Should business leaders embed cybersecurity in their organisation?

photo1

Half the world is currently fighting a pandemic. The new coronavirus has exposed considerable holes in our protective systems, forcing 3.9 million people in 50 countries into confinement and bringing unprecedented losses in its tail.

How did that happen?

First, let’s put the situation in context. Pandemics of this scale were long gone from our living memory. The last one, the Spanish flu, had infected a quarter of the world population and ended almost exactly 100 years ago. We can legitimately not underestimate the surprise factor. This situation is new for everyone.

Could it be avoided?

Some countries had simulated pandemics to prepare for the real ones. But all their preparation was just mitigation. Yes, having a stockpile of masks, ventilators, protective blouses for healthcare workers… absolutely changes how you respond to the crisis. And prepared countries can dramatically reduce the spread of infections, help more people survive and rebound faster economically.

But mitigation alone cannot be the only strategy, just as extinguishing fires cannot be the only strategy to prevent massive fires. In France, the forest regulation limits the spread and damage of any new fire by forcing people to reduce the size of tree clusters near their homes. It is a far more efficient and cost-effective strategy than waiting for them to become large then try to extinguish them, especially in regions where wildfires are a known recurring plea.

How does it apply to cybersecurity?

In cybersecurity, this logic would translate into reducing the size of clusters of systems and data that can be accessed through the same door. At the moment, the two leading practices in most organizations have the same effect. People either centralize systems and data access at one point, through a login and password or biometric. Or they use similar credentials to access all your systems or data (which means if a hacker gets one of your systems credentials, they can reuse them for others). Both practices lead to the same result: a very high risk that the whole organisation and third parties get infected from one breach.

As with wildfires or biological pandemics, investigating and patching a cybersecurity breach will always be less effective than preventing a virus from massively spreading in the first place. As 81% of all breaches start with an intrusion through passwords, any cybersecurity plan should therefore start with reducing the size of clusters, making all accesses independent and decentralising credentials.

How to build a strong and secure access architecture?

A secure access architecture is based upon strong unique and independent credentials for all systems, networks, applications, databases and devices inside the organisation. By reducing the size of clusters that can be accessed through any credential, organisations can dramatically reduce the size of breaches when they happen, stop virus from spreading far and wide into their systems and that of third parties.

That strategy implies putting users front and center of your cybersecurity strategy. Just like with COVID-19, getting people to practice social distancing, self-isolate when they have symptoms and wash their hands is far more effective to stop the virus from spreading than only monitoring them. And as with fires or viruses, you need rules and tools to help people protect themselves, inside and outside the organization.

But aren’t cybersecurity solutions complicated and expensive?

Most cybersecurity solutions are indeed long and expensive to implement. But you can now leverage a well-architected solution that is simple to deploy, easy to use and very competitive to cover over 80% of your cyber risks. And the good news is you can start doing it today.

Next time you see someone typing a password, think about its potential consequences for your organisation and your ecosystem. Why not embed cybersecurity in your organisation by including your users in your strategy instead?

Don’t know where to start? Get a free assessment on your credentials security level here or contact us at info@mycena.com

5 questions to determine your password security level

photo5

With the ongoing risk of coronavirus and the need to secure all their networks remotely, the challenges facing IT systems admins, CISOs and CIOs are ramping up. Hackers have already upped  cyber-attacks by 30% since the crisis, with many shamefully going after the healthcare sector and jeopardising their mission to save lives. If you work on the frontline of protecting people and critical infrastructure, take this 5-point questionnaire to determine which password security level they need now.

Experts share tips on how to work from home safely

photo4

With the forthcoming surge in remote working, cybersecurity experts have warned staff members that accessing company files from home may pose a security threat. European cybersecurity agency ENISA has advised that workers should never acknowledge any emails asking them to change their login details. In addition, they should review their Wi-Fi connections to make sure they are secure, and check all security or antivirus software is up to date, including a reliable backup plan. 

Virtual events and online education named key targets

photo3

Another casualty of the global coronavirus outbreak is the digital alternatives to holding mass gatherings, research has revealed. As large companies like Google move their world-famous conferences to online alternatives, attendees are warned against hacking attempts. Unfortunately, the case is not limited to events – online education is also taking a hit. Schools are particularly concerned around the security and data issues related to student examinations.  

Precautions, tax refunds and fake donations

photo2

The BBC has released of the most common form of phishing attacks relating to the coronavirus. The most common invites users to click through for a cure, including supposed emails from the World Health Organisation itself. Other themes include tax rebates in light of changes to working conditions, while others are playing on people’s charitable spirit and asking for donations. If in doubt, do not open these emails.

New COVID-19 themed spam to hit

photo1

Intelligence agencies have warned internet users that a new wave of cyber-attacks are to hit in wake of the coronavirus outbreak. The National Cyber Security Centre has warned of fake emails from supposed health authorities, designed to capitalise on people’s fears around the virus. The emails usually contain links to bogus advice. The NCSC said: “Individuals in the UK have been targeted by these coronavirus-themed phishing emails, with infected attachments containing fictitious ‘safety measures’.”

Critical infrastructure named as biggest threat from hackers

1

A cybersecurity expert has warned of the latest trends in cyber-attacks, with a particular focus on critical infrastructure. Broadly defined as systems that “uphold the needs of society”, these can relate to energy, telecoms, pharmaceuticals and finances. Dave Weinstein, CSO at Claroty, says: “Techniques like password spraying and spearphishing are hardly new to the cyber threat landscape, but their use against critical infrastructure organisations, particularly in North America, suggest a concerted effort among select groups to gain access to these hardened targets.”

Cyber insurance rates hike in wake of new attacks

photo2

The increase in cybersecurity attacks has led insurance firms to increase their premiums by up to 25%, according to a new report from Reuters.  In particular, ransomware attacks are said to be causing the hikes, primarily because they cost so much to recover from. Insurers often have to pay out not just for the ransom price, but for the cost of restoring systems too. Malwarebytes Labs warned the attacks were getting “more sophisticated”.

Council goes back to traditional methods after hack

photo3

A UK council has resorted to ‘pen and paper’ methods after it became the victim of a ransomware attack. Redcar and Cleveland Borough Council said its IT servers were under attack, with more than 135,000 residents unable to access crucial online services. The council was threatened with a Bitcoin ransom, and has had to resort to pen and paper methods to operate vital functions like taking council tax payments.

Are you familiar with ‘smishing’?

photo4

Another day, another new cybersecurity threat: this time we’re facing smishing, the latest attack to affect mobile devices. Smishing is similar to phishing, where emails pose as legitimate senders and encourage readers to open links. With smishing, the attack comes in the form of an SMS message. Mobile users are warned to look out for business names rather than phone numbers, as well as aggressive language like “urgent!” or “reply now!”