One of the most notorious cases in recent years about cyber-attacks was that of Ashley Madison. The social network to find a sexual partner, which concentrated a large part of its messages on married people who wanted to have affairs with all discretion, was violated by a group of hackers, stealing more than 9GB of file information from its data centers and leaking more than 30 million data from its users. With the trust of thousands destroyed, many are now wondering, is there a way to stay safe from a cyber-attack?
One of the reasons why the threat of theft of data or electronic information is increasing is because of the difficulty of visualizing the risks that exist in the network. In this way, the most effective defense is to have the ability to face these types of threats, with a strategy that allows anticipating the risks of an attempted theft or failure of information security controls. For preventing cyber attacks this is important.
Positive Feedback
It is necessary to understand, first of all, that every time we make a new connection (ourselves or our systems), what is known as positive feedback increases. This type of positive feedback triggers uncontrollable reactions, which increases the risk of instability in the systems that are interconnected. This is to a large extent, the reason why our privacy is affected by losing stability in controls.
Likewise, all information that is exchanged on the network can be taken by practically anyone. The type of information that is shared must be taken care of, especially in social networks and mobile applications, since the attacker does not necessarily have to be a great hacker, but anyone with average programming knowledge, who can access “private” data that they are shared on the network.
There are certain prevention measures to prevent a recurrence of cases such as Ashley Madison, such as:
- The adoption of an information security government, through a security program, as well as the review of processes and implementation of technologies that prevent data leakage.
- The security access control of mobile users, as well as securing information resources before, during and after a computer attack.
- The design of update management policies that allow coordinating and managing the security of the information within it both in OS (Operating Systems), Applications, Servers and Database.
Ideally, this management policy should be part of a PSI (Information Security Policy) system. The network security key is important there.
In the end, it is not a matter of choosing between saving the information on servers or in cloud storage, as it is something that varies depending on the business and its needs. Cloud resources will always be more cost-effective but also impose more controls such as encryption, logical access controls, and backups, which could affect their performance. The servers are a good choice but involve higher costs and are difficult to have adequate security infrastructure, this may be counterproductive and would be advisable to send it to a cloud that has the necessary security measures.
Digital security for companies
Is there a way to monitor the security of companies, before these types of infiltrations occur? The answer is yes.
When companies do not have broad visibility into their own environment or the threat landscape that exists today, it is easy to be fooled by an attacker. There are services to help develop scalable strategies that have security intelligence services to help protect against attacks and threats. This is known as “Security Intelligence Services” or “Threat Intelligence Services”. These provide the company with an overview of the possible existing threats that could represent a risk.
One of the main tips that can be given to any collaborator is not to use corporate email when registering on a website or internet applications, since that way you will avoid receiving spam mail, which may be infected with some malware or some phishing attack that could affect company information.
Selling online through ecommerce, having a corporate website where to show the main lines of action of a company or having a constant presence on social networks to communicate with their clients are some of the different incursions into the network that most of Business projects.
The network is already an important part of the commercial and marketing strategy of large and small companies, which manage to increase their visibility or their turnover thanks to a communication channel that just a decade ago was almost unthinkable.
However, the online presence of companies, in addition to opportunities, entails new risks, such as exposing themselves to the possibility of suffering a cyber-attack.
Calibrating the Risks of Suffering a Cyber Attack
At the same time that we define a marketing or online sales strategy, companies with an online presence must also know the risks to which they are exposed by hosting their website on a server, storing their data in the cloud or carrying out economic transactions of the company electronically, among other examples.
The growth of the network as a sales, management or dissemination channel for companies has also coincided with an increase in illegal practices such as cyber-attacks to undermine the image of a company or steal user data and passwords or confidential information.
