Nowadays news about threats and attacks to information systems are continuous, so one realizes how exposed we are. Every day it is more difficult to generate confidence in our information systems and their surveillance and protection must be a permanent task.
We always go after "the bad guys", we are reactive. In the context of current threats and their continuous evolution, we must take a proactive stance, we must go after the attacker.
We must provide companies with tools and solutions that facilitate the "hunt", that provide knowledge about weaknesses and context about threats, we will give value to what we already know when it comes to mitigating attacks and we will automate responses to these attacks.
In addition, we must bear in mind that attacks or threats do not necessarily come only from outside the company, but from the employees, another link in the chain, and not always the weakest, on the contrary, it is another line of defense that must be prepared, cared for and made aware of.
The devices from which employees access should be protected and even bastioned (configured) correctly. And workers carrying their private devices could be using non-corporate applications in the cloud or with private credentials and moving company information over the Internet without any control.
I don't want to leave out information leaks from disgruntled employees, or for unclear purposes.
There is a whole set of resources at our disposal to defend ourselves (Monitoring, Threat Intelligence, Threat Hunting, SOAR, Machine Learning, UEBA, Deception...) but, a priori, it is not so easy.
Large companies, taking into account the amount of information handled by their huge IT teams, the number of customers they have, the services they provide, their reputation, etc., they have the resources and, above all, their management is aware of the implications and current challenges in cybersecurity.
However, in the field of SMEs, with fewer resources and, mainly, directed to their "core" business, they generally do not pay attention to their cybersecurity until they become aware of its importance and, generally, it is not "by hook or crook".
In SMEs we find companies that have neither the resources nor the necessary knowledge to address the protection of their data and information systems with guarantees.
According to a survey by CEPYME (Spanish Confederation of Small and Medium Enterprises) 33% of the sample has experienced a ransomware attack and 75% of organizations infected with ransomware were running up-to-date endpoint protection, i.e. had their antivirus up to date.
SMEs face the same security challenges as larger organizations (ransomware, intrusion prevention, spam, phishing, etc.), yet they do not have the resources to invest in a robust infrastructure.
Getting down to business, what are the steps to follow to mitigate cybersecurity threats?
Although these are phases focused on prevention and detection, traditionally used in the field of cybersecurity, they must be complemented with new ways of dealing with risks, according to the new threats.
Want to know more?
In today's digital world, predicting new threats and automating cybersecurity responses and practices, to free up specialists' time to analyze and resolve the most complex incidents, is key to staying ahead of an expanding universe of threats and risks.
In addition, relying only on perimeter defenses of prevention and detection, and rules-based security such as antivirus and firewalls, becomes less effective as organizations increasingly use cloud-based systems and open application programming interfaces (APIs) to create modern enterprise ecosystems. IT simply doesn't control the boundaries of an organization's information technology like it used to.
Therefore, the current incident response mentality of many organizations, which consider security incidents as one-time events, must change to a continuous response posture.
It must be assumed that the organization will be compromised, that the hacker's ability to penetrate systems is never fully countered.
Continuous monitoring of systems and behavior is the only way to reliably detect threats before it is too late. This is Adaptive Security, a model defined by Gartner Adaptive Security Architecture.
This continuous approach, however, generates a huge volume and variety of data at a great rate. Advanced analytics will be the foundation of next-generation security protection, and Gartner predicts that by 2020, 40% of large organizations will have established a "security data warehouse" to support this function.
The correct treatment of data together with Machine Learning techniques, which basically consist of automating, by means of different algorithms, the identification of patterns or trends hidden in the data, make it possible to foresee and identify attacks more effectively and quickly.
Through these Machine Learning processes, it is possible to improve the monitoring and correlation of events in SIEMs (Security Information and Event Management), tools capable of capturing practically all types of data and events in our information systems and, through correlation, monitor and alert to any type of incident, generating alerts and/or actions to mitigate the problem.
If user behavior analysis tools (UBA) are also added, as well as where they access from, what they access, when and how, all the technologies and tools described above together form an effective firewall against cybersecurity attacks.
At this point, investments in equipment, knowledge and human resources can be prohibitive for SMEs, and the solution comes from managed security providers or MSPs.
The benefits of having an MSP provider are: high quality service, the most secure solutions, no need to invest in new infrastructure, leveraging the potential of the cloud, and protecting the entire network from endpoints to the cloud and, of course, their level of expertise in the field.
A3Sec has extensive experience in data processing, localization and management, allowing you to gain full visibility into your operations. Technologies such as Machine Learning, UBA and action automation (SOAR), which allows us to approach our clients' cybersecurity in a proactive way, ensuring fast and effective decision making in the face of incidents or threats, which will minimize the impact of the client's risks.
From our Digital Security and Surveillance Center (CSVD) we are able to monitor our clients' IT infrastructure, from vulnerability management and tracking, as well as security event management, brand surveillance and fraud management, completing the defense with prevention, detection and response systems, as well as SOAR orchestration tools.