Mycena theme MyCena, Author at MyCena® - Page 23 of 43
BLOG
Read our blog articles, product news and announcements.

by Julia O'Toole, Founder and CEO of MyCena Security Solutions

The use of centralized access has led to a spiraling underground market of stealing, buying and selling legitimate credentials weaponizedfor ransomware and supply chain attacks. MyCena has now developed a unique decentralized access solution, segmenting the risks, stopping the stealing of credentials and preventing devastating ransomware attacks.

[London, 14th September 2021]

The exponential rise of ransomware attacks

Access security has always been the weakest link in the digital revolution. Today 89% of breaches are still linked with weak, reused or stolen passwords (Verizon, 2021). To get around the problem of remembering many passwords, companies have used centralised access solutions like SSO (Single Sign-on), IAM, PAM and password managers. But these solutions are a double-edged sword, allowing both legitimate users and criminals to log in only once to open all systems at the same time. The ease of implementation of ransomware and supply chain attacks from legitimate credentials alongside the quick wins have fostered a thriving underground market of theft, buying and selling of credentials.

From its inception, the centralized access model contradicts the most fundamental security principle, which is to not put all your eggs in the same basket so they don’t all get crushed at the same time. Here from a single access, criminals can impersonate employees, penetrate a network, move laterally, escalate privilege, take over an admin account and the entire company network, encrypt files and demand a ransom. Centralized auto-fill systems also propagate ransomware. Within days of a breach, one hacked company can infect thousands of other third parties in a software supply chain ransomware attack like the one we saw at Kaseya.

The return on investment of such operations has been so great it fostered the flourishing of a Ransomware-as-a-Service ecosystem of global suppliers, partners, resellers and affiliates. This allows smaller operators to hire sophisticated weapons developed by nation-state actors to launch widespread random cyberattacks for profit.

On the targeted company side, no matter how advanced your 2FA, anti-virus, detection or remediation solutions are, they can only play catch up to cybercriminals’ innovations. By the time an update goes live, new variants are already in circulation, running unnoticed. This lagging security position is further weakened by the absence of visibility at the single access point. Companies have no idea and can't control if the single password used by their employees to access their systems is weak, reused, shared, or stolen. If the identity of a real employee has been stolen and used to connect to the network, companies will only find out when an actual incident has broken out, and investigations are made back to the original breach point.

How MyCena solves the problem

Going back to the fundamental principle of security of not putting all your eggs in the same basket, MyCena has taken the completely opposite approach to centralized access.

MyCena is a European company founded in 2016, specialising in credentials security. MyCena has developed a unique system of security, control and management for decentralised credentials. More than a state-of-the-art technology, MyCena’s patented system includes a comprehensive cyberresilience strategy, automating system segmentation, creating unique and strong passwords per system per user, distributing encrypted credentials to the right users in real time, providing credentials decentralization and protection, auto-filling encrypted passwords into specific systems, recording credentials events, and removing the human risks of error, fraud and phishing by eliminating the need for people to create, memorize, type or see passwords.

No centralized access =  no ransomware

Whereas centralized access exposes companies to ransomware, MyCena decentralized access means there is no single point of access from where criminals can infect the whole network. Every system has a strong unique password. To access that system, you need that password.

Only the user can pull and access their own encrypted passwords in their local device using a combination of token, security questions, PIN, lock pattern and passphrase. Credentials are stored in three different levels of security, Bronze, Silver and Gold, depending on their level of importance. Users do not need to open Silver or Gold level if they only need a Bronze level password. Once a user accesses a specific credential, the user can auto-fill the right address using encrypted password transportation. Only one credential is accessed and filled at a time, keeping the other credentials untouched.

“The explosion of ransomware didn’t happen in a vacuum. Centralized access created the perfect environment for rapid network contamination and ransomware attacks. To reverse the situation, we need to go back to what we know in the physical world: one door, one key. Now if a credential is stolen in a third-party breach, MyCena prevents all others credentials from being exposed.” Julia O'Toole, founder and CEO of MyCena Security Solutions, explains.

By taking back control and automating access security, companies eliminate their exposure to weak and reused employees’ passwords, while removing the human risks of password sharing and phishing with bad actors.

With no passwords to remember, companies also eliminate password reset costs and downtime, achieving substantial cost savings while boosting employee productivity.

For incident tracing purposes, companies also have real time company-wide records of who has accessed which credential when, facilitating audits and investigations.

The main benefits of MyCena are

  • • Best access control and management system to protect the whole company from cyberattacks and ransomware.
  • • Better cyber-resilience: three levels of security for different credentials, no phishing, no fraud, no SPOF (single point of failure), no mass infection, no ransomware.
  • • Better productivity: save IT support costs + reduce absenteeism (no password to know).
  • • Protect value of trade secrets, proprietary and personal data
  • • Prevent ransomware payments and reduce costs of cyber-insurance policy
  • • Compliance with law to avoid GDPR, LGPD fines.
  • • No infrastructure change, fast implementation, ready-to-use.

Why MyCena marks a turning point in the fight against cyberattacks

Before MyCena, businesses and governments believed it was impossible to stop phishing, ransomware and supply-chain attacks.  Unable to ever close the technology gap as cybercriminals always stay ahead with innovation, cybersecurity was expensive yet couldn’t prevent a single breach from spreading like wildfire. MyCena puts an end to this sustained widespread risk. Using a decentralized architecture to automatically contain any emerging fire, companies and governments no longer have to accept phishing, ransomware and supply-chain attacks as a fact of life. Finally, people can trust the cyber-resilience of their digital infrastructure.

MyCena Security Solutions is a market leader in decentralised credentials management. Founded in 2016, it was developed as an alternative to “all-in” centralized access solutions. For press and partnerships enquiries, please contact:

Contact Name: Nivancir Naville

Email address: info@mycena.co

Website: www.mycena.co

The World Bank and its associated partners have announced a Cybersecurity Multi-Donor Trust Fund. As part of its Digital Development Partnership umbrella programme, the fund will help low and medium-income countries to improve their services across finance, health, education and agriculture. Boutheina Guermazi, Director of the World Bank’s Digital Development Global Practice, said: “COVID-19 has highlighted the vital role digital technologies and applications play in a resilient development agenda.”

Hackers could access more than 83 million smart devices, including baby monitors, thanks to a critical vulnerability. The US Cybersecurity and Infrastructure Security Agency warned that hackers could listen to and watch live audio and video feeds. Evidence so far suggests the vulnerability affects both default and non-default passwords. The problem has been linked to a software protocol called Kalay, run by ThroughTek. The company advised consumers to update their software.

In a startling new cybersecurity development, LED bulbs are being used to tap into conversations up to 100 feet away. As a ‘passive attack’ method, this hack involves recovering sound by analysing ‘optical emanations’ from a device’s LED power indicator.  These minute variations are caused by voltage changes to speakers, indicating differences in sound. In hacker circles, the method is known as a ‘Glow-worm spy attack’.

Ministers and civil servants are being advised not to discuss political affairs via Whatsapp, as they could be at risk of hacker targeting. In a letter to Labour, the cabinet secretary Simon Case revealed that new guidance had now been published, calling into question the use of personal phones to discuss governmental matters. In particular, the discussion of Covid contracts was criticised. The letter was issued in May and recommended security techniques such as using two-factor authentication – though this is nowhere near as strong as a decentralised password system.

Experts suggest we need to embrace the concept of a ‘digital identity’ to support the development of fintech and other modern innovations. With tools such as zero knowledge, verifiable credentials and strong authentication, we can now each establish our own digital identity. But some say that enforcing it, for example, using a passport or driving licence to verify the opening of a social media account, is a breach of privacy. Likewise, it does not account for representatives, fan accounts or parody accounts.