by Rebeca | Dec 28, 2022 | cybersecurity
Ransomware: To pay or not to pay
The main goal of hackers when carrying out a ransomware attack is to demand a ransom in return and profit.
The 64% of Spanish companies agreed to pay the ransom requested by cybercriminals and 43% of them did so to become operational again because the ransomware attack paralyzed their activity. This is concluded in the Hiscox 2022 Cyberpreparation Report, an insurance company that offers innovative and specialized products for businesses and professionals in the Spanish market.
This number of companies that chose to pay the ransom in order to become operational again increases to 56% in the case of small and medium-sized Spanish companies. This type of attack endangers the economic capital of the company, since only the payment of all the ransoms carried out by Spanish companies in 2021 cost each of them an average of €19,400, without taking into account the extra €10,843 that on average they invested to be able to recover their normal activity after the incident.
However, paying is not synonymous with peace of mind in light of the fact that 47% of companies that decided to pay the ransom demanded by cybercriminals resulted in a second ransomware attack, a figure that rises to 50% in the case of small and medium-sized companies in Spain.
Ransomware is the third type of attack that companies suffer the most (22%), behind Denial of Service (38%) and financial fraud (32%). In the specific case of SMEs, ransomware attacks are becoming more frequent, since if in 2020 they only represented 11%, in 2021 it has risen to 20%.
But why shouldn’t we pay? There are different reasons:
- Nothing guarantees that we will recover the files.
- In certain circumstances it is illegal to pay such a ransom and even not to inform the authorities that we have been the victim of a ransomware attack. In the United States, for example, it is a crime.
- Paying allows cybercriminals to continue their attacks since we would be financing the attackers.
Soffid recommends to adopt the principle of least privilege for internal and external network users. With this type of ransomware it is effective to reduce the privileges of user accounts, reducing to a minimum the accounts that need system administrator privileges – thus reducing the attack surface exploited by the ransomware agent.
Sources:
- thelawreviews
- signaturit
- redeszone
by Rebeca | Dec 21, 2022 | soffid, Uncategorized
At the holiday season, our thoughts turn gratefully to those who have made our progress possible. It is in this spirit that we say…
… Thank you and best wishes for the holidays and Happy New Year.
News are coming in 2023 and we are looking to share all the best with you during the upcoming year.
by Rebeca | Dec 14, 2022 | cybersecurity
Zero Trust
This concept was coined in 2010 by John Kindervag, a former Forrester Research analyst who is also considered one of the world’s leading cybersecurity experts. Guided by the principle “never trust, always verify”, the application of this strategy aims to protect modern digital environments with increasingly mobile and connected users.
A zero-trust approach enables organizations to make access decisions based on the context of the transaction, including factors such as user identity, classification of the data being accessed, device security profile, network, the application and the authenticators used.
Building a zero-trust architecture requires having excellent identity data, properly provisioned entitlements, as well as standardized authentication and authorization enforcement.
Why Zero Trust?
Many organizations have taken a decentralized approach to identity and access management, allowing multiple lines of business to build their own controls. Unfortunately, this leads to duplicate access enforcement systems. Zero Trust takes a more consistent approach across the enterprise, providing visibility and enforcement of access policies. This means increased security and compliance.
Implementing zero trust is an interdisciplinary exercise spanning identity, access management, and infrastructure security. There is no single technology that can cover all requirements. Access policies can be enforced in access management solutions, privileged access tools, network infrastructure, API gateways, cloud platforms, and even within application code.
To get started on the zero trust journey, organizations must:
- Identify policy enforcement points and policy engines for access decisions.
- Understand the information points of the policy.
- Identify implementation patterns.
- Know their data.
- Develop a risk-based roadmap.
Do you want to keep your company safe?
Sources:
- Accenture
- welivesecurity.com
by Rebeca | Dec 7, 2022 | cybersecurity, soffid
Cybersecurity Trends in 2023
According to a report recently published by the insurer Hiscox, cyberattacks in Spain have an average cost per company of 105.000 euros, almost double compared to 2020, which was 55,000 euros. The cost per company reaches, on average, 78,000 euros worldwide.
The reputational damage must be added to the economic cost, becouse a security breach can cause reluctance or fear among users and clients when hiring their services.
Today we share the trends in cybersecurity in 2023.
Cybersecurity Culture
Businesses will continue to fight phishing, ransomware, and DDoS. Remote work is here to stay, along with the security risks that come with it. Unshielded home networks, untrained employees, and the absence of a cybersecurity culture will pose a serious threat to organizations unless they take the proper precautions. A new geopolitical reality. The ongoing war, coupled with the energy crisis, may result in attacks on critical energy infrastructure.
Security Practices improvement
The CISO is responsible for setting the strategy, but cannot implement that strategy if there is no buy-in from other areas of the organization. It is up to the members of each department to apply the controls that the security team recommends or requires. This disconnect between the expectations of the security team and the actual implementation is where things fall apart. In 2023, organizations will look to solve this problem and place more departmental emphasis on implementing security best practices.
Zero-Trust Architecture
Businesses will address ransomware threats from several ways, from improving cyber skills by working with the security team, to the right security tools such as multi-factor authentication, and training courses. Zero-trust architecture investment to validate access and improve security will increase.
Transparent Cybersecurity with customers
The way companies interact and communicate with their customers will need to change in 2023 as the public becomes increasingly aware of ransomware threats and data privacy issues.
As data breaches become increasingly public, rather than trying to downplay or hide the incident, organizations will need to admit the problem and provide details about the steps they are taking to mitigate the problem and prevent future breaches.
Customers will appreciate this honesty and will be more likely to do business with companies that are open and transparent about their cybersecurity practices.
Visibility and security of connected devices
Leading organizations will target connected device cyber practices by establishing or updating related policies and procedures, updating inventories of their IoT connected devices, monitoring and patching devices, refining device acquisition and disposal practices with security in mind , correlating IoT and IT networks, monitoring connected devices more closely to further secure those endpoints, manage vulnerabilities, and respond to incidents.
Supply chains threats
Today’s hyper-connected global economy has led organizations to rely heavily on their supply chains, with threats evolving in complexity, scale, and frequency, so organizations will continue the drive to innovate and mature their transformation capabilities. risk and security.
Organizations are focusing on implementing and operating identity and access management (IAM) and Zero Trust capabilities that better enforce authorized third-party access to systems and data, and reduce the consequences of a compromised third party.
Shall we talk?
Fuentes:
- Spiceworks.com
- Venturebeat.com
by Rebeca | Nov 30, 2022 | cybersecurity, soffid
Today is the International Computer Security Day
Every November 30th is International Computer Security Day. The holiday started in 1988 when technological progress brought new concerns about privacy and security; thus, the day is dedicated to keeping your online data safe and secure.
In a world in which the Internet is totally essential, the massive use of the network has caused a 26% cyberattacks increase in Spain in 2021, making our country the third most attacked country in Europe.
Companies are in the crosshairs of cybercriminals, attacking their servers and platforms in search of relevant information which provides them huge economic benefits. The good news is that, according to an IDC study, it estimates that 2022 will close with an average investment of 7.7% in cybersecurity by companies, representing a total expenditure of 1,749 million euros.
Information is the main asset of companies and, therefore, its protection against possible leaks, whether due to attacks, carelessness or not having good habits, is crucial to guarantee its security and so that the development of its activity is perform normally.
According to figures from the National Institute of Cybersecurity (Incibe), the loss of data due to computer attacks or simple human errors can mean losses of between 2,000 and 50,000 euros for SMEs, and 3.6 million on average for large companies, according to IBM.
The most serious threat to an information system is people, so their training and awareness is one of the fundamental objectives that are pursued with the implementation of a cybersecurity culture program.
But an IAM framework enables IT to control user access to critical information within their organizations. IAM products offer role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise.
In this context, access is the ability of an individual user to perform a specific task, such as view, create or modify a file. Roles are defined according to job, authority and responsibility within the enterprise.
IAM systems should do the following: capture and record user login information, manage the enterprise database of user identities, and orchestrate the assignment and removal of access privileges.
That means systems used for IAM should provide a centralized directory service with oversight and visibility into all aspects of the company user base.
Shall we talk?
Fuentes:
- Directivosygerentes.es
- ITresellers.es
- Incibe
- IBM
