Tag Archives: B2B

How Did Cyberattacks Evolve in 2017?

Cyber​​attacks have never seen such a degree of sophistication in the hands of criminals. Unfortunately, 2017 was a terribly prolific year for ill-intentioned hackers, and though cybersecurity may be evolving, attack techniques are evolving even faster. How will we rise to the challenge going into the new year?

Ransomware, the star of the show

As we analyzed in the PandaLabs Annual Report for 2017, what has become clear is that extortion and cyber hijacking were the main avenues of attack for the year. This past year marked a milestone with the expansion of two major attacks whose names will remain engraved in history: WannaCry and Petya/Goldeneye.

The first was especially impactful. With hundreds of thousands of computers infected and unusable, WannaCry was a global crisis for companies who found themselves blackmailed by cybercriminals. Other important attacks of 2017 related to ransomware were Reyptson, Leakerlocker, Osiris , and WYSIWYE. And the list goes on.

NotPetya, a variant of Goldeneye, had clear political motives aiming to disable critical systems in Ukariane, according to the Ukrainian authorities. It spread exponentially via a security gap in the MeDoc update service, taking advantage of the EternalBlue exploit.

But we shouldn’t lose sight of “traditional” DDoS attacks that continue to be widely used, as well as the proliferation of all types of malware, whose activities can be linked to half of the security breaches suffered this past year.

More attacks and better techniques

Due to the proliferation of “tools” on the black market, attacks have become increasingly sophisticated. The democratization of technology and the rise of open source solutions have provided an incredible opportunity for cybercriminals.

Now, practically anyone can buy specialized malware to perform a ransomware attack for a few hundred dollars on the black market. This was the case of WYSIWYE, an interface for setting up an RDP (Remote Desktop Protocol) attack using brute force to gain access to user credentials. Once inside the network, the tool’s user can encrypt the content and subsequently extort the company for a ransom.

Penetration through the Remote Desktop Protocol (or RDP) has become a very common method of infiltrating systems. In 2017, the Trj/RDPPatcher Trojan was discovered, capable of modifying the Windows registry with the intention of changing the type of validation order of the RDP. It collects system information and connects to the command and control (C&C) server to decide how best to evade control of the system’s antivirus.

The backdoor discovered in the CCleaner software, known as HackCCleaner, which compromised more than two million users before analysts became aware that their application had been infected, is another example of a technically sophisticated and well-organized attack.

A new era in cyberwarfare

As the efficiency of attacks and number of techniques increase, so does the interest of companies, government entities, and home users in maintaining effective cybersecurity practices. New groups of cybercriminals were discovered that take advantage of the increased availability of hacking tools. (See, for example, the case of “Eye Pyramid”, an espionage ring that had broad influence in Italy).

Other criminal organizations choose to obtain consumer information to pirate content. Especially important are the leaks related to large companies and producers such as Netflix or Marvel.

This means that millions of gigabytes of personal data are endangered day after day despite efforts to prevent it. This is the consequence of an increasingly complex and rapidly evolving struggle, where many countries are making important bets on cybersecurity while at the same time the technological fabric stretches to include the Internet of Things (IoT), where connected cars, refrigerators, and an endless cornucopia of other devices will become part of the ever-growing battlefield.

The post How Did Cyberattacks Evolve in 2017? appeared first on Panda Security Mediacenter.

Read More

Key Points to Understanding the Changeover to WPA3

On October 16 of last year, the Wi-Fi Protected Access 2 protocol, known more commonly as the WPA2, fell out of favor after a long tenure as the standard wireless network security protocol. A serious vulnerability was revealed, effectively putting an end to the WPA2 era.

Now, with the new year freshly begun, the Wi-Fi Alliance® has announced a substitute for WPA2. It bears the name of WPA3. The announcement was made at the CES in Las Vegas. What changes will this new protocol bring about? And how will this problem (and its solution) affect businesses and end users?

WPA2 is no longer secure

As Mathy Vanhoef of the Key Reinstallation Attacks (KRACK) group said at the time, a series of errors in the core of the WPA2 protocol can expose Wi-Fi connections to attacks. This means that an attacker could access the network, as well as all traffic between every access point, through a newly discovered exploit.

The group designed a conceptual test demonstrating that breaking the security of WPA2 to access the network is not expensive or complex. This endangers virtually any modern Wi-Fi network, including the vast majority of corporate networks. Since the security breach was made public, several entities, including the Wi-Fi Alliance®, have worked to patch the problem as soon as possible.

What changes will the WPA3 bring?

According to its developers, four new features based on the principles of WPA2 (configuration, authentication, and encryption) will be added to WPA3. One of them will offer more robust protection even when users choose their own passwords and fail to comply with complexity recommendations.

Another feature is that it will simplify the security configuration process for devices that have a limited or no display interface.

A third will help strengthen user privacy in open networks through individualized data encryption. This could be done, according to some experts in the sector, through Opportunistic Wireless Encryption (OWE), a type of encryption without authentication.

Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm Suite (or CNSA) of the National Security Systems Committee, will further protect Wi-Fi networks with higher security requirements, such as those associated with Government, Defense, or industry.

Why is it more secure than WPA2?

WPA2 uses what is known as a four-way handshake, which guarantees that both users and access points use the same password when they join a Wi-Fi network. This same process is used by the exploit to access network traffic. However, WPA3 will use a new type of handshake, which will not be vulnerable to bruteforcing.

That, added to the new 192-bit security suite, in addition to using individualized encryption to secure the connection between each device on the network and the router, makes WPA3 the long-awaited solution. Even before the public appearance of vulnerability.

How does it affect companies?

The fact that WPA and WPA2 are present in virtually all Wi-Fi connections means that the vast majority of companies are affected by a serious vulnerability. Why? Because all existing Wi-Fi connections are susceptible to being accessed and spied on. This can be a critical problem for the company.

This also implies that 41% of Android devices, as reported last October, are vulnerable to a particularly “devastating” variant of the attack that exploits the vulnerability of WPA2. This makes them possible vectors to inject malicious code and perform all types of attacks, including ransomware, so the combination of Android devices plus WPA2 can be potentially harmful to the company’s network.

For the moment, the announcement of WPA3 is already out in the open, and we will soon see a massive adoption of this new protocol. Meanwhile, you can stay vigilant by controlling network traffic and avoiding wireless connections where possible — certainly a tall order in this hyper-connected digital age, but not impossible.

The post Key Points to Understanding the Changeover to WPA3 appeared first on Panda Security Mediacenter.

Read More

Your Company Suffered 130 Security Breaches in 2017

The number of cyberattacks worldwide is growing at a dizzying pace. The latest to come to mind is Bad Rabbit, but there have been many others. This number goes hand in hand with the growing economic impact of cybercrime, as underlined by the recent report of Accenture and Ponemon Institute “2017 Cost of Cybercrime”.

The number of security breaches increased by 27%

Since the beginning of this study, in 2009, the number of cyberattacks has grown year by year. But the pace from 2016 to 2017 has been dramatic: on average, companies were successfully attacked 130 times on average. One of the main reasons for this high number was undoubtedly WannaCry and NotPetya.

The economic consequences of these and other security breaches, and the investment required to combat them, have meant an average cost for companies in excess of 11.7 million dollars.

Time is money

The study notes something that may seem quite obvious: the longer it takes to find a solution, the greater the economic impact of cybercrime. And the bad news is that, in general terms, that time interval is increasing. Although security officers have been able to respond more aggressively to DDoS and web-based attacks (twenty-two and sixteen days respectively), they increasingly need more time to implement mitigating measures for cyberattacks that use malware (fifty-five days vs. forty-nine as of 2016). Malicious software attacks, in particular, were the most costly for companies, reaching 2.4 million dollars.

Five keys to increasing the level of security in your company

The negative effects of a cyberattack can vary widely: data theft, reputation crises, economic losses, irreparable damage to equipment and technical infrastructure, etc. So it is important to take into account a series of measures to increase your company’s level of protection and minimize the impact of cybercrime.

  • Prioritize critical assets: It is unrealistic to think that the company can be one-hundred percent protected. An effective security plan is able to identify which assets are fundamental to the operation of the company and strengthen their defenses.
  • Build awareness with your employees: The protection of the company depends, to a certain extent, on their decisions. Properly your company’s workforce reduces, for example, the risk of suffering a social engineering attack.
  • Implement advanced cybersecurity solutions: These tools allow you to anticipate the malicious behavior of threats and to activate protection systems even before the malware is executed. For example, thanks to the continuous monitoring of all processes and the advanced prevention, detection and remediation capabilities of Panda Adaptive Defense, none of the clients equipped with our solution was affected by Bad Rabbit.
  • Make backups: Your company doesn’t only need backup copies; the data contained in these backups is critical and, therefore, must be protected correctly. Among other measures, these backup copies should only be accessed by those who expressly need it and access passwords should be sufficiently robust.
  • Have a coordinated security strategy: On numerous occasions, cybercrime is a form of organized crime. The defense must also be coordinated and highly organized.

The number of security incidents and the economic impact of cybercrime will continue their upward trend. It’s time to start thinking of cybersecurity as an investment, and not an expense.

The post Your Company Suffered 130 Security Breaches in 2017 appeared first on Panda Security Mediacenter.

Read More

From 1980 to 2018: How We Got to the GDPR

In 1980, the Organization for Economic Cooperation and Development, or OECD, established frameworks to protect privacy and personal data. From then until now, we have experienced several profound changes in legislation, notably the EU Data Protection Directive. Now in 2018, the General Data Protection Regulation, or GDPR, will begin to take on its true value, as May of this year will be when the adaptation period will be over.

The first moves toward a data protection law

The development of the OECD Guidelines, stemming from the need to adapt the already obsolete OEEC, was the first step to committing the thirty-five participating countries to mutual respect and clarity in the transfer of information.

As the importance of the Internet and data grew and became global, the OECD guidelines established the first comprehensive personal data protection system in all its member states.

These guidelines were based on eight principles to ensure that the interested party was notified when their data were collected; that this data was used for the stated purpose and for nothing else; that, in addition, these purposes were defined at the time of collection; that your data would not be disclosed without your consent; that the data record be kept secure; that the interested party be informed of everything; that they could access their data and make corrections; and, finally, that the interested party had at their disposal a method to hold the data recorder accountable for not following said principles.

And then came the data protection framework

In 1995, it was time to update the regulation of personal data and its management. Directive 95/46/EC of the European Union, also known as DPD, or Data Protection Directive, was a step forward that included the eight OECD guidelines and extended the application in a context where privacy was much more important.

But the fundamental change was in the legal section. Specifically, the OECD guidelines consisted of the Council’s recommendations regarding the guidelines that govern the protection of privacy and the cross-border flow of personal data and, therefore, non-binding.

Directive 95/46/EC changed this aspect, providing more concise definitions and specific areas of application. Although the directive itself is not binding for citizens, the member states had to transpose the local directives before 1998. This modification was also intended to create an administrative homogeneity and an equal legal framework for all member states.

Adopting the GDPR

Despite the considerable efforts involved in the implementation of the Data Protection Directive, in just a decade the progress proved to be insufficient. One of the main criticisms of the previous directive was the limited control of the interested parties over their data, which includes their transfer outside the European area.

This directly involves multinationals and large companies that were able to take advantage of the deficient framework of the previous directive for their own interests. To resolve this, in 2016 the adoption of the General Data Protection Regulation, or GDPR, was approved.

Since then, and until May 2018, everyone has had time to adapt to the regulations. The most remarkable thing about the GDPR is that, unlike the previous directives, it does not require local legislation, homogenizing, once and for all, legislation regarding protection within the member states and companies that work with EU citizens’ information, inside and outside of this region.

Is your company ready?

The European Union foresees that the application of the GDPR will suppose sanctions of up to twenty million euros or 4% of turnover of the previous period for non-compliance. Now that we are in the final stretch, it is convenient to determine whether our company is prepared to meet the challenges.

All companies that collect and store the personal data of their employees, customers and suppliers residing in the EU are affected. This is important if we take into account that 80% of the data handled by the organizations is unstructured.

The increase of confidential data stored in an array of databases puts protection in the spotlight. Cyberattacks could lead to a serious sanction. Good practices in Data Security Governance are the key to mitigating these risks and ensuring compliance.

Luckily we have tools such as Panda Adaptive Defense and Panda Adaptive Defense 360, which have a Data Control module to help with such tasks. This tool is specialized in simplifying the management of this personal data since it discovers, audits and monitors in real time the complete life cycle of these files. And do not forget that keeping up with the GDPR is an active and meticulous process, but one which can be simplified and automated if with the right help. Don’t wait until May!

The post From 1980 to 2018: How We Got to the GDPR appeared first on Panda Security Mediacenter.

Read More

2017 in Figures: The Exponential Growth of Malware

2017 was especially hectic for cybercrime, especially when it comes to malware and its offshoots. The increased number of attacks and, above all, the professionalization of the techniques used by cybercriminals has been at the root of malware’s exponential proliferation. In 2017 alone (according to data collected up to September 20), PandaLabs registered 15,107,232 different malware files that we had never seen before. But the total number of new malware is much higher — up to 285,000 new malware samples every day.

It makes perfect sense that the top 10 of malware files in our cloud includes names like WannaCry, the ransomware that caused havoc in business networks around the world, and a version of CCleaner, installed by more than two million users. But in addition to the trends that have been making headlines everywhere, what conclusions can we draw about the state of malware in 2017? We discuss the essentials in PandaLabs’ Annual Report.

Malware’s Attempt to Go Unnoticed

Upon reviewing the figures, we see that of the 15,107,232 files registered, 99.10% have been seen only once. That is, 14,972,010 files. We have only seen 989 malware files on more than 1,000 computers, 0.01%. This corroborates what we already knew: namely, that aside from a few exceptions — such as the abovementioned WannaCry or HackCCleaner — most malware changes every time it infects, so each copy has a very limited distribution.

This year’s data makes it clear that although there are many more types of malware, each of them infects only a few devices individually. By attacking the minimum number of possible devices, each specimen reduces the risk of being detected and fulfils its purpose: to go unnoticed and ensure the attack’s success.

In any case, the total number of new malware samples (15 million) is not so relevant when it comes to calculating risk. What really affects us is the frequency with which we can individually confront the malware itself. To evaluate this risk, PandaLabs measured only those malware infection attempts that were not detected by signatures or by heuristics.

Recommendations for a Malware-free 2018

Following these tips will help reduce the risk of becoming a victim of malware:

  • Think before you click: do not access links sent to you by strangers.
  • Avoid downloading applications from unreliable sources.
  • Do not wait until tomorrow — keep up with system updates.
  • Use strong passwords to protect your identity.
  • Choose an advanced cybersecurity platform.

Our protection technologies improve and are updated as the amount of malware grows, which is why we are able to detect the threats that other solutions cannot. Panda Adaptive Defense is keeping up with threats and offers the market the services and tools needed to face whatever awaits in 2018. We’re ready to take on the new year!

The post 2017 in Figures: The Exponential Growth of Malware appeared first on Panda Security Mediacenter.

Read More

Daniel Lerch: “Steganography is a Tool of Great Interest to Cybercriminals”

Elliot Alderson hides secret information in audio CD files. However, the technique used by the fictional hacker protagonist of “Mr Robot” is far from being a TV whimsy. This is just one of the many steganography techniques used by hackers and cybercriminals to evade security systems.

From the Greek steganos (hidden) and graphos (writing), steganography is a method of hiding data. To analyze how to best handle this surreptitious threat, we spoke with Daniel Lerch, who has a PhD in Computer Science from the Universitat Oberta de Catalunya (UOC), and is one of the top steganography experts in Spain.

Panda Security: How would you define steganography? How is it different from cryptography?

Daniel Lerch: Steganography studies how to hide information in a carrier object (an image, an audio file, a text or a network protocol). While in cryptography the intention is that the message sent cannot be read by an attacker, in steganography the goal is to hide even the fact that any communication is taking place.

The two sciences are not mutually exclusive. In fact, steganography usually uses cryptography to encrypt the message before hiding it. But their objectives are different: not everyone who needs to protect information, also needs to hide it. So steganography would be an additional layer of security.

PS: Who would benefit more from steganography: cybercriminals or security providers?

Daniel Lerch

DL: Without a doubt, cybercriminals. Those responsible for the security of companies and institutions do not need to hide their communications. To keep them safe, cryptography is enough.

Steganography is a tool of great interest for different types of criminals, since it allows communication without being detected. Typical examples are communications between terrorist cells, the dissemination of illegal material, the extraction of business secrets, or their use as a tool to hide malware or the commands that remotely control the malware.

PS: How has this technique evolved in recent times?

DL: Depending on the medium by which steganography is applied, the evolution has been varied.

The medium that has evolved the most is steganography in images. They are so difficult to model statistically that it is very easy to make changes to them without anyone noticing. For example, the value of a pixel in a black and white image can be represented by a byte, that is, a number between 0 and 255. If that value is modified in a unit (hiding a bit) the human eye cannot perceive it. But the issue is that it’s not easy for statistical analysis of the image to detect this alteration either. Images are an excellent way of hiding data, such as video and audio.

Another medium that has received a lot of attention is steganography in network protocols. However, unlike what happens with the images, network protocols are well defined. If we change information in a package it is noticeable, so there is less wiggle room when it comes to hiding data. Although they may seem easy to detect from the outset, these techniques can be effective because of the difficulty of analyzing the large amount of traffic in existing networks.

One of the oldest media carriers, and one which has evolved least in the digital age, is the text. However, steganography in text could make a significant leap thanks to machine learning. In the techniques developed in recent years, the process of hiding information is tedious and requires the user’s manual input to generate a harmless text that makes sense and carries a hidden message. However, the current advances in deep learning applied to NLP allow us to generate more and more realistic texts, so it is possible that we will soon see steganography in text that is really difficult to detect.

PS: What applications does steganalysis have in the field of computer security? What techniques are usually used?

DL: From the point of view of business security, the main applications are the detection of malware that uses steganography to hide itself and the detection of malicious users trying to extract confidential information.

From the point of view of national security agencies, the main applications of steganalysis are the detection of terrorist or espionage communications.

Although most of the steganography tools that can be found on the Internet are unsophisticated and could be detected with simple and known attacks, there are no quality public tools that allow us to automate the process, detecting steganography in network protocols, in images, in video, audio, text, etc.

Maybe this is not possible yet. For example, in the field of steganography in images, the advanced techniques with which it is currently being investigated can hardly be detected using machine learning. If, in addition, the information is distributed among different media, significantly reducing the amount of information per carrier object, its detection with current technology becomes practically impossible.

PS: What role do you believe that steganography will play in the coming years? Will it be used more as an attack weapon, or a defense tool?

DL: Steganography as a defense tool would be unusual, although there are examples, such as the extraction of information by activists in a totalitarian country.

The main role of steganography in the next few years will be seen in its application as a tool to hide malware and to send control commands to the malware. This is already being done, although with fairly rudimentary techniques. The use of modern steganography techniques to hide malicious code will greatly hinder detection, forcing security tools to use advanced steganalysis techniques.

PS: What advice would you give to a computer security professional who is thinking of using steganalysis?

DL: He would probably be interested in detecting malware or exfiltrating data. The first thing is to keep good track of everything, to know what tools exist and when and how to use them. Then, it comes down to practice. Test and validate the technologies that we implement using a wealth of data.

If you use machine learning to perform steganalysis, you must be careful with what data you use to train the system. The model has to be able to predict data it has never seen. It would produce an error if, to validate the model, it were to use data that was used to train it. In machine learning, it is often said that a model is as good as the training data. So if our training data are not complete, the predictions that our model will make will not be reliable. The more data we use to train the model, the less likely it is that it will be incomplete. Otherwise, we run the risk of ending up developing tools that only work well in the laboratory, with our test data.

PS: What role will artificial intelligence and machine learning play in business cybersecurity strategies?

DL: An example would be the automatic detection of security flaws in the software. Also, replacing antivirus software that detects the signatures of known viruses with an artificial intelligence system that identifies viruses based on common characteristics and behavior.

PS: In an environment in where there are more and more connected devices, what security measures should be adopted to protect the privacy of data at the enterprise level?

DL: Security measures in IoT devices have to be the same as those applied to other devices connected to the same network. It may seem strange to have to manage the security of the office thermostat at the same level as a PC, but from the point of view of an attacker, this is as good a point of access to the network as any other.

The post Daniel Lerch: “Steganography is a Tool of Great Interest to Cybercriminals” appeared first on Panda Security Mediacenter.

Read More

What Will the CISO of the Future Look Like?

As the cyber landscape evolves, the role of the CISO (Chief Information Security Officer) is transforming. Managers at companies of varying size are more aware of the importance of cybersecurity than ever before, and, therefore, CISOs are increasingly present on the boards of directors. The new business context due to disruptive technological developments (such as the Internet of Things and the rise of the cloud), together with growing threat levels, requires security managers to face various changes, such as aligning with business objectives to respond to security needs. Although the profile of a CISO is still technical, its link to business objectives requires specific capabilities and a broaderbusiness vision.

New Responsibilities for a New CISO

With the increase in cyberattacks and the danger of sensitive data leaks looming over companies, the work of the new CISO takes on a role never before seen. According to a study by the Ponemon Institute, 67% of CISOs are responsible for establishing their company’s security strategies and initiatives. This figure indicates an increasing level of influence, confirming that the CISO goes from being a simple guardian of the IT area to a trusted adviser in the upper echelons of organizations.

In the above mentioned study, 60% of respondents said that their organization considers security as one of their priorities. The ability to prevent and respond to attacks is now of great importance for companies, which begin to value the tasks of the CISO to promote awareness and provide adequate training in cybersecurity among the staff, as well as investments in cybersecurity  tools to detect possible threats.

The integration between business and technology taking place with the digital revolution is creating a more complex ecosystem for companies and their employees dedicated to security. The CISO must now act according to business demands and assuming the same objectives as other executives of the company.  69% of the respondents in the Ponemon study consider that the appointment of a security director with corporate responsibility is fundamental for the company. The CISO of the future must report its activities within the organization, assume budget and compliance challenges, and implement business tactics driven by business objectives.

And let’s not forget their responsibility toward ensuring the availability of IT services at all times, as well as their airtight grip on data. In this way, the new CISO must reduce the imminent risk of data leaks, protecting the privacy of users and consumers, and complying with new regulations, such as the GDPR.

From Technician to Leader

Most security officers have a technical profile related to studies in computer science. It makes sense, taking into account the need to understand programming and work closely with your team on a technical level. However, the CISO of the future must have business vision and be able to influence the direction the company takes, with leadership skills and interpersonal and strategic communication. The CISO of the future must also be able to draw up plans and models of operations that contribute to the brand, including not only the technical side of cybersecurity but also its essential human side.

The CISO has made its way into organizations after years of being considered an afterthought, and this recognition must be welcomed by security experts as an exciting challenge. This evolution, which now requires an amalgam of technical, legal, regulatory and communicative knowledge, demonstrates the shift towards a global ecosystem much more aware of the importance of cybersecurity. It’s time to reinvent yourself and accept that the traditional IT role no longer exists. Are you ready to be the CISO of the future?

The post What Will the CISO of the Future Look Like? appeared first on Panda Security Mediacenter.

Read More

3 Poor IT Practices that Endanger Companies

An attack perpetrated by a criminal, a malicious or negligent action taken by an employee… The causes of security incidents can be very diverse. And, according to a recent study by Ponemon Institute, 28% are caused by poor IT practices. In many cases, these failures are due to limited security policies that do not cover all possible risks. By overlooking certain tasks and processes, IT teams are exposing the vulnerabilities of their companies. In this post, we will highlight three key aspects that should be adequately monitored by the security officers of any company.

Neglecting printers is dangerous

This seemingly harmless device can endanger your corporate network. It is worth remembering that printers are also sophisticated storage devices, and that they usually have a longer lifespan than any of our connected devices. According to a study by Spiceworks, only 16% of IT managers believe that printers are vulnerable to security breaches, a figure significantly lower than that corresponding to computers and mobile phones.

Since printers store sensitive document data, it is convenient to delete and review their content periodically. Also, if you stop updating the printers’ firmware, they can become an attack vector (especially if they are connected to the central corporate network). Different types of attacks could allow cybercriminals access to insecure printers, obtaining the documents that have been printed, analyzing network traffic, and even obtaining user information and passwords.

Do you know what applications your employees are using?

Another risk is not knowing what cloud services employees are using. It is important to perform a Shadow IT study and evaluate the dangers implied by applications and services not expressly authorized by security teams. According to an EMC study, annual losses that can be traced back to Shadow IT have reached up to 1.7 trillion dollars. Many organizations are unaware that their employees use services and applications outside of those put at their disposal by the company itself, increasing the blind spots and, therefore, the attack surface of the company.

To stave off malicious behavior, it is essential to monitor corporate network activity and have complete visibility of the software and applications employees are using.  These are crucial characteristics of a security system that is able to act against apps that could endanger the company’s sensitive information or intellectual property. It is very important to educate employees, but also to design policies that can satisfy their needs and prevent them from authorizing services in an insecure way, or by “taking the back door”. Likewise, IT professionals must evaluate each and every service and application, preventing access to those that are dangerous with infrastructural protocols (such as firewalls and proxies).

What if an employee loses their company phone?

The loss of corporate devices, whether mobile phones, computers, tablets, etc., should be extremely disconcerting for any IT professional. In a Tech Pro Research survey, when asked about the company’s weakest link in terms of cybersecurity, 45% answered that the most vulnerable point was mobile devices. To protect against collateral damage from loss or theft, ideally all corporate devices would be encrypted. IT administrators must ensure that contained on them is not compromising, and that these devices can only access corporate information through a VPN. And, in case of loss, administrators should have the ability to block it remotely.

By permitting mobile devices to install applications, even versions authorized by the operating system, you are, figuratively speaking, placing a door where there used to be a wall. It is important to ensure that the IT team has an identifiable base of all mobile systems connected to the corporate network and that, if possible, vulnerability tests and remote control may be performed to analyze penetration levels.

These are just three examples of areas that IT teams must take care to address. Ignoring these good practices can open the door to security incidents that cause considerable economic impact. In a context in which external threats are growing in number and complexity, avoiding risks by implementing basic protocols should be an obligation for every IT professional.

The post 3 Poor IT Practices that Endanger Companies appeared first on Panda Security Mediacenter.

Read More

Alberto Yépez: “Businesses Are More Willing to Invest in Cybersecurity”

In this guest collaboration, Alberto Yépez shares his expert vision innovation in the security sector. Alberto is co-founder and Managing Director of Trident Capital Cybersecurity, the largest global venture capital firm focused on cybersecurity startups. Alberto has extensive experience as an investor in companies such as Alien Vault, Mocana or Bluecat. In addition, he has served as a consultant for the US Department of Defense, is a member of the Board of Advisors of SINET (Security Innovation Network) and actively participates in global initiatives such as the World Economic Forum Partnership for Cyber ​​Resilience.

Panda Security: How has the cybersecurity landscape evolved over the 30 years that you have been in the sector?

Alberto Yépez: I think that cybersecurity has evolved from being a very technical and isolated issue to becoming something that is important for executives and boards of directors. I think that’s the biggest shift from a business perspective. We live in a digital age. Information is a premium, and information comes from data and is produced by applications that provide the context of the data for it to become information. And given that we are trying to protect that information, you see businesses that can succeed or fail just because that information gets compromised.

Alberto Yépez

From a technical point of view, given the complexity and the multiple platforms of computing that we use today, it has become complicated to protect. So every time there is a shift in a computing platform, there are new attack vectors that appear. And in order to defend them, you have to invest a lot of money to protect our mobile devices, our applications in the cloud, our data centers, privacy information for individuals, IoT… now you have this whole interconnected world.

The third thing that has happened, besides business and technical, is that now that we live in a digital age, to rob a bank you don’t need to go in there with a gun to steal the money. You can sit in your living room or your basement, and attack a bank and get the money. Therefore, the threat is real, the cybercriminals have changed, and these are more sophisticated individuals, very technical, that basically do it for different motives — because they are activists, or hacktivists, or they do it because they are really criminals and they want to enrich themselves and use the money or information for ransom. Or, more importantly, as we’ve seen as of late, there are a lot of state-sponsored cyberattacks, where they’re trying to destabilize democracies and governments. They’re trying to attack the national grid, or the critical infrastructure of a government, etc. So the frequency and sophistication of attacks has increased exponentially. Therefore, it is becoming harder to defend, and it all comes back to if it’s becoming harder, then the amount of money that needs to be invested is increasing, and not just by choice. The whole industry is really in a huge inflection point, where cybersecurity has become a fact of everyday life, both for the individual, the business, and for the government.

PS: What would you say are the most relevant trends in the cybersecurity industry right now?

There’s a shortage of cybersecurity professionals. Therefore the suppliers are trying to build products that are easier to deploy, easier to consume, and they’re using new technologies like the cloud and mobility to make sure that it becomes easier to protect information. In summary, it’s mobile security, cloud security, IoT security, and privacy. Especially in Europe, as you know, there’s a big push for some of the privacy directives, including the GDPR, which are at the front of the mind for business.

PS: How can security benefit from AI and Machine Learning, and what are the risks?

That’s an excellent question. So how do you solve the problem of the shortage of cybersecurity professionals? You bring in automation. Not to replace, so much but to help the humans. The role of AI is basically to automate tasks of mature segments of the security industry, using human knowledge.

PS: You’ve invested in many successful cybersecurity companies. How do you decide that a company is right for investment? What catches your eye?

We look at five different areas — so this is a good note for entrepreneurs!

Number one, we’re really market driven. We like to get a sense of what the areas are where no commercial technologies exist so emerging solutions can be funded. So we look at, how big is the market?

Number two, we look at the intellectual property — how hard it is to replicate the solution.

Number three we look at the go-to-market strategy — how the company can scale not just by selling one at a time, but by creating alliances. Which is one of the basics to reach a global audience.

Number four we look at the team — whether the people have the experience, the context, the knowledge, and the relationships to be successful.

And number five, we often look at the co-investors. The investor group is important, because companies go through several iterations and several fund-raisings, so you need investors that are committed to support a company through all this.

The post Alberto Yépez: “Businesses Are More Willing to Invest in Cybersecurity” appeared first on Panda Security Mediacenter.

Read More