peru before and after such a devastating attack.
A Firesale is a cyber attack that can bring a country to its knees consisting of three stages of attack on a country’s IT infrastructure:
First: Make all transportation systems inoperable, such as traffic lights, railways, subways, and airport systems,
Second: Disable financial systems (stock exchanges, banks and finance houses),
Third: Make public service systems, such as electricity, gas, satellite and telecommunications, inoperative.
This type of threat is not a fantasy, it is real and Peru, (and by the way, most developing countries) is extremely vulnerable to this type of attack and constitutes, in my view, the greatest threat that Peru faces in the XXI Century.
In the case of an attack on public organizations and private companies, where there is the greatest vulnerability, we undoubtedly find it in the government sector.
In my experience, having worked as a public official and as a provider of information technology solutions for the State, I can attest to the cybersecurity deficiencies in most public institutions at the three levels of the executive branch and in the three branches of the State.
Without a doubt, the level of preparation varies from organism to organism. In the Peruvian public sector, some key institutions are highly developed at the IT level, however, this is not the rule, it is the exception, which makes most of the national public infrastructure extremely vulnerable to this type of attack.
Let’s not be naive. This attack mode is carefully planned and orchestrated well in advance.
The exponential advance of information technology and the strategic dependence of countries on it means that institutions cannot keep up by shielding their technological infrastructure against the increasingly high level of sophistication of hackers.
Let’s be consistent with the times the planet is living in the 21st century: Every corner of the world is at war on this front, with millions of attacks on computers and mobile devices every minute.
“Digitally more advanced governments have now recognized the enormous gravity of the situation and are launching multiple initiatives to address the great threat posed by cyberattacks. But the public sector cannot bear the full burden of responsibility and needs to work very closely with the private sector to raise awareness and shield the state’s computer systems. For reference, globally, more than $ 500 billion is lost to cybercrime. “
The permanent training of the police to handle the increasingly wide variety of cybercrime thus becomes a strategic priority, as does education on how to share the appropriate information on social media without exposing our personal safety or security. of ours. Mixed work teams that fight cybercrime (public + private) must collaborate with other international organizations in order to join forces and share knowledge.
There is a whole cybercrime market to which public security agencies have no access where criminals can buy and sell access to compromised servers, computers, cell phones and digital accounts and to malware to attack people and public and private institutions.
Statistics indicate that ALL devices in the country will have been attacked by some type of malware in the last three months.
Nowadays, with the wide adoption of smartphones, which are finally increasingly powerful computers, the number and variety of malware with which these devices are compromised has risen exponentially.
Mobile risks include ransomware, infected apps in official markets, espionage, mobile web browser hacking, intellectual property theft, remote device hijacking, data theft, and mobile banking Trojans. So much is the threat to Smartphones that we now see in banking Trojans, that 25% percent of attacks are directed at desktop computers and 75% at mobile devices.
The motivation for all this variety of attacks is not just money. They are looking for innovations, projects, business plans, patents, budgets, data and channels of access to shareholders and partners. They want digital certificates and credentials, scientific research results, and physical access codes. The intention is to disrupt your business, damage your reputation, and find ways to control your business.
How can you combat this scourge
It is essential that public institutions implement a proactive culture of digital security, since acting under merely reactive initiatives could put their digital infrastructure at risk. In the information age, this is the greatest asset of any institution. Let’s start because the State prohibits the use of pirated software and implements security regulations that are mandatory in all public institutions.
It is essential that the government implement a Cyber Response Committee made up of representatives of the public, private and civil society sectors, which has a regulatory and budgetary shield and that sustains the continuity and constant training of the team and acquisition of ad-hoc software and hardware.
In addition, it is strategic to have international agreements for cooperation and exchange of knowledge and information, particularly with the most developed countries and organizations in the field of cybersecurity.