Around 1250 B.C, a well-known event took place; the Greeks began a war against the Trojans as a consequence for the abduction of Helen. This led to one of the most legendary conflicts of all ancient times. The most interesting fact about this story, though, is the city of Troy. Despite the constant sacking of the nearby cities, the fights on the shores and fields, and all of their efforts, the Greeks were never able to take over the city which survived for 9 years.
Pero lo que es interesante de esta historia es el sitio a la ciudad de Troya que duró alrededor de 9 años, durante los cuales los griegos saquearon las ciudades cercanas, lucharon en la playa y los campos cerca de la ciudad y sin embargo a pesar de los esfuerzos, no lograron tomar la ciudad.
It was at that moment when the Trojans thought they were invincible, and no one could conquer their city – that the Greeks seized the moment and came up with a ploy; a great wooden horse filled with Greek soldiers led by Odysseus. This horse was given as an offering to Athena to make the Trojans believe that the Greeks had left their lands. The Trojans, sheltered and confident, welcomed the offering and began a celebration with wine and food for their victory and the departure of the Greeks. At night, the soldiers hiding inside of the horse took advantage and opened the doors for their army and sacked the city, mercilessly.
Why is this story relevant? Because it repeats itself over again in many companies and organizations, no matter the size or the industry. It repeats in every company that does not renew its cyber security strategies and that maintains the same controls that have kept it secure all these years. Like the citizens of Troy, it sees itself as invincible and impenetrable, but it is precisely at that moment that a subtle and irrelevant attack could be the opening for which the attackers have been patiently waiting for years. The environmental conditions and the people have changed, but the processes and controls remain the same, and that is why it is necessary to focus the efforts on reeducating, starting by the review and update of cyber-security risks and the most frequent attacks from the past year. It is also necessary and urgent to review the cybersecurity practices and reviews on the devices and homemade LAN networks.
In my opinion, we are failing in education. We believe that we are safe with the controls and tools that have protected us for decades, but we are not aware that our employees and collaborators are in a battle. These are the people who are key in the strategy for the companies’ cybersecurity.
Why should we emphasize cybersecurity for homemade LAN networks? Shouldn't we be more concerned about the network from our companies, branches, and offices, from all around the world, that are at risk? Why should we worry about homemade networks and devices that are outside the enterprise security and IT’s responsibility? In fact, this problem underlies on this new reality we have been living in for a year. Given that a high percentage of the company’s workforce started working at home, the house’s networks became an extension of the company’s network. This current pandemic changed something that was previously offered, as an option or benefit, to the employees and contractors. Nowadays, working from our houses has become something almost mandatory and both, working and family life, have intertwined to an imperceptible level. Without realizing it, we´ve gone from work activities to our personal life without a pause. We started checking our kid’s homework, personal emails, leisure websites, shopping online; everything on one same notebook or desktop or cellular device. This could easily allow the attacker to access, through an electronic means such as a personal email, to confidential information from the company. Herein lies my advice on the emphasis that we should put on strengthening cybersecurity training for our team, coworkers, and family; on the prevention and action towards a suspicion or real attack, no matter how subtle or irrelevant it may seem, as it could be the beginning of something much more elaborate and of higher impact.
I suggest starting to create and strengthen the habits around last year’s main threats and cyberattacks and perform semi-annual follow up reviews. Before we speak about recommendations, let's list the most popular and rising threats and attacks.
Phishing: A digital message sent for the purpose of deceiving and making an individual access a fake website – presented as legitimate – to activate a virus or install a malware to extract sensitive information. These types of messages can be received via group chats with fake news, vaccine websites, information, and recommendations about Covid, among others.
Ransomware: The theft and seizure of data is a means of extortion that has gained strength and is becoming more sophisticated. By phishing, the attackers encrypt some or the entire laptop, desktop, or corporate server to obtain a ransom, usually in cryptocurrency, which should be paid for the release of the data.
Multilinguist files: images – which are really not – or compressed files with executables that are activated on malicious websites or, when downloading illegal files, shoot actions and backdoors which the attackers will use then for the exfiltration of information or for malware installation with different purposes.
IoT attacks: with the spread of Internet of Things, each day we have more devices at home connected to the internet - speakers, bulb hubs and smart locks -that may present vulnerabilities or open ports and end up in control of the attackers if not updated correctly and constantly.
Malvertising: a word derived from malicious advertising that intends to provoke a possible victim into clicking on fake, but credible, advertising on social media in order to install malware for dark purposes and to open a gap between our computer and information.
Robo de identidad: During the past year, the theft of people´s confidential information increased considerably. Through the previously mentioned methods, cybercriminals escalate applications to banks and government entities to obtain credits, subsidies, and subscriptions to services to obtain benefits and which the victim will then have to pay.
These are just some of the risks we are exposed to and for which we must create a series of habits which will allow us to prevent and detect any kind of impact on our information and devices.
Let’s review some easy-to-implement habits that will help us to strengthen our position towards cyberattacks.
Doubt and suspect everything: First, we must doubt about any message, publicity, email offers or information. Given that the attackers have become more skilled when forging banks or E-business’ websites, it is necessary to doubt.
No matter how secure and real the message might seem, we must check the website’s URL address and verify that it has a lock, that is, a safety certificate that will guarantee that the site is safe and has been verified by a certifying body. If it comes from our trusted bank or financial entity, we must assure that the address is the same as always. If in doubt, we should always close the site, refrain from providing information and immediately contact our entity or company to validate the veracity of the message.
Be selfish when it comes to information: It must be clear that our information is valuable and that every free app that we download and install is not really free and that we pay them through our information, basic data, contacts, online location, websites that we visit and work routines, among other important information. We must be more selfish before granting permissions to apps on our cellphones and confirm what is it that we are providing and sharing; be selfish when we fill out booking data forms on E-business websites, survey websites, etc. Let’s be selfish and restrain from giving our main email address or our basic information without previously checking that it is strictly necessary.
Be strict when it comes to passwords: Every new site where we register or app that we download on our cellphone requests a new user and password. To save time, we always use the same personal email address and password which are easy to remember. Different recommendations arise here:
Do not use our personal email unless it is necessary.
Use password management apps that will allow us to save the credentials from every site and provide strong, self-generating passwords – including symbols, caps, lowercases - to avoid memorizing. In addition, if any of these sites is exposed, and the passwords and emails are hacked, our usual email and unique password will be safe.
Use an authentication factor: an app that generates a unique token or biometric authentication that enables to configure on our most strict websites such as business or personal emails and usual e-business’ websites.
Be patient and proactive regarding updates it is also a priority given that every laptop, desktop, cellphone and tablet generate, periodically, new versions that allow the closure of detected security breaches, besides new functions.
Usually, these update notifications and reminders that appear on pop-up windows are very insistent and annoying, but we should always be patient and program. We can always silence and reschedule these to a time where we know we will take a break from the device or app in order to start the corresponding update. It is necessary and important, though, to make these a weekly habit to prevent any exposure to numerous software and hardware vulnerabilities that could be caused by a malware, virus or process and that an attacker will use to hack, extort or sabotage our devices and information.
At OCP TECH we can provide these services for the design of an integral strategy that, together with Cisco’s tools, will provide a non-frontier protection to your company’s data and assets. This will not only include the best practices on the implementation of company networks and software solutions but also the experience of a group of experts on security and processes that will take your company to the next level, while focusing on the business.
The author of this article is available for questions at fabio@ocp.tech