Friday, October 6, 2017

Stay afloat

April 10, 1912, Southampton. The harbor was full of people, no one wanted to miss the largest ship in the world. And no one knew the tragic end that was coming to "the unsinkable transatlantic." Yes, we´re talking about the Titanic. Even the most prepared boat can fail if security is not ready and a little prudence makes its appearance.

There are cases in which in spite of having sunk the ship still bubbles from the bottom of the sea. We have had a couple of months with a couple of cases that can´t disappear from our navigation map because there´s always something new that comes out afloat. We talk about Yahoo being on the news this week after its attack occurred in 2013, Equifax signing a multimillion dollar contract despite its leakage or the health sector that finally seems to be taken seriously. But when all these cases begin to be repetitive, it is better to remember that there´s nothing like seeing the next one stumble to not fall into the same stone.

We started the week with the history of a flagship that already wrecked months ago but still got people talking. Equifax has been one of the largest cyberattacks in US history. And although this news has already happened months ago, there are constant news about the incident, the last one: they have signed a multimillion dollar contract with the Internal Revenue Service of the US government. But if something good can be extracted from all this is that we learn by mistake and thanks to the sinking of this giant the rest we have learned the importance of strengthening the privacy of our DNS, right? Earlier in the week HelpNet Security wrote an article about the importance of strengthening the privacy of our DNS. It is up to you to survive the storm.

Not all ports allow large ships to dock. As well as in the sea, when companies grow, things become complicated. Most companies use virtual networks to connect both internally and externally. When the company grows the amount of encrypted information increases and increases too the opportunity of attack by the criminals. To avoid shocks at the beginning of the week, SecNews send a list of tips to follow to control the codification of the traffic of your network and to avoid being approached by pirates.

By mid-week it was confirmed that not all the protection is to have cannons. When we talk about cybersecurity sometimes falls into the error of overlooking the obvious. In the case of security it´s important to protect any minimum change that affects confidential information and according to this article the solution to have it under control is the file integrity monitoring or FIM solutions. Watch who has access to the chest or it will not be so secret.

The latest advice comes from the vice president of the US Department of Justice, so we shouldn´t ignore it. According to him all companies should have their own program to allow third parties to find bugs within the company's website. In other words, it recommends making a public invitation to all those hackers who want to verify the correct implementation and operation of the company code. It´s not bad idea, no one knows where the fissures of the case are better than a pirate.

Although we are accustomed to the ocean we must not forget that it is one of the most hostile means for the human being. Cybersecurity, in the same way, is an environment in constant movement in which, despite having the sensation of having everything under control, something new can be cooking in the depths. It never hurts to learn from mistakes and use wood from others to keep us afloat.


Post a Comment