por Rebeca | Ago 30, 2022 | Ciberseguridad, Noticias, Recursos
The company of today, both private and public, face a daunting variety of threats to cybersecurity. A cyber attack can threaten the very existence of an organization. And even the jobs of some of its C-suite officers. But the response doesn’t rest solely on a building a better technical solution: we need to create a cyber-secure culture.
Given the overwhelming reality of the resources and time already being devoted to a company’s security strategy, an important question arises:
How can organizations begin to realistically embed security into the DNA of an enterprise?
In this sense, Research by the Centre for the Protection of National Infrastructure (CPNI) made a suggestion. That multiple interrelated factors need to be considered when attempting to change an organisation’s security culture.
Cybersecurity company : what is «security culture»?
Contrary to what most think, it is the ideas, customs and social behaviors of an organization that influence its security. It is the most important element in an organization’s security strategy.
And for good reason: The security culture of an organization is foundational to protect information, data and employee and customer privacy.
In the first place, not all people learn in the same way. For that reason, every organisation and every audience is different when it comes to learning. In this case, we believe that a human-centred approach to security, using high impact interventions, can accelerate positive security culture change.
During the pandemic, some industries and organizations have seen their security cultures stagnate or decline. As many organizations transitioned to a work-from-home model, new security concerns emerged. For that reason, the communication and education becoming somewhat more challenging.
How to Support A Strong Security Culture
There are some practical steps organizations can take to develop a strong security culture across seven distinct dimensions:
- Attitudes: Employee feelings and beliefs about security protocols and issues.
- Behaviors: Employee actions that impact security directly or indirectly.
- Cognition: Employee understanding, knowledge and awareness of security issues and activities.
- Communication: How well communication channels promote a sense of belonging and offer support related to security issues and incident reporting.
- Compliance: Employee knowledge and support of security policies.
- Norms: Employee knowledge and adherence to unwritten rules of conduct related to security.
- Responsibilities: How employees perceive their role as a critical factor in helping or harming security.
With this in mind, view the Strategic Cybersecurity Skills
In that case, we can help you build a solid security culture in your organization, let’s talk?
Sources:
(1) Forbes
(2) Security Magazine
Picture: Foto de antivirus creado por rawpixel.com – www.freepik.es
por Rebeca | Ago 30, 2022 | Ciberseguridad, Noticias, Recursos
Personal data leaks have occurred to both large and small businesses. In addition, it happens very frequently, more and more in recent years.
Most of them are a consequence of cyber-attacks on networks or e-commerce security breaches. Incidents such as these can devastate a company.
Why do social networks allow data leaks?
Social media platforms are a primary security weak point for businesses due to data leaks. Social media is quickly turning into a primary security weak point. A single data breach within one of the social media networks can result in millions of records being stolen.
Social media is one area where security teams have faced a steep learning curve. Beyond the fact that through LinkedIn, Facebook and Twitter employees can connect with each other, social networks have another attraction for companies.
For example, to take advantage of social media platforms as tools to carry out brand recognition, customer service, advertising and recruitment processes. Yet every user on every platform presents a social media risk to security professionals. And the risks are many.
One of the most affected sectors during the pandemic was the health sector. Know the key points of healthcare cybersecurity.
Top areas for attention
- Account tracking
- Conduct regular security and privacy reviews
- Keep access up-to-date
- Use a Virtual Private Network
- Ensure adequate device protection
- Monitor your social media channels
- Employee training is crucial
- Beware of third-party apps
At the same time as the rapid growth of technology occurred, social networks increased in popularity. The fundamental reason for this is the ability of networks to connect people.
Because it provided an ideal platform to connect with your friends, family and colleagues. Since it provided an ideal platform to connect with your friends, family and colleagues.
The information shared in social network spreads fast, almost instantaneously. For that reason, it attractive for attackers to gain information.
The secrecy and security of social media platforms must be consulted from various positions. There are many security and privacy issues related to shared user information. Especially when a user uploads personal content like photos, videos, and audios.
Finally, the attacker can maliciously use shared information for illegitimate purposes. See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Let’s talk?
Sources:
(1) techtarget.com
(2) https://link.springer.com/
(3) Forbes
Picture: Foto de redes sociales creado por rawpixel.com – www.freepik.es
por Rebeca | Ago 10, 2022 | Ciberseguridad, Noticias
Digital technologies make it easier and more efficient to deliver patient care and provide better outcomes. However, the rise of digital technologies and the growing interconnectedness between different healthcare systems come with increasing healthcare cybersecurity threats.
Weak cybersecurity measures expose companies to serious risk. Victim companies suffer operationally, as systems are rendered unusable. In addition, it affects your reputation, because customers lose trust. And, since the regulators are strict, they end up legally affected, too.
The healthcare industry is particularly vulnerable because it uses extremely sensitive data. For example, pharmaceutical companies store proprietary scientific data and intellectual property. Medical device companies develop systems that interface such devices with physician, patient, and medical entity data collection.
Additionally, operational functions are often literally matters of life and death. Breaches in healthcare and pharma cost more than those in almost any other industry.
After Covid-19, healthcare cybersecurity risk is higher than ever
Cyberattacks grabbed headlines throughout 2021 as hacking and IT incidents affected government agencies, major companies, and even supply chains for essential goods, like gasoline. For healthcare, this year was even more turbulent as cybercriminals took advantage of hospitals and healthcare systems responding to the Covid-19 pandemic.
More than one health care provider was forced to cancel surgeries, radiology exams, and other services, because their systems, software, and/or networks had been disabled
The COVID-19 crisis will continue to test the resiliency of the global healthcare industry.
What can healthcare organizations do to address the challenges?
Strategies include the following:
- Implementing cybersecurity technology
- Building a talent pool of professionals skilled in healthcare cybersecurity. Do you know about cybersecurity skills?
- Developing a healthcare cybersecurity strategy focused on patient privacy protection
- Addressing vulnerabilities in legacy systems in healthcare
- Keeping tabs of new developments to understand information technology (IT) challenges
By introducing cybersecurity as a value proposition and formulating clear action plans, healthcare organizations can meet cybercriminals fully armed — and give them a worthy response. See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Let’s talk!
Sources:
(1) Security Magazine
(2) Contentsecurity.com
(3) Infosecuritymagazine
(4) Forbes
Imagen:Foto de doctor feliz creado por pressfoto – www.freepik.es
por Rebeca | May 24, 2022 | Ciberseguridad, Noticias, Soffid
Any government’s primary security challenge is data loss related to security breaches. Protecting sensitive data from being exfiltrated and falling into the wrong hands is a government’s responsibility to their people. This task is hard to accomplish because of the high number of user profiles and application systems. While a typical company has a huge workforce with a limited number of profiles, a government agency used to have more profiles than users.
For government, cybersecurity isn’t only a challenge—it’s a big obstacle to long-awaited digital transformation.
Biggest Cybersecurity Challenges in 2022
Because government agencies have data or other assets that malicious cyber actors want, they will often go to great lengths to get it. Due to the sensitivity of the information government holds and the persistence of many of those who are targeting it, government organizations don’t have the luxury of operating subpar cybersecurity without putting citizens’ data and potential essential services at unacceptable levels of risk.
Cyber risks are higher than ever and their impacts increasingly severe – every organisation needs to take steps to respond accordingly.”
Paul Kallenbach
Even the most sophisticated solutions may not be able to eliminate all vulnerabilities, but they can stymy many threats and help protect against the worst outcomes.
The biggest cybersecurity challenges in 2022 are:
- Increase in Cyberattacks
- Supply Chain Attacks Are on the Rise
- The Cyber Pandemic Continues
- Cloud Services Are A Primary Target
- Ransomware Attacks Are on the Rise
- Mobile Devices Introduce New Security Risks
See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. -more- Let’s talk!
por Rebeca | May 23, 2022 | Ciberseguridad, Cliente, Noticias
En los últimos años, el día a día de los usuarios se ha adaptado exponencialmente al plano digital, llevando a estos a realizar gestiones y procesos administrativos de forma íntegramente virtual. Lo cual ha llevado a estos organismos e instituciones a cumplir el Esquema Nacional de Seguridad, que tiene por objeto establecer la política de seguridad en la utilización de medios electrónicos y que está constituido por principios básicos y requisitos mínimos que permitan una protección adecuada de la información. Siendo, por tanto, la protección de los datos y la adecuada gestión de la identidad digital de los usuarios y ciudadanos dos de los aspectos más relevantes a la hora de diseñar y ofrecer procesos administrativos por parte de cualquier Administración.
En este contexto, los Ayuntamientos se enfrentan a retos particulares a la hora de asegurar la experiencia digital de sus usuarios, entre ellos:
-
- La automatización de procesos de activación y desactivación de usuarios así como de sus contraseñas.
- El cumplimiento del Esquema Nacional de Seguridad y EUGDPR.
- La metodología single sign-on y
- la utilización de múltiples factores inteligentes de autenticación.
En Soffid llevamos un largo recorrido ayudando a nuestros clientes ante las dificultades que puedan aparecer a la hora de preservar la seguridad en la gestión de los accesos e identidades de sus usuarios. Por ello queremos compartir esta experiencia en nuestro próximo webinar enfocado expresamente a Ayuntamientos, que impartirá nuestro CTO y Fundador, Gabriel Buades:
Las Claves para el Cumplimiento del Esquema Nacional de Seguridad en los Ayuntamientos: Casos de Éxito.
Miércoles, 1 junio 2022 – de 10:30h a 11:30h
Todos aquellos interesados, podrán realizar su inscripción aquí.
