FREE TRIAL
Las vacaciones aumentan las estafas de phishing en línea

Las vacaciones aumentan las estafas de phishing en línea

por | Nov 24, 2021 | Sin Categoria

The vacation season increases online phishing scams; we’ve all been subjected to phishing attacks. – specifically, Fake messages from a seemingly trustworthy or reputable source designed to convince you to click on a malicious link; thus disclose information, give unauthorized access to a system or execute a financial transaction.

It may come as at text message, a phone call, or an email.

 

According to US-CERT, some of the most common – and seemingly legitimate – phishing emails include bogus communications from online payment or Internet service providers. Obviously, generates false accusations from the FDIC about violating the Patriot Act (requesting that you «verify» your identity); and bogus communications from your company’s IT department ( therefore, seeking sensitive information that someone can use to access corporate systems and data).

In today’s digital age, keeping your personal information personal is vital to ensuring that your assets are not put at risk. If your information is compromised, you’re vulnerable to fraud, hacking, and identity theft which can cost countless hours and significant amounts of money to correct or repair.

With online shopping trumping in-store retail this holiday season, cybercriminals will have no shortage of potential victims to target.

Bad Actors Are Taking Advantage Of Pandemic-Related Shortages

generally, “The pandemic has caused significant shortages in many items, especially electronics.” Said Erich Kron, security awareness advocate at cybersecurity firm KnowBe4. however “This season is already known for the stress related to finding that must-have gift, however, the continued emotional stress caused by the COVID-19 pandemic combined with the even more significant shortages is causing people to take bigger risks to get that perfect gift. This means turning to unknown online vendors or social media as a desperate last resort. Unfortunately, these risky moves often result in disappointment as scammers take the money and run.”

Phishing attacks are on the rise.

 

Typically, criminals behind phishing attacks aren’t attempting to steal money. They’re attempting to steal something potentially much more valuable: data.

When phishing attacks trigger data breaches, the consequences for businesses can be severe.

Reputational damage

Following the announcement of a data breach, a company’s reputation immediately takes a hit.

Headlines like “British Airways data breach: Russian hackers sell 245,000 credit card details” and “EasyJet admits data of nine million hacked” obviously, become mainstream news stories. It doesn’t matter how formidable a company’s basically PR department might be.

Such reports can take years to fade from memory. As long as they linger, but they influence public opinion of a brand.

Loss of custom

Reputational damage is just the beginning of the backlash.

News of a data breach tends to make customers nervous. A 2019 survey revealed 44% of UK consumers will stop spending with a business for several months. in the immediate aftermath of a data breach. 41% of consumers reported they would never return to a business that had experienced a breach.

After 157,000 TalkTalk customers had their data compromised in 2015, customers left in their thousands. The costs of the breach reached £60m in 2016 alone. In 2019, the company reportedly failed to notify 4,545 customers affected by the breach at the time. The ramifications, it seems, will continue for years.

Companies can help employees protect themselves from these types of common attacks. They can provide training and education on what to look out for when it comes to phishing schemes. Individuals need also be diligent when it comes to unexpected emails or communications.

generally, businesses are at a high risk of fraud due to a variety of factors. including large amounts of operating cash multiple. online users and regular patterns of electronic and check payments, specifically which can be targeted by account takeover or business email compromise scams.

See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world avoiding phishing or any attack to your company, shall we talk?

 

Source:
(1) consumer.ftc.gov
(2) Dark Reading
(3) TechNews

Picture: <a href=’https://www.freepik.es/fotos/personas’>Foto de Personas creado por rawpixel.com – www.freepik.es</a>

Reinventar la ciberseguridad: predicciones de Gartner

Reinventar la ciberseguridad: predicciones de Gartner

por | Nov 17, 2021 | Ciberseguridad, Recursos, Soffid

The deeper we foray into the Internet Age, the more organizations turn to AI to raise our productivity, improve sales, or enhance our experiences. Now, they are also turning to it to shore up their defenses against the crime that inevitably follows.

As traditional company barriers broke down, and remote working became the norm, the threat landscape rapidly changed, bringing cybersecurity to centre stage for every digital organisation.

To be resilient in this hybrid working paradigm, businesses need to react to this evolved landscape as threats continue to grow both in size and complexity. Threats now exist both from within and externally, from individuals, cybercrime organisations and even nation states. The existing norms of securing organisational IT will not stand to test in this new reality.

Enterprises and business composability

Enterprises that employed «business composability» were more likely to succeed during the volatility caused by the pandemic, according to Gartner. That volatility is here to stay, so now is the time to get ready for it.

Nearly two years after a massive disruption hit enterprises, a few lessons are evident.
Some organizations quickly adapted to the circumstances, recognized the opportunities available, and acted to capitalize on them. Other organizations were caught unprepared for the unexpected and struggled to keep going. Then, some of them shut down.

What separated the successful organizations from that subsisted or didn’t make it at all?.
Basically, one factor might be what Gartner is calling “business composability,” or “the mindset, technologies, and a set of operating capabilities that enable organizations to innovate and adapt quickly to changing business needs.” However this composability was a major heme at the Gartner IT Symposium/Xpo Americas, and Gartner is promoting the concept of business composability.

“Business composability is an antidote to volatility,” says Monika Sinha, research VP at Gartner,. “Sixty-three percent of CIOs at organizations with high composability reported superior business performance, compared with peers or competitors. Also, they are better able to pursue new value streams through technology, too.”

Sinha compares the concept of composability to the way toy Legos work. She told InformationWeek in an interview that composability is about creating flexible and adaptive organizations with departments that can be re-arranged to create new value streams. So, she says organizations should target the following three domains of business composability:

1. Composable thinking

“This is the ability to be dynamic in your thinking as an organization,” Sinha says.
This kind of thinking recognizes that business conditions often change, and it empowers the teams closest to the action to respond. “Traditional business thinking views change as a risk, while composable thinking is the means to master the risk of accelerating change and to create new business value.”

2. Composable business architecture

This is the ability of organizations to create dynamic ways of working, Sinha says. For instance, during the pandemic, some retailers were able to pivot quickly to providing curbside pickup, and some healthcare providers.

“Organizations looked at different types of models in terms of delivery,” she says. “In these types of organizations, it is really about creating ‘agile’ at scale, and agile types of working in the organization.”

Sinha notes that digital business initiatives fail when business leaders commission projects from IT and then shirk accountability for results, treating it as another IT project.
“High-composability enterprises embrace distributed accountability for digital outcomes, reflecting a shift that most CIOs have been trying to make for several years.
Also create multidisciplinary teams that blend business and IT units to drive business results,” Sinha says.

3. Composable technology

Generally, This is the IT architecture or technology stack, says Sinha. Technology is a catalyst for business transformation and thinking, furthermore, developing a flexible and modular technology architecture enables bringing together the parts needed to support transformation.

Distributed cloud and artificial intelligence are the two main technologies that a majority of high-composability enterprises have already deployed or plan to deploy in 2022, according to Gartner’s CIO Agenda survey. Gartner notes that these technologies are a catalyst for business composability because they enable modular technology capabilities.

Tech investments for 2022

Another major technology at the top of the list of planned investments for 2022 is cyber and information security, with 66% of respondents saying they expect to increase associated investments in the next year.

“Many organizations were dabbling with composability before the pandemic,” Sinha says. “What we saw was that those that were composable came out ahead after the pandemic. The pandemic highlighted the importance and the value of composability.”

Now, as many organizations look to find what is the “new normal”. It’s important to understand that there may not actually be one.

“This type of volatility is here to stay,” Sinha said. Now is the time to “leverage technology as a catalyst for creating more composable businesses.”

sources:
(1) Informationweek
(2) technologyrecord.com
(3) Business Insider

Picture: <a href=’https://www.freepik.es/fotos/tecnologia’>Foto de Tecnología creado por rawpixel.com – www.freepik.es</a>

Retos de seguridad e identidad más comunes a los que se enfrentan las empresas hoy

Retos de seguridad e identidad más comunes a los que se enfrentan las empresas hoy

por | Nov 10, 2021 | Sin Categoria

Security and identity challenges

multinational organisations

Managing identities and access entitlements is becoming increasingly challenging in a rapidly changing business, regulatory and IT environment, but those challenges are compounded for multinational organisations due to the distributed nature of their operations.

Identity and access management (IAM) is especially challenging for multinational companies that need to manage the identities of employees, partners, customers, consumers and devices wherever the company does business, while also complying with a range of data security and privacy regulations.

The domain of Identity and Access Management (IAM) has evolved over the past two decades. In the beginning, its primary purpose was to meet simple authentication requirements. As the adoption of IAM solutions increased across multiple industries, the need to meet several other requirements became apparent: service password management, single sign-on, multifactor authentication, entitlements, role engineering, authorization, life cycle management, access certification and more.

The accelerated shift to work-from-home

Due to the pandemic also means that SMBs are now more prone to cyberattacks, and the solutions that cater to organizations of all sizes are scant. The landscape of IAM is only becoming more convoluted and straying further away from simple and holistic security.

Converged IAM is one solution to this predicament. An IAM product that converges full suite of access management, authentication, authorization, IGA, PAM and risk analytics solutions in one platform can empower organizations to mature their overall security posture quickly, support identification of indicators of compromises (IOC) proactively and strengthen external as well as internal security maturity. It can also increase employee productivity with daily application usage, password management, single sign-on, access requests, approvals, reviews and more.

The future of IAM

Is not in fragments of different niches stitched together to cover various functionalities. It is in providing a single platform to meet all the IAM demands of today’s digital landscape that is constantly being encroached by threat actors.

Within the broader IAM challenge, there are several other specific challenges facing multinational organisations, often related to the fact that IAM is run differently in each region or location where the company operates. These specific challenges include:

  • Being able to deal with customers and employees with identities originally registered in one geography using their identities to access services and systems in another geography.
  • Delivering IAM services using different IAM technology stacks, processes, operating models and maturity levels across different company locations.
  • Supporting different languages in the different countries where the company operates.
  • Ensuring fast time to market for products and services requiring consistent IAM for employees, partners and customers in response to market needs and opportunities.
  • Enabling fast, simultaneous rollouts for new applications to new markets.
  • Standardisation and automation to reduce costs and risk of in-house solutions.
  • Built-in support for the internet of things (IoT), DevOps models and local DevOps teams.
  • Retaining control of infrastructure, changes, deployments and interfaces.
  • Complying with specific regional and local regulatory requirements in addition to global regulatory requirements in terms of data protection, information security, product safety and quality assurance, export regulation and financial regulation.

Identity and access management is a very common element to regulations, with each type of regulation often setting some requirements for managing IDs, onboarding, identification of customers, authentication, access control and access governance.

To deal with these regulations

Multinational companies need a strong IAM that is flexible enough to be strong in some regions, but more relaxed in others.

On the digital era, the most significant trend is towards the provision and consumption. Of all IT as cloud-based services, including IAM. As a growing number of workloads and IT services move to the cloud. It makes sense to move IAM to the cloud as well. Moving IAM to the cloud helps avoid the integration, management and licensing complexity of hybrid. IT environments where some workloads run on-premise while others run in parallel in the cloud.

However, cloud-based IAM services will still need to support hybrid IT. Environments for the foreseeable future and at the same time. Will need to evolve to include support not only for employees. But also for business partners, customers, consumers and non-human entities that have identities that need to be managed. Such as internet-connected devices that make up the internet of things.

Identity-as-a-service (IDaaS) solutions have appeared on the market in recent years, in line with the as-a-service trend. These IDaaS solutions offer several key benefits that could help multinational organisations. To tackle the challenge of running a global IAM service.

Since first appearing on the market

IDaaS offerings have gradually matured to include identity management. Entitlement management, authentication and authorisation, which are the key components of IAM. Adding the depth required by modern enterprises to reduce security and compliance risk.

The IDaaS market has registered significant growth in the past few years. Because of the ability of IDaaS to enable organisations to:

  • Achieve better time-to-value proposition over on-premise IAM deployments.
  • Extend IAM capabilities to meet the security requirements of growing software as a service (SaaS).
  • Adopt global IAM standards and practices with access to industry expertise.
  • Reduce internal IAM costs and efforts to keep up with the market trends.
  • Limit internal IAM failures in project delivery and ongoing operations.

However, moving enterprise workloads to the cloud is a long-term journey for most enterprises. Similarly, moving from on-premises IAM to IDaaS services, while at the same time providing end-to-end. Support for IAM capabilities across all target systems, regardless of their deployment model, is also a multi-step journey.

 

Fuentes:
(1) Computerweekly
(2) Forbes – multinational organisations

Imagen: <a href=’https://www.freepik.es/fotos/tecnologia’>Foto de Tecnología creada por rawpixel.com – www.freepik.es</a>

Nuevos retos actuales a los que se enfrentan los CIOs

Nuevos retos actuales a los que se enfrentan los CIOs

por | Oct 14, 2021 | Ciberseguridad, Soffid

Nowadays, CIOs are focusing on business outcomes, agility, and improving customer experience through technology. While at the same, streamlining backend operations with automation is becoming one of the primary focus areas of technology leaders. Despite this pressing need for digitization in the organization, around 79% of them are still in the early stages of technology transformation, according to Mckinsey. It is due to critical issues related to legacy system barriers such as integration, security, etc., in today’s landscape. So, there is a need to create an environment to provide holistic accessibility to emerging technologies.

The top challenges faced by CIOs in 2021 are as follows:

  1. Digital Transformation has been evolving slowly. 45% of executives don’t think their company has the right technology to implement a digital transformation. But COVID-19 has forced many organizations to re-examine the pace of their digital transformation initiatives. 35% of companies view digital technology as disruptive to their business model.
  2. As data becomes more distributed, integrating a large volume of data from different sources in disparate formats on the legacy system is a roadblock. While 97% of organizations planning to undertake digital transformation initiatives, integration challenges hinder efforts for 84% of organizations. So, the CIOs priority in 2021 is how to extract powerful insights by removing the barriers around the data and make data accessible.
  3. Over the last few years, there has been a massive growth and adoption of new technologies such as AI/ML, data science, etc, across the businesses. As a result, there is a shortage of required skillsets in an organization. According to Forrester, while 75% of businesses have a digital strategy, only 16% claim to have the skills to deliver it.
  4. The inability of legacy systems to keep up with the business demands because of exorable growth in data and the inability to manage multiple data formats across legacy storage platforms. So, CIOs must make a considered choice for modern data platforms that allows integrating multiple datasets from a variety of sources and create a single view of the data.
  5. Manual processes and workflows are no longer feasible for many organizations. Automation initiatives that used to put on the back burner are now quickly spun up. CIOs need to start thinking of automation as a liberator of their people rather than as an executioner freeing employee from repetitive tasks to focus on higher productive tasks.
  6. As CIOs are constantly addressing new and developing business challenges, there is a need to adopt emerging technologies such as AI/ML and IoT to compete and stay ahead of the evolutionary curve. As we enter 2021, we must look beyond the latest trends and develop a mindset that enables them to identify a problem that is looking for an answer.
  7. Fostering innovation is one of the priorities of CIOs today. But keeping up with the business demand with existing resources has become a challenge. For CIOs to keep up with business demands, new technologies and processes need to be implemented. Innovation can’t happen if there is a massive backlog of business requests in an organization.
  8. Addressing Evolving Security Threats. As technology advances so too do the methods of exploiting it for nefarious reasons. Hackers have existed if tech has existed, but in recent years their tactics have evolved and show no sign of slowing. In 2021 two of the biggest security challenges CTOs will face are phishing and ransomware. Although phishing is not a new hacking tactic, how it is carried out has evolved. Scammers now use SMS and phone calls to impersonate reputable sources and trick consumers into divulging sensitive information. To combat this, IT leaders must re-think their credential management and foster a strong sense of security awareness across their organization.
  9.  Increased Investment in Edge Computing. Data growth outside of the data center is a new reality for most organizations. These days enormous quantities of data are being generated from remote branches, mobile devices, and IoT smart devices. By 2025, Gartner1 estimates that 75% of enterprise data will be generated and utilized outside of the data center. The need to deploy computing power and storage capabilities at the network’s edge will pose a great challenge to CTOs & CIOs in 2021 and beyond.
  10. Maintaining Data Privacy & Governance. Although data can be an incredible source of useful insight, the risk that comes with handling it poorly can make it a toxic burden that opens your organization up to penalties, fines, or worse. In 2021 California’s Consumer Privacy Act (CCPA), which is generally seen as “GDPR light,” goes into effect, and many other states will likely follow suit. Strict data privacy regulations are quickly becoming the norm, making data security and governance one of the most pressing challenges for IT leaders.It thus becomes indispensable for you to learn how to lead the new normal.
  11. Providing a Perfect CX. Digital customer experience is the new battlefield for staying competitive, and the responsibility of delivering a seamless CX falls squarely on IT leaders.

 

Security issues

One of the biggest tech-related challenges inherent with shifting to a hybrid work model is, without a doubt, security. When work happens within the office, CIOs have a certain level of control over security. They can set specific parameters to keep their networks, data, and sensitive customer and employee information secure. For example, they can restrict access to certain websites or applications, or require two-factor authentication to access certain files or information.

But there’s much less of that control when employees are working remotely. That’s why remote work can pose a much larger security risk than having your team contained to your office. For example, employees generally have less secure Wi-Fi connections when working remotely.

It’s also more difficult to monitor, control, or put safeguards around your employees’ internet usage when they’re working out of the office and/or on their own device—which, depending on their behavior, can add more risk to the companY.

There’s no denying that security is a risk when shifting to a hybrid work model. But CIOs can counteract those risks with effective employee training. If you’re concerned about cybersecurity for your hybrid team, make sure you’re training employees on how they can keep their devices and networks safe and secure when they’re working remotely. For example, you might create a “best practices” training that goes over the basics of cybersecurity, the do’s and don’ts of how to stay secure when working remotely, and some of the most common security issues employees need to be aware of.

 

Resources:
(1) Gatner
(2) Mckinsey
(3) cioinsight.com

Picture: <a href=’https://www.freepik.es/fotos/cuadrado’>Foto de Cuadrado creado por rawpixel.com – www.freepik.es</a>

Cómo exponer a la gerencia el valor de la seguridad de la información

Cómo exponer a la gerencia el valor de la seguridad de la información

por | Oct 14, 2021 | Ciberseguridad, Soffid

Exposing management to the value of information security

Cyber security

Cyber security has always been an unsought goods like, insurance, which is useful only when something bad happens. And It’s always been challenging for security leaders to communicate the value of cybersecurity investments to board and peers. Furthermore, everyone in an organization has their own perspective when it comes to cyber security. That’s partly why security professionals find it difficult to convince management for budget approval.

The value of cybersecurity should be crystal clear to life sciences and health care boards and leadership. Cybersecurity attacks and data breaches seem to be in the headlines almost daily, and sobering statistics are everywhere.

Security leaders

Like data breaches, service disruptions and loss of customers. They need to justify security investment and acquire budget to protect organizations from the growing. List of threats that could impact the future of the business.

Then there’s the problem of speaking a different language. Over time it can be observed that cybersecurity metrics are often communicated in complex ways. Technical language that is difficult for the CEO or other business functions to understand. But translating cyber risk into business risk has never been more important. As many organizations face significant budget cuts amid COVID-19.

A comprehensive cybersecurity program is a business-critical function. With three tips, CIOs and CISOs can better communicate cybersecurity. additionally ROI by stressing why these programs are a must-have for their organizations. Demonstrating the business value of security solutions and building a strong security culture.

Cybersecurity should not be treated as a siloed department, but rather an integrated part of overall business functions. One way to communicate the far-reaching value of a cybersecurity strategy is to walk leadership through the consequences of a data breach — loss of customers, data, revenue, intellectual property and more — as these consequences directly affect a business’s bottom line. By connecting the dots for non-IT executives, they’ll be able to better acknowledge the importance of strong security practices.

Create a Positive Security Culture

Engaging the whole organization to help them understand the value of a cybersecurity program is not easy. Technical risks are often difficult to translate across departments. Meanwhile, policies and procedures that ensure good security habits can be seen as an impediment to employee productivity.

This is why a positive security culture is so important. By using techniques like gamification, positive reinforcement, or interactive content like videos and podcasts to promote security practices, CISOs can engage fellow employees and get more buy-in from executives. These strategies help everyone, regardless of department or level of seniority, understand the risks and responsibilities regarding security and how each employee plays a crucial role.

One major benefit of a positive security culture is that it creates in-house evangelists who can demonstrate the value of cybersecurity. It will also empower security-aware employees to become the organization’s greatest cybersecurity asset. Simple human error causes the majority of security breaches.

Ultimately, communicating the value of cybersecurity depends on translating cyber risk into business risk, and making security a guiding principle for your larger organization. With risks and challenges related to remote working becoming the new normal for many organizations, it’s critical that IT leaders engage all employees in shared cybersecurity awareness.

 

Situations are changing

Cyber securityas boards and management are understanding the importance of security. Now it’s the security leader’s responsibility to communicate the importance of cyber security effectively. This has become very important during the pandemic when huge risks of cyber breaches. Many things are coming and this is causing organizations to cut costs due to the business slowdown in order to survive the pandemic.

Communicating the value (and necessity) of cybersecurity measures to your larger organization isn’t easy. We know that not only are technical risks difficult to transfer across departments, but also that policies and procedures can often be seen as an obstacle to employee productivity.

But, if you can engage with the larger organization and create a positive security culture, you’ll have a better chance of getting buy-in from C-level executives. How?

More and more, CISOs are relying on gamification, positive reinforcement, and interactive content like videos and podcasts to promote their strategies.No matter what the method or medium, it is best that the risks and responsibilities – upon which the entire organization rests – are communicated in a way that everyone, regardless of department or level of seniority, can understand.

The benefits of this are two-fold. Not only will you demonstrate the value of cybersecurity via in-house evangelists, but you’ll also empower security-aware employees to become your biggest cybersecurity asset.

 

Resources:
(1) Gartner
(2) KPMG
(3) security Tech

Picture: <a href=’https://www.freepik.es/fotos/icono’>Foto de Icono creado por 8photo – www.freepik.es</a>