Vulnerabilities in internet services can be found every year, especially if they are popular, since there will be more eyes on them trying to attack.
For example, a vulnerability was discovered in one of the Apache modules, software used to host numerous websites around the world, and that could be exploited; that is, if a user had the "vulnerable" module installed, he could be a victim of code execution. On the other hand, a vulnerability was discovered in Windows 11 that allowed attackers to gain administrator access and perform any activity on computers.
For their part, people are becoming aware of the importance of cybersecurity. According to a Mastercard study, 87% of Latin American consumers are aware that they may be victims of cyberattacks, 75% have been victims and 70% have taken measures to protect themselves.
Cyberattacks become a problem when many users can be affected.
Therefore, today we share this article with you to teach you how to deal with cybersecurity threats.
What will you find in this article?
Cybersecurity today
#1. Reduce exposure area
#2. Process automation
#3. Convey cybersecurity as something positive
#4. Anti-fragile models
#5. Technologies, people and processes
Final reflections: What is the evolution that we propose?
Want to hear the full interview? Haz click aquí
Organizations, as well as the cybersecurity function itself, are transforming. And when we talk about this transformation, it is supported by three fundamental elements:
The first tip is to upload as few applications as possible to the Internet.
If your company needs a public-facing application, make it available on the Internet. If it is an application that must be seen by your employees or suppliers, do not put it on the Internet; instead, keep it “in house”.
This way, when a vulnerability is discovered, they are more likely to try to attack it from outside your “house”.
Process automation is evolving in an interesting way, although it must be taken into account that it has been the workhorse of cybersecurity for the last two years.
To make activities more efficient, deploy solutions that help automate repetitive procedures. For example:
Attention processes.
Response processes.
Incidents.
User creation.
Privilege control.
In general, tasks need to be completed on a daily basis.
As a result, people can focus on more important issues such as decision-making, research, and reflection on how to improve cybersecurity.
Our executives frequently state in meetings that they don't know about cybersecurity issues, yet they are presented with projects that they must panic to approve, and they don't know if it's going to create a benefit or if it's going to work.
Consequently, the aspect that calls our attention is that we must begin to turn the message of cybersecurity into something positive. At A3Sec we consider it as a tool that helps to recover losses.
We like to use Formula 1 racing as an example. In a Formula 1 car, what do you think the brakes are for?
Whoever has the best brakes will give the fastest lap. The same can be said of cybersecurity; a competent approach will help you achieve your business goals.
The establishment of cybersecurity models that are resilient has been discussed, however, in A3Sec we change the paradigm from resilient models to anti-fragile ones.
Imagine an elastic that has been stretched; after releasing one of its sides, it will return to its original state. The concept of a resilient model is the same: if we are attacked, we will rise again, but we will continue to be the same, with the same techniques and we will continue to be vulnerable.
An antifragile approach, on the other hand, encourages us to constantly evolve.
It's okay to have failures, incidents and know how to manage chaos; the essential thing is to learn from them and improve our security model instead of repeating the same mistakes. It is changing the security paradigm, presenting an adaptive security model in which we evolve when there is an error or failure.
The three fundamental aspects are technology, people and procedures.
However, people believe that as technology advances, people will become less useful; nothing is further from reality.
The combination of these three elements will gain strength. On the contrary, it will increase your effectiveness, and each component will expand your capabilities.
Although the terms are becoming more complicated, cybersecurity controls are the same ones that have worked for years and continue to evolve. The message is to dig in, understand the requirements and scope of work, and assess the cost-effectiveness of replacing old constraints with new technology.
At A3Sec, we believe that data-driven decision-making is the best way to go. Companies are getting it, and they are focusing their transformation efforts on data. To do this, you must:
It can help you with the last point if you have a clear asset inventory, understand the assets you need to secure, and validate their vulnerability status.
To get started, identify use cases or attack indicators. To do this, you will have to design a strategy to detect these dangers. Next, find out what's going on and if it's critical.
Finally, you have to learn to recognize the unknown. Although it is true that you do not know what the attackers' strategies and/or tactics are, you can capture unusual situations.
At A3Sec we divide this information into four categories:
Now it's your turn, has your company been the victim of a cyberattack? What prevention measures do you use?