by Julia O'Toole, Founder and CEO of MyCena Security Solutions
The use of centralized access has led to a spiraling underground market of stealing, buying and selling legitimate credentials weaponizedfor ransomware and supply chain attacks. MyCena has now developed a unique decentralized access solution, segmenting the risks, stopping the stealing of credentials and preventing devastating ransomware attacks.
[London, 14th September 2021]
The exponential rise of ransomware attacks
Access security has always been the weakest link in the digital revolution. Today 89% of breaches are still linked with weak, reused or stolen passwords (Verizon, 2021). To get around the problem of remembering many passwords, companies have used centralised access solutions like SSO (Single Sign-on), IAM, PAM and password managers. But these solutions are a double-edged sword, allowing both legitimate users and criminals to log in only once to open all systems at the same time. The ease of implementation of ransomware and supply chain attacks from legitimate credentials alongside the quick wins have fostered a thriving underground market of theft, buying and selling of credentials.
From its inception, the centralized access model contradicts the most fundamental security principle, which is to not put all your eggs in the same basket so they don’t all get crushed at the same time. Here from a single access, criminals can impersonate employees, penetrate a network, move laterally, escalate privilege, take over an admin account and the entire company network, encrypt files and demand a ransom. Centralized auto-fill systems also propagate ransomware. Within days of a breach, one hacked company can infect thousands of other third parties in a software supply chain ransomware attack like the one we saw at Kaseya.
The return on investment of such operations has been so great it fostered the flourishing of a Ransomware-as-a-Service ecosystem of global suppliers, partners, resellers and affiliates. This allows smaller operators to hire sophisticated weapons developed by nation-state actors to launch widespread random cyberattacks for profit.
On the targeted company side, no matter how advanced your 2FA, anti-virus, detection or remediation solutions are, they can only play catch up to cybercriminals’ innovations. By the time an update goes live, new variants are already in circulation, running unnoticed. This lagging security position is further weakened by the absence of visibility at the single access point. Companies have no idea and can't control if the single password used by their employees to access their systems is weak, reused, shared, or stolen. If the identity of a real employee has been stolen and used to connect to the network, companies will only find out when an actual incident has broken out, and investigations are made back to the original breach point.
How MyCena solves the problem
Going back to the fundamental principle of security of not putting all your eggs in the same basket, MyCena has taken the completely opposite approach to centralized access.
MyCena is a European company founded in 2016, specialising in credentials security. MyCena has developed a unique system of security, control and management for decentralised credentials. More than a state-of-the-art technology, MyCena’s patented system includes a comprehensive cyberresilience strategy, automating system segmentation, creating unique and strong passwords per system per user, distributing encrypted credentials to the right users in real time, providing credentials decentralization and protection, auto-filling encrypted passwords into specific systems, recording credentials events, and removing the human risks of error, fraud and phishing by eliminating the need for people to create, memorize, type or see passwords.
No centralized access = no ransomware
Whereas centralized access exposes companies to ransomware, MyCena decentralized access means there is no single point of access from where criminals can infect the whole network. Every system has a strong unique password. To access that system, you need that password.
Only the user can pull and access their own encrypted passwords in their local device using a combination of token, security questions, PIN, lock pattern and passphrase. Credentials are stored in three different levels of security, Bronze, Silver and Gold, depending on their level of importance. Users do not need to open Silver or Gold level if they only need a Bronze level password. Once a user accesses a specific credential, the user can auto-fill the right address using encrypted password transportation. Only one credential is accessed and filled at a time, keeping the other credentials untouched.
“The explosion of ransomware didn’t happen in a vacuum. Centralized access created the perfect environment for rapid network contamination and ransomware attacks. To reverse the situation, we need to go back to what we know in the physical world: one door, one key. Now if a credential is stolen in a third-party breach, MyCena prevents all others credentials from being exposed.” Julia O'Toole, founder and CEO of MyCena Security Solutions, explains.
By taking back control and automating access security, companies eliminate their exposure to weak and reused employees’ passwords, while removing the human risks of password sharing and phishing with bad actors.
With no passwords to remember, companies also eliminate password reset costs and downtime, achieving substantial cost savings while boosting employee productivity.
For incident tracing purposes, companies also have real time company-wide records of who has accessed which credential when, facilitating audits and investigations.
The main benefits of MyCena are
Why MyCena marks a turning point in the fight against cyberattacks
Before MyCena, businesses and governments believed it was impossible to stop phishing, ransomware and supply-chain attacks. Unable to ever close the technology gap as cybercriminals always stay ahead with innovation, cybersecurity was expensive yet couldn’t prevent a single breach from spreading like wildfire. MyCena puts an end to this sustained widespread risk. Using a decentralized architecture to automatically contain any emerging fire, companies and governments no longer have to accept phishing, ransomware and supply-chain attacks as a fact of life. Finally, people can trust the cyber-resilience of their digital infrastructure.
MyCena Security Solutions is a market leader in decentralised credentials management. Founded in 2016, it was developed as an alternative to “all-in” centralized access solutions. For press and partnerships enquiries, please contact:
Contact Name: Nivancir Naville
Email address: [email protected]