¿Están creciendo sus evaluaciones de riesgos de seguridad?

¿Están creciendo sus evaluaciones de riesgos de seguridad?

Security risk assessments are an important tool in your organization’s arsenal against cyber threats. They shine a spotlight on areas of risk in your digital ecosystem, inform and prioritize mitigation strategies, and ensure hard-earned resources are allocated where they’re needed most. Assessments can also help you evaluate your third parties to mitigate the very real possibility that they’ll introduce unwanted risk into your organization.

Evaluating security risk is important for all companies. Most businesses carry sensitive information, ranging from employee data to customer details, this can be vital information to keep private. By evaluating this risk, this helps prevent data loss, confidentiality for all parties involved and the protection of assets for the company.

To properly conduct an internal or vendor security risk assessment, you need to combine automation with data-driven tools that provide a continuous, accurate picture of cybersecurity risk both internally and across your third-party ecosystem.

What is Security Risk Assessment?

When looking at the assessment of security, this is done by looking at all the risks that certain applications, technologies, and processes that the company has integrated into their system. By knowing about these systems, companies are able to assess the risk that goes along with them and use that to their advantage when seeking information about the security.

By maintaining a level of security, this helps keep employee, business, customer, and partner information safe and to avoid any risk of cyber-attacks or data loss.


Despite the best efforts of your security teams, risk remediation and mitigation are often hampered by an incomplete view of security performance. Many organizations don’t have a clear picture of what systems, devices, and users are on their networks at any time and do not have a way to efficiently identify, measure, and continuously monitor their risk profiles.

The problem is compounded by digital transformation. As your organization’s digital footprint grows, identifying vulnerable systems and assets – on-premises, in the cloud, and across business units, geographies, remote locations, and third parties – isn’t easy.

Security Risk Assessment Tools 

Security Risk Assessment Tools can range from physical security and ways to protect data servers on-site or digital tools such as network or server protection. This can relate to firewalls, anti-virus programs, or back up processes that help protect data in the case that they are compromised.


See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Share your requirements and a representative will follow up to discuss how Soffid can help secure your organization.



(1) techfunnel.com
(2) IT Security

Ataques en el sector retail

Ataques en el sector retail

Cyberattacks against the retail sector are an ongoing concern. There are a number of factors that make retail systems attractive targets for hackers. Fortunately, there are also effective safeguards against these attacks.

In an industry that has traditionally only seen crime in the form of shoplifting, online retail has become a favourite target among cyber criminals and has been one of the most attacked sectors this year.

Customer information has been perhaps the biggest target, including both details from card payments and general personal information. Retailers have access to a wealth of sensitive data about their customers, who use often-repeated login details for their accounts.

As businesses increase their use of cloud computing and third-party vendors, supply chains have also become a common attack surface full of vulnerable touchpoints, particularly as retailers can’t always guarantee that their suppliers have robust cyber security in please, or even take security as seriously.

Website attacks

Attacks on retail industry websites were notably higher than all other industries last year, and were characterized by more sporadic peaks in attacks.

Common website functionality like chatbots, payment services and web analytics are enabled by third-party JavaScript that executes on the client side. The functionality is a necessity for eCommerce, but is increasingly vulnerable to attack. Since many of the services operate outside of the security team’s control, it’s a blindspot for organizations and a potential fraud risk for consumers.

Scaling up quickly

In order to keep pace with consumer demand for buying online and, in some cases, to save businesses whose physical stores have suffered during the pandemic, many online shops opened or scaled up quickly. In many cases, this means they have not been implementing comprehensive cybersecurity solutions along the way. This fast scale-up or establishing of online presence also means that many retailers are relying on outside vendors for services like payment processing, shopping cart functions and other features. This makes retailers–and in turn their customers–vulnerable to supply chain attacks, when bad actors gain access to a service provider, then use that to target its subscribers and clients either directly or indirectly.

Retail Cybersecurity Statistics

Retailers have always been attractive targets for cyber attackers and data thieves. But now, cybersecurity issues in retail have become an even bigger concern. Consider these recent retail cybersecurity statistics:

  • 24% of cyberattacks targeted retailers, more than any other industry (Trustwave)
  • 34% of retailers said cybersecurity worries were their primary hindrance in moving to e-commerce (BDO)
  • 34% also said that cyber attacks or privacy breaches were their most serious digital threat (BDO)
  • Financial motives drove cyber attackers in 99% of retail cyber attacks (Verizon 2020)
  • When data is compromised in an attack, 42% is payment information and 41% is personally identifiable data (Verizon 2020)


Common website functionality like chatbots, payment services and web analytics are enabled by third-party JavaScript that executes on the client side. The functionality is a necessity for eCommerce, but is increasingly vulnerable to attack. Since many of the services operate outside of the security team’s control, it’s a blindspot for organizations and a potential fraud risk for consumers. 


(1)  helpnetsecurity.com
(2) ITPro
(3) Forbes
(4) finextra

Picture: <a href=’https://www.freepik.es/fotos/mano-dinero’>Foto de mano con dinero creado por rawpixel.com – www.freepik.es</a>


Las Claves para el Cumplimiento del Esquema Nacional de Seguridad en las Diputaciones Provinciales: Casos de Éxito

Las Claves para el Cumplimiento del Esquema Nacional de Seguridad en las Diputaciones Provinciales: Casos de Éxito

En los últimos años, el día a día de los usuarios se ha adaptado exponencialmente al plano digital, llevando a estos a realizar gestiones y procesos administrativos de forma íntegramente virtual. Lo cual ha llevado a estos organismos e instituciones a cumplir el Esquema Nacional de Seguridad, que tiene por objeto establecer la política de seguridad en la utilización de medios electrónicos y que está constituido por principios básicos y requisitos mínimos que permitan una protección adecuada de la información. Siendo, por tanto, la protección de los datos y la adecuada gestión de la identidad digital de los usuarios y ciudadanos dos de los aspectos más relevantes a la hora de diseñar y ofrecer procesos administrativos por parte de cualquier Administración.

En este contexto, las Diputaciones Provinciales se enfrentan a retos particulares a la hora de asegurar la experiencia digital de sus usuarios, entre ellos:

    • La mejora de la seguridad bajo el cumplimiento del Esquema Nacional de Seguridad: rotación de contraseñas, auditoría de accesos, multi-factor de autenticación etc.
    • El aumento de la productividad mediante los procesos de auto-servicio: creación de usuarios, reseteo de contraseñas, creación de buzones, acceso a aplicaciones etc.
    • La devolución de la responsabilidad del acceso a los datos a sus dueños, tanto en la fase de autorización como en las de revisión de permisos y revocación.

En Soffid llevamos un largo recorrido ayudando a nuestros clientes ante las dificultades que puedan aparecer a la hora de preservar la seguridad en la gestión de los accesos e identidades de sus usuarios. Por ello queremos compartir esta experiencia en nuestro próximo webinar enfocado expresamente a Diputaciones Provinciales, que impartirá nuestro CTO y Fundador, Gabriel Buades:

Las Claves para el Cumplimiento del Esquema Nacional de Seguridad en las Diputaciones Provinciales: Casos de Éxito.
Jueves, 7 abril 2022 – 10h
Todos aquellos interesados, podrán realizar su inscripción aquí.


Dado que las plazas son limitadas les rogamos que formalicen su asistencia lo antes posible.

Les agradecemos su tiempo y atención y esperamos verles el próximo jueves 7 de abril.




Resiliencia cibernética efectiva

Resiliencia cibernética efectiva

Cyber resilience refers to the ability to protect electronic data and systems from cyberattacks, as well as to resume business operations quickly in case of a successful attack.
According to Statista, 37% of organisations globally became a victim to a ransomware attack in 2021, and 68.5% were victimised by ransomware – an increase on the previous three years.

Companies now must find intelligent ways of reducing digital footprints across cybersecurity quicksand to ensure their environments are secure. Cyberattacks are a serious threat to each of us. Attackers could try to hack into a private computer or an organisation for economic gain or simply for demonstrative purposes, or they could be driven by the aim of causing damage and disruption.

This threat has to be taken seriously by banks, financial institutions, and financial market infrastructures (such as payment or settlement systems). But cyberattacks are not only a threat to individual institutions. Given the high level of interconnectedness within the financial sector, they can also pose a threat to the stability of the overall financial ecosystem.

The Australian Securities & Investments Commission share some Cyber resilience good practices.

In an increasingly digitized world where cyberattacks are growing at an alarming rate, it is hard to imagine running a business without a comprehensive cyber resilience strategy. With the shift towards hybrid work, cyberattacks are an unfortunate reality for businesses of all shapes and sizes. Attacks leveraging social engineering and other techniques are increasingly effective, which means no organization is safe. A solid cyber resilience program enables you to prepare for and effectively respond to and recover from such attacks. A cyber-resilient organization can protect its core business functions against cyberattacks and ensure business continuity during and after a disruptive incident.

Do We Need a Cyber Resilience strategy?

Cyber resilience is highly beneficial for your organization. It protects your business from severe damages and financial losses caused by data loss incidents and cyberattacks by improving your overall security posture. Cyber resilience helps protect your brand reputation by enabling you to efficiently manage cyber risks. It helps improve your organization’s corporate culture and business processes, thereby reducing risk and enhancing security in the process. A cyber resilience plan helps you comply with complex legal and regulatory requirements. Cyber resilience minimizes business disruptions and downtime and enables you to continue business operations during and after a cyber incident.

Any cyber resilience strategy, when put in practice, needs to be considered a preventive measure to counteract human error, vulnerabilities in software and hardware, and misconfiguration. Therefore, the goal of cyber resilience is to protect the organization, while understanding that there will likely be insecure parts, no matter how robust security controls are.


How Can Cyber Resilience Be Improved?

Here are four methods that you can use to strengthen your organization’s cyber resilience:

  1. Automation.
  2. Implement Stringent Security Protocols.
  3. Make Cyber Resilience a Part of Your Corporate Culture.
  4. Back Up Your Data.


(1) asic.gov.au
(2) spanning.com
(3) itgovernance.eu


Nuevos enfoques y retos en ciberseguridad

Nuevos enfoques y retos en ciberseguridad

Developing a fully integrated strategic approach to cyber risk is fundamental to manufacturing value chains as they align with the operational technology (OT) and IT environments—the driving force behind Industry 4.0, Deloitte said recently. As threat vectors expand with the advent of Industry 4.0, new risks should be considered and addressed, with the intent of implementing a secure, vigilant, and resilient cyber risk strategy. When supply chains, factories, customers, and operations are connected, the risks posed by cyber threats become greater and potentially farther-reaching, it added.

Adopting new approaches and challenging conventional thinking is essential in an increasingly digitized world. “In terms of security, if we’re not moving forwards and developing, then we are effectively going backwards because our adversaries will definitely be moving forward,” commented Johnson (partnerships and outreach manager (digital and STEM), founder and director of Women in Cyber Wales)

Technology change has been beneficial to both organizations and its employees. The adoption of technology innovations by organizations has exploded over the last few decades with global spending on technology across all industries.

While the benefits for business are enormous, any technology adoption comes with freebies of risks and security threats.

First the New technology should be a right fit into the business and embedded in to the process. If the right fit is not ensured the sustenance will be at large risk.

Adopting New Technologies

New technology while adopting create internal conflict in an organization. They are such as managerial, Technological, sociological and economic related. There are several attributes of conflicts and they are usability, interoperability, common business views, agility, scalability, reliability, openness, manageability, infrastructure and security. Here Security assumes major role.

As data breaches continue to pose a threat  to any emerging technology and exist in any business be it Healthcare, Finance, Manufacturing, Services or any, appropriately adopted cyber security policies and practices will become the essential ingredient in making breaches irrelevant and allow the organisations to exploit the benefits of new technologies and prosper. While planning for adopting any technology in an organisation, it is essential that Security risks are adequately analysed and mitigating strategies are put in place before new technologies are institutionalised.

Why Security Standards Are Important

Conformance with established standards and best practices is essential for increasing the protection baseline in cybersecurity. Many organisations lack personnel experienced in the domain and, therefore, have a hard time adopting new approaches and techniques. Education is an important component, but in-depth knowledge is hard to transfer. Thus, certification methodologies that distil certain best practices into structured, easy-to-apply guidelines have an important role in the proliferation of cybersecurity innovation.

The Evolution of Threat Hunting

Threat hunting continues to evolve for organizations that focus on proactively detecting and isolating Advanced Persistent Threats (APTs) that might otherwise go undetected by traditional, reactive security technologies.

While many SOCs are struggling to cope with the current security threat workload, more organizations are adopting threat hunting as part of their security operations. They are discovering that proactive threat hunting can reduce the risk and impact of threats while improving defenses against new attacks.



(1) cyber-security.com
(2) cio.com
(3) Deloitte.com
(4) cybersec4europe.eu

Picture: <a href=’https://www.freepik.es/vectores/fondo’>Vector de Fondo creado por pikisuperstar – www.freepik.es</a>