Several cases around the world demonstrate how vulnerable we are because of security loopholes in digital systems. Something must be done.

Recently, the private company National Public Data confirmed that a massive data breach occurred in April. On its website, the company explained that “there appears to have been a data security incident that may have involved some of your personal information. The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024. We conducted an investigation and subsequent information has come to light. What Information Was Involved? The information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).”

Different media have reported that the records obtained fraudulently would have been about 2.9 billion.

But that has not been the only case. And the problems are not exclusively due to the bad faith of third parties. Exactly a month ago, Microsoft reported a huge problem resulting from a software update made by one of its allies, Crowdstrike, which knocked out the software of airlines, banks, and hospitals in several countries.

According to Microsoft, “On July 18, CrowdStrike, an independent cybersecurity company, released a software update that began impacting IT systems globally(...). We recognize the disruption this problem has caused for businesses and in the daily routines of many individuals. Our focus is providing customers with technical guidance and support to safely bring disrupted systems back online.”

One of the challenges of this issue is that most of it had to be fixed manually by each of the affected users. The challenge involved operational issues for air travel, healthcare systems, banking, and financial systems around the world.

The icing on the cake: last week Bancolombia, Colombia's largest single bank, announced that it was having problems with its systems, causing checking and savings account balances to be inaccurate in many cases. Bancolombia has more than 30 million clients and nearly 62 billion dollars in assets.

Last Thursday, August 15, the president of the bank broadcast a video on his networks and websites explaining the problem: “Around 5:00 a.m. we identified a technical error that caused some people to see a different balance than the money you had in your accounts last night. The first and most important message is that this is not a breach of our systems. Our clients' information and money are 100% secure; the money is complete, our team has already identified the fault and unfortunately it will take us longer than we would like to resolve.”

The previous Friday the failure was finally resolved, according to the bank itself.

These questions lead us to reflect on the enormous vulnerability to which the information circulating in digital contexts is exposed and the enormous impact this has on the daily lives of the users of these systems.

The number of cases is increasing. According to the World Economic Forum's Global Cybersecurity Outlook 2024, 29% of organizations reported that they had been materially affected by a cyber incident in the past 12 months. And 41% of those cases were the result of the action of a third party.

The outlook is more critical if one considers that 54% of organizations are not sufficiently aware of the cyber vulnerabilities in their supply chain. Even 64% of executives who believe their organization's cyber resilience meets the minimum requirements to operate say they still have insufficient knowledge of their supply chain's cyber vulnerabilities.

A problem that must be addressed

Whether as individuals or as organizations, it is necessary to recognize that the digital revolution cannot be reversed, but implies new challenges due not only to the magnitude of the change but also its speed.

That is why it is necessary to put different aspects on the table to improve the security and reliability of the systems.

The first is regulation: we need to not only know the new digital context regulation but also participate in the new discussions that are taking place due to emerging tecnologies such as Artificial Intelligence. Knowing the state of the art on these fronts is a competitive advantage.

It is necessary to commit to a culture of verification that serves so that in the daily use of digital systems we have greater precautions in the administration of passwords and protocols. This culture of verification can also become a vaccine against phenomena such as disinformation and misinformation, the most widespread phenomenon today being fake news.

On the other hand, it is necessary to continue training each of the members of the organizations and citizens so that they have greater tools to face the challenges imposed by digital contexts.

Having the best technology is the final recommendation: there are ethical and highly trained suppliers that allow us to have solid and responsive digital ecosystems in the event of eventualities.

The technological revolution cannot be reversed, but it has confronted us with more challenging realities that require a new attitude based on training, precaution, and the deployment of better technologies for the protection of our most valuable asset today: information.