por Rebeca | Feb 22, 2023 | Ciberseguridad
How to protect yourself from cybercrime? The cybercriminals have been targeting airports, and the travel industry in general. Because people tend to let their guard down when they travel. This posture is doubly compromised when you are the on-point admin for so much of your network.
Protect yourself from cybercrime while you travel
No matter where your wanderlust takes you, you can protect yourself from cyber risks. So before you go on vacation or business, take these steps to protect yourself from the dangers of cybercrime.
- Verify each Wi-Fi network before connecting. Look for official notifications regarding the network connection and make sure the name is accurate. Additionally, be aware of any notifications related to the computer being used on a shared network. If you are a system administrator, hopefully you either have a VPN in place, a jump box, or another form of technical security in place.
- Always keep your devices with you and avoid leaving them unattended in public places. Don’t forget to add password protection and encryption to sensitive files as well; this will ensure that any data stored on your device remains secure even if it falls into the wrong hands.
- Arm yourself with dual factor authentication, so if you are an executive or entrepreneur, and your account is somehow exempted in any way from MFA policies, change that immediately.
- Leave Blueprints so you will always have coverage. Even if you don’t have someone on staff, bring in a partner, a trusted advisor, or even someone with a related but indirect role.
These are just the basics of protection. But they become much more important once you access things as an IT professional or a system administrator.
You are a target and to malicious outsiders, between travel and your role, you are a weak point to target.
Image: Rudy and Peter Skitterians in Pixabay
por Rebeca | Dic 28, 2022 | Ciberseguridad
Ransomware: To pay or not to pay
Ransomware attack and pay or not
The main goal of hackers when carrying out a ransomware attack is to demand a ransom in return and profit. They key is… Ransomware attack, and pay or not.
The 64% of Spanish companies agreed to pay the ransom requested by cybercriminals and 43% of them did so to become operational again because the ransomware attack paralyzed their activity. This is the conclusion of the Cyberpreparedness Report 2022 of Hiscox, an insurer that offers innovative and specialized products for companies and professionals in the Spanish market.
This number of companies that chose to pay the ransom in order to become operational again increases to 56% in the case of small and medium-sized Spanish companies. This type of attack endangers the economic capital of the company, since only the payment of all the ransoms carried out by Spanish companies in 2021 cost each of them an average of €19,400, without taking into account the extra €10,843 that on average they invested to be able to recover their normal activity after the incident.
So… Ransomware attack and pay or not?
However, paying is not synonymous with peace of mind in light of the fact that 47% of companies that decided to pay the ransom demanded by cybercriminals resulted in a second ransomware attack, a figure that rises to 50% in the case of small and medium-sized companies in Spain.
Ransomware is the third type of attack that companies suffer the most (22%), behind Denial of Service (38%) and financial fraud (32%). In the specific case of SMEs, ransomware attacks are becoming more frequent. Since if in 2020 they only represented 11%, in 2021 it has risen to 20%.
But why shouldn’t we pay? There are different reasons:
- Nothing guarantees that we will recover the files.
- In certain circumstances it is illegal to pay such a ransom and even not to inform the authorities. That we have been the victim of a ransomware attack. In the United States, for example, it is a crime.
- Paying allows cybercriminals to continue their attacks since we would be financing the attackers.
Soffid recommends to adopt the principle of least privilege for internal and external network users. With this type of ransomware it is effective to reduce the privileges of user accounts. Reducing to a minimum the accounts that need system administrator privileges. Thus reducing the attack surface exploited by the ransomware agent.
por Rebeca | Ene 5, 2022 | Ciberseguridad, Soffid
Throughout 2021, global news seemed to ricochet between the rapid spread of new iterations of COVID-19 and cyber criminality — both becoming increasingly creative and disruptive as they mutate in a battle for survival; both interlinked as cybercriminals profit from rapid digitalization forced by COVID-19 lockdowns. In a recent interview, a prominent cybersecurity executive pointed out that alongside birth, death and taxes, the only other guarantee in our current lives is the exponential growth of digital threats.
Because security is not built into new technology from the ground up, cyber criminals quickly get a foothold and cause untold damage before we can catch up.
Much has been said about the cybersecurity skills shortage. Millions of cybersecurity positions are unfilled, and this is causing serious problems at many organizations. Cybercriminals the magnitude of the skills shortage is based on a specific model of doing security. This model is reactive rather than proactive and takes a labor-intensive, “brute force” approach to threat response. We need more bodies in cybersecurity because our methodology is to “throw more bodies at the problem.”
For example, rather than doing threat modeling and building strong, proactive controls as they develop an application, organizations scan for vulnerabilities, manually analyze the scans and manually remediate the problems — or else let the vulnerabilities accumulate. Cybercriminals this consumes a lot of resources and ultimately does not leave an organization significantly safer than if it had done nothing.
Moving Beyond Brute Force
While most people may see the logic in moving beyond this scattershot approach, it has an incredibly strong gravitational pull. IT governance policies at many organizations require the use of antiquated security technology and processes when other approaches would provide better protection using fewer resources. At the same time, the rapidly evolving marketplace means that development teams face continual pressure to crank out applications even faster than they do today. This makes it easy to rush into development rather than taking the time to architect an application to be secure before coding even begins.
But what if we were to break from the gravitational pull of reactive security and refocus on what really matters? We could build security into new technologies as they are developed, rather than adding it as an afterthought. We could become consistent, prioritized, focused, structured and strategic in the use of people, processes and tools. help developers learn to write safer code by providing real-time feedback.
At the same time, we need to be making security more visible. If users had an idea which software was safer and which was less safe, they would choose accordingly. The White House issued an executive order in May that can potentially move us in this direction. For example, it requires software vendors to provide a “Software Bill of Materials”. Something of an “ingredients list” for an application. We need dramatically more information about why we should believe something. Secure before we trust it with important things — like elections, finances and healthcare, for example.
Proactive cybersecurity strategies
Aggregate a multitude of perspectives, which brings the benefit of innovation, problem-solving and consensus-building.
From the growing adoption of distributed cloud to the proven benefits of remote mobile workforces. The attack surface for bad actors is ever-widening. This means the requirements for network security have also evolved with the growing threats of increasingly distributed systems.
Security should not take a backseat to innovation in digital businesses. Of course, innovation and speed will require businesses to build secure systems, which means we can no longer afford to implement security only at the service level. We need to apply adaptable solutions from the architecture level that will change with digital business requirements.
See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Let us know how we can help you
(2) Information Week
por Rebeca | May 19, 2021 | Soffid
Today’s business leaders face enormous pressure from markets, competition, and the current pandemic, which is radically changing the way we do business and engage with customers. Organizations need to adapt, imagine new revenue models, innovate as never before, and attract a new generation of talent to fuel this evolution and help the business stay relevant.
In the last few decades, organizations large and small have started leveraging the benefits of open source at unprecedented levels. One of the benefits of working with open source technologies or projects is the free sharing of ideas. Open source brings people together to brainstorm and develop a common piece of technology.
The open source web frameworks offer an alternative that shifts the company focus from the centralisation of resources – which has become of little significance – to the adoption of more internationally widespread technologies. The technological exclusive and the supposed guarantees of a private supplier are exchanged for a transparent shared standard.
In the past technology ownership guaranteed a competitive edge over the competition and money could also be made from licensing.
With the growth of the web and the spread of technologies to support the online services, the IT sector has experienced the formation of a very fragmented situation.
In this scenario the big digital service companies have played an important role, at times determining with their economic weight the growth of some of these technologies and the consequent decline of others. New international standards have been set.
At the same time
Many cases of successful open source frameworks have emerged which have ridden the wave of the community-driven technologies, i.e. developed and maintained by international teams of independent developers.
In light of the success obtained by these frameworks, today privatising the technologies on which to base their services. Also and products means companies run the risk of reinventing the wheel, rather than concentrating on activities that create solid value.
Compared to open source frameworks the owned ones are more expensive; and risk becoming outdated more quickly in a world in constant evolution.
The value of ideas has increased
A shared technological standard on an international level, helped by an open source philosophy; has a superior value compared to the in-house alternatives. The ability to integrate programming languages and different tools effectively and using the resources already created; by other developers increases the competitiveness of the web-based platforms.
Considering the rise of open source frameworks the question is not how to centralise control over technology. But how to adapt these resources to our advantage, participating in their progressive enhancement while developing components for company use.
Technology is the tool that allows us to drive value; but this comes from positive ideas to digitalise the company resources available.
With freemium solutions like Soffid, the customer get all the benefits from both sides; from the traditional product and from the open source product. But they get a good support, they get a development roadmap and quick security fixes.
Soffid is one Single product, release like open source and including all the features; about Identity and access management, priviledge account management and identity governance.
Shall we talk?