Monday, April 30, 2018

When physicians need a doctor

Have you ever wondered if  physicians with health problems visit a doctor? Unless you are stubborn like Doctor House, everyone with a problem needs solutions. Medical devices are also vulnerable to cyberattacks and can risk not only the info and stored data, but the patients health too. Recently, Facebook and Uber users data have been affected by security breaches, as in Healthcare, in which the info of 18.000 member was leaked. 

In 2017, FEDA confirmed the vulnerability of  the implantable heart devices known as cardiac pacemakers. If they are hacked, cybercriminals could use their access to these devices to  prematurely empty the battery or changing the device frequency, killing the bearer.

Friday, April 27, 2018

The hale and the turtle

This tale starts with a turtle betting, tired of the mocks of the hare, that she could be as fast as her. When the race starts, the turtle moves slowly to the finish line. The hare, knowing she was faster, laughs at her and waits sleeping in a tree. The turtle gets to the finish line and the hare doesn’t notice it. The hare runs but it’s too late and the turtle wins the race.  

The GDPR moves firmly to get to their next implementation. Despite what people could believe, a lot of companies are working on it. But some other companies are not. Will the tale of the hare and the turtle be repeated? 

Wednesday, April 25, 2018

Don't forget that we are humans

It’s quite common that in sci-fi movies are the robots the ones that rule the world. In the “I, Robot” film, Will Smith tries his best to end with this idea and to make a more human world. What happens? An error occurs in a robot and Will Smith ends up nearly killed several times when fighting an infected droid. Nowadays, analysts aren’t in that point but sometimes they can be overwhelmed by the amount of threats they can be dealing with every day. The solution can be found where human experience and automation meet. 

LogicHub realized a survey in the RSA Conference in 2018 and they identified that 79% of the surveyed thought that human experience and automation of safety are the perfect combination for a powerful and safe infrastructure that will keep cyber-attacks away.

Monday, April 23, 2018

Playing hide-and-seek among world powers

Relations between Russia and the United States haven’t been the greatest in a long time. The ways they’re attacking each other have evolved and what several years ago were tanks soldiers and bombs, nowadays are silent attacks that affect our devices and cause unthinkable harm to companies and infrastructures all around the world. These cyber-attacks have made the world against the player playing hide and seek: Russia. 

The United States are accusing directly to the Russian Government of aiming their attacks against their organizations to interfere in their presidential elections. These days, USA and British intelligence public servants are aware that these Russian hackers are trying to penetrate personal computers in order to make future cyber-attacks.  

Friday, April 20, 2018

Unfollow to cyberattacks on your smartphone

As times passes, smartphones have become an extension of our body. We communicate by them and we show private parts of our life without knowing how many people can actually see our information. Likes, Follows and Hashtags are often used by us, letting some of our information to some companies that might not be transparent. Today, we are going to talk about this week’s main news to share with you the last information in apps and smartphones security.  

Cybercriminals have discovered a great opportunity in apps vulnerability and in the blind trust we have in them. We install applications from third parties without checking the origins and we accept terms and conditions without reading them. We post information online. Technology has become the window to society.

Wednesday, April 18, 2018

Catfish business

Online flirting, what a world. Millions of profiles are created every day in dozens of apps to find the love of your life. But, do you know who is behind those profiles? In a sea of users, there’s always the “catfish”. This happens when a person lies about their identity in social networks and it can be just for fun or looking to swindle. These profiles aren’t only in flirting apps but on every social network. There will always be someone with dishonest intentions.  

Researchers from the Ben-Gurion University in Negev and the Washington University have created a new method to discover what profiles are fake in most social networks. 

Monday, April 16, 2018

Cybersecurity, a matter of humans

“Man is imperfect but perceptible”. This can be the sentence that bests define the human kind. As humans we are imperfect, but in our own nature we have the capacity to learn from mistakes and to achieve our perfection. We can’t forget that even if we are immersing in the seas of cybersecurity, what’s moving everything online is the human factor. 

It’s common to see cybersecurity as a technic factor, but that’s far from the truth. A lot of companies trust entirely in technology when protecting their information and, occasionally, there’s the mistake. Oz Alashe, Founder and CybSafe SEO, wants to change our mind, Understanding cybersecurity driven by humans.

Friday, April 13, 2018

When the data protection goes "Des-pa-cito"

Facebook, Instagram, Twitter, WhatsApp, Youtube, VEVO, Spotify, Uber... and so many more are the apps we are using in a daily basis. As users we can only use the recreational and social side of them. But the truth is that they know about us so much more than we know about them. As the “Despacito” song said “Let me exceed your danger zones…” and most of the time, that’s what’s happening. 

You could say it hasn’t been the best week for some of the social networks mentioned. Privacy Policy is still a delicate matter that we should not take lightly.  

Wednesday, April 11, 2018

Ready, set, go!

Cybersecurity problems don’t warn us. They can happen and will sound the alarm right when you less expect it. Are we truly ready for them? In the majority of global organizations, the answer is a yes. But the amount of time needed in detecting and controlling these problems is very important. In this race not only contestants matter, but the first ones to get to the end. 

The LogRhytm study, by Widmeyer, in which 751 TI experts from USA, UK and Asia have been involved, says that half of the global organizations are capable of detecting an important cybersecurity incident in less than an hour. The scariest thing is that less than a third of the people surveyed said that they wouldn’t be able to detect it or even solve it in that amount of time.

Cybersecurity is still a pending subject in companies. It is common that they focus on security maturity and they number of people in it. The survey revealed that the professionals in cybersecurity average number in a company are 12. More than the half of the companies has less than 10. 

One of the most frightening results from this survey is the level of confidence that the security managers in these organizations have. Half of them think that, despite their job, a hacker may violate and attack their company. More than a 33% of the surveyed said that they have had suffered a violation during the last year (29% in the USA and 39% in Pacific Asia), so the responsible people in decision taking aren’t trusting their abilities in a 100%, in the same way, that they don’t do it in their software. 

As mentioned in the beginning of the article, finding a fast solution is very important and has to do with several points like the technology, the process, the software or the people involved.  In the technology matter, the 80% of the surveyed explained that an administration platform for cybersecurity, analysis and response would be helpful, but not very helpful. We can sense some kind of insecurity when cyber-attacks and their neutralization. A third of the surveyed said that they’d need help during them.

As a conclusion, big world organizations see themselves unprotected in cybersecurity world. It might be because of the number of people working on it or because a lack of investment. They’re racing in a race in which a lot of times they are not the ones to get the gold medal. 

Monday, April 9, 2018

Pirates of the Cybercaribbean

The cybernetic seas are very deep and dark. Defending the fleet against other pirates is complicated for companies. As in the movie "Pirates of the Caribbean", you will run into pirates like Jack Sparrow, who will go all out to get their treasure. But, what if you put yourself on their side and include "the bad guys" in your ranks?

Cybersecurity in companies is an aspect that entrepreneurs often ignore, but increasingly, the leaders of these are being aware of the risks they face if they do not protect their data against the "hackers". Hiring the pirates or university students is an option when it comes to investing in cybersecurity for your company. Laurie Mercer, a solution engineer at HackerOne, talks to us about direct recruitment through bonus programs in the interview that we share with you below.

According to HackerOne's most recent hacker reports, almost 12% of HackerOne hackers earn around $ 20,000 per year for error bonuses. But what leads companies to hire pirates among their workers? Laurie Mercer gives us her point of view: "From a recruitment aspect, Yelp realized that this was a way to find talent, since they were people who normally could not access that position because they had not finished college or they didn't have security experience that allowed them to pass through the human resources department. "

HackerOne is a platform that facilitates communication between a company's security team and hackers. It currently has more than 166,000 registered users, which means that more and more companies are becoming more receptive to the disclosure of their vulnerabilities and trusting these "pirates". As Mercer says, they have found an innovative way to find talent and match talent with the needs of each company.

As Laurie Mercer says: "We receive messages from students who tell us they read our Hacktivity feed, a hacker named Jack Cable is using the reward money to pay for his studies at the university." The young man, with only 17 years old, was able to finish with 200 reports of vulnerability ranking among the 3,000 best of HackerOne. Mercer said that from that moment they realized their talent, and today is waiting to conduct a job interview with the Defense Department.

The reputation system of HackerOne works in the following way. Each time a hacker sends a vulnerability that is accepted, it is rewarded with points to climb in the "ranking", and in case the vulnerability presented is not accepted, they lose reputation points. At the top of the ranking, users can access to work with private clients according to their scores. The companies trust more in these users, since as Mercer says: "some people see it as an advantage and the poacher became a forester".

In conclusion, Laurie Mercer was asked if she believed that a greater exposure of the vulnerability of companies and the participation of clients would help cybersecurity professionals in the future. Mercer answered: "We all benefit from the work of the community, because it is helping the internet security in general, but the opportunities offered by participating companies also help to encourage hackers, help them gain experience and even get a job. "

On many occasions you have to ally with the enemy pirate to defend against fleets much larger than yours. Information is power, and in the 21st century data is the treasure most sought after by cyber-pirates.

Friday, April 6, 2018

"Snakes on a plane"

Who does not know the movie "Snakes on a plane"? A group of passengers gets into an airplane in which an FBI agent has to escort a witness to Los Angeles. A murderer releases poisonous snakes inside the flight to kill the witness and thus can not testify.

Precisely, this week we talked about cybersecurity in airlines, which are some of the companies that need more investment in information security, due to the complexity of their systems, but what if all companies had their own "snakes"? "between your systems?

Wednesday, April 4, 2018

Sleeping with the enemy

Companies and institutions increasingly invest a greater percentage of their budget in securing their digital perimeter to protect themselves from the growing number of attacks and external threats. But ... have we considered what happens if we raise huge walls to protect us from the outside but our enemy is already inside and is part of our organization?


That same question is the one made by those Global Data Risk Report managers prepared by Varonis and we do not know if the answers can be described as surprising, but certainly are worrying. This study shows that, as happened in Troy, most organizations are so concerned about their digital perimeter that they forget the need to maintain a minimum internal protection of their information to prevent it from circulating freely or falling into the wrong hands.

The report presented by Varonis is based on the analysis of the file systems of its actual or potential clients (about 130 companies) and focuses on the different risks that a company with an acceptable level of digitization currently has to face: security breaches, internal threats (what we want to highlight today) and external attacks, such as ransomware.

If we break down the data of the study, the panorama of the protection of the systems and corporative networks in front of its own employees is bleak: 21% of the folders with information are accessible to all the employees and 58% of the big companies analyzed have at least 100,000 folders that can be consulted by anyone

It also draws attention to the fact that 54% of the information stored by the companies is obsolete, so many resources are dedicated to protect some data that actually have no value and that could have been eliminated, reducing not only the load of cybersecurity equipment, but also reducing the costs of maintenance and operations of its infrastructure. In addition, 34%  of users included in these systems are also outdated and many of them are former employees who could have access to the information.

Let's focus on another fact that surely surprises many professionals of the infosec: 46% of the companies analyzed have at least 1,000 users whose passwords never expire or have been renewed, which means a clear Achilles heel in the defense of information stored, even more if we take into account that 41% of companies have at least 1,000 files with sensitive information available to any user with access to the system.

We have already discussed several times that the security of any defense is as strong as the weakest of its links,so we believe that this study is especially interesting to make us reflect on the importance of cleaning in our own house and to bring order, because if we do not, we can feel safe ... without knowing that we are sleeping with our enemy.

Monday, April 2, 2018

High flown cybersecurity

If there is one sector that is especially concerned with safety, it is undoubtedly the airlines. Since customers are going to carry out an activity, fly, which is totally alien to their morphology, there are a whole series of protocols that regulate all aspects of what will happen on the flight: from user behavior to mechanical checks in triplicate to do before takeoff, approach or what routes should be followed when landing in the direction and strength of the wind.

Therefore, it should not surprise us that a sector so concerned about security pay special attention to the protection of their information and computer systems, since a failure can have catastrophic consequences. In addition, because of the strategic importance of this sector and its dependence on technology, they are forced to face very specific challenges and threats. Of all this, Darren Argyle , the former CISO of Quantas airline speaks in the interview that we share with all of you below.