In the contemporary world, where the use of technological means and virtual systems is becoming more and more indispensable, one of the great problems caused by criminal entities has been the invasion and theft of data. It is important to emphasize that, with the digital transformation and the increase in the use of digital media identified in recent years, now driven by the new Coronavirus pandemic, there has also been a spike in the practice of cybercrimes, that is, those crimes that occur through virtual means. These crimes are usually performed by hackers, who are holders of technical knowledge about internal computer systems and electronic devices, programs, and networks.

Cybercrimes can occur in different ways and for different reasons. In general, users who become victims end up having their information and data stolen or their accounts hacked by criminals, which often results in episodes that can bring disastrous and immense damage to those who suffer the crime.

Therefore, it is ideal to establish preventive security measures before attacks occur.

There are currently many ways to ensure greater protection of your data and information. Make sure you read our article on the rise of cyberattacks during the pandemic, and how to protect yourself.

But if you have already suffered any of these crimes or want to be informed about the actions that should be taken in these cases, keep reading this article and find out what are the recommendations we have separated for you.

Actions to Be Taken in Case of Invasion or Theft of Information and Data

 When an organization experiences a security incident, such as cybercrime, it needs to act promptly and quickly.

We are not always prepared to deal with situations like these, but it is necessary to remain calm and take action.

Of course, actions should be taken according to the specific type of attack that took place and to what was actually stolen or hacked into.

Therefore, carefully read the possibilities listed below on which procedures should be taken in these cases and see which ones fit best for you.

Identify the Action of the Intruders

It is important to find out how the criminal act took place and what data was disclosed. Thus, the procedure must take place so that the necessary measures are taken in order to restrain the results of the crime and prevent further invasions.

You can start an investigation through companies specializing in cybercrime and hard evidence.

Look for Evidence of Crime

When becoming a victim of a computer crime, if possible, you must record the evidence of the crime.

In this sense, it is worth noting that the most correct and secure means is through specific solutions that allow the recording of all actions performed in the environment.

This can even assist in the incident remediation process, reducing operational and downtime costs.

Change Your Passwords Immediately

Another important action to be taken if you have suffered a cyberattack in which there was data theft, and also one of the ways to minimize the problem, is the immediate change of your passwords, whether for emails, networks that may be related to the theft, or for your systems.

This will prevent criminals from continuing to develop other types of damage that can be done by using your stolen data.

Check the Backup of Your Files

The use of software that backs up your information and data automatically and efficiently is a preventive measure that can help a lot in these moments.

If you have already performed this procedure, the chance of recovering your information will be much greater, so check the backup of your files and see if you can recover them.

Communicate About Information Leaks

If the information that was leaked is related to other individuals, such as employees or consumers, they must be informed about what happened and about the measures being taken concerning the case.

This behavior is an ethical measure, which must be carried out clearly and objectively.

Analyze the Weaknesses that Made the Invasion and Theft of Your Data Possible and Invest in Security

In addition to looking for those responsible for information leaks, it is important to recognize the limitations and deficiencies that allowed intruders access to your system.

When recognizing them, it is essential to take appropriate action so that future losses are avoided.

You can look for specific digital data protection solutions that will help you in this process, as is the case with senhasegura.

When it comes to cybersecurity, many think about protecting themselves against hackers who use technological flaws in a system to steal data. But cyberattacks can’t just be malware intrusions, there are other ways to infiltrate organizations and networks with the victim’s consent and without the victim’s knowledge of what is going on. This type of deception is known as social engineering, which in essence is manipulating someone until sensitive data and access permissions are granted.

A well-known example of this is when an intruder poses as the IT support of a particular company, asking users to provide information such as their usernames and passwords. The scam is accomplished when this information is shared.

It is surprising how many people do not think twice about sharing this information, especially if it looks like it is being requested by a legitimate representative.

In this context, we bring you some information relevant to the precaution against these attacks! Keep reading and learn how to protect yourself from social engineering attacks.

What Would Social Engineering Be?

The definition of social engineering embraces many types of psychological manipulations. This concept can generate positive results when it is taken to the area of behavioral promotion.

Information Security, however, tends to treat social engineering as an evil that provides benefits to the criminals, involving manipulation to obtain private information, such as personal and financial data. Thus, social engineering can also be defined as a cybercrime.

How Does Social Engineering Work?

Unfortunately, for humans, there are still some relationship patterns that are established. Social engineering works by taking advantage of these cognitive prejudice situations where criminals steal financial and personal information.

A strong example of this can be seen in the human tendency of trusting people who look nicer and more friendly, or even who hold a position of higher authority.

Social engineering techniques exploit this natural human confidence. In 2018, vacation rental phishing scams, in which hackers impersonated owners offering real vacation listings, were common enough that the US Federal Trade Commission issued a warning about them.

In many cases, the contact information and emails of the real owners were hacked, leaving little reason for victims to think they were not discussing a rental with the real owner.

Who is Most Vulnerable to Social Engineering?

Anyone can fall victim to a social engineering attack. Each one has their cognitive prejudices that, most of the time, go unnoticed during social life.

However, there are some particular groups that, in a way, are “easy” targets for these criminals, such as the elderly, who may not have knowledge of technology, generally have fewer human interactions, and may be perceived as having a lot of money and goods to discard.

What Are Common Social Engineering Techniques?

Social engineering techniques can take many forms. Below we list the commonly used techniques.

Trust Exploitation

Users are less suspicious of people they are familiar with. An attacker can become familiar with system users before the social engineering attack. The opportunist can participate in social events and other environments, which makes the attacker familiar to users.

Intimidating Circumstances 

We tend to avoid people who intimidate others around us. Using this technique, an attacker could pretend to have a heated discussion on the phone or with an accomplice to the scam, and could then ask users for information that would be used to compromise the security of their system.

Users are more likely to give the correct answers just to avoid a confrontation with the criminal. This technique can also be used to avoid being checked at a security checkpoint.

Phishing

This technique uses tricks and cheats to obtain users’ private data. The social engineer might try to impersonate a genuine website, such as Google, and then ask the unsuspecting user to confirm their account name and password.

This technique can also be used to obtain credit card information or any other valuable personal data.

Exploring Human Curiosity

Using this technique, the social engineer can deliberately leave a virus-infected USB stick in an area where users can easily pick it up. The user will likely connect the USB stick to the computer.

Thus, the USB stick might run the virus automatically or the user might be tempted to open a file with a name, such as Employee Review Report 2013.docx, which might actually be an infected file.

Exploring Human Greed

Using this technique, the social engineer can entice the user with the promise of earning big money online by filling out a form and confirming their details using credit card details, etc.

How to Protect Yourself from a Social Engineering Attack?

Social engineering attacks are stealthy. This makes it critical for everyone to be aware of the threat. Some best practices you can follow to ensure you are protecting yourself from social engineering attacks include:

• Never responding to a request for financial information or passwords. Legitimate organizations will not send a message asking for personal information.
• Adjusting your spam filters. Every email program has spam filters, make sure yours is set to block potential threats.
• Protect your computing devices and accessories. That means protecting your digital space with antivirus software, firewalls, and email filters. It also means protecting USB sticks, external hard drives, and other pieces of equipment that could be compromised.

Finally, managers must develop plans to raise awareness among the staff. There are many essential precautions available on the internet, and for corporate environments, the in-house team needs to be aware of how to protect against digital threats.

Making sure employees are aligned for this purpose is an essential step in the process of preventing social engineering attacks and other cyberattacks.

Cyberattacks have been causing concern and discomfort for those who use and depend on digital spaces for some time now.

This type of activity disrespects the private life of social subjects, in order to expose them to different types of risks.

They usually occur unexpectedly and victims suffer numerous damages, whether monetary, psychological or otherwise.

This action is commonly practiced by malicious hackers, who are dedicated to committing crimes in virtual systems through their technical knowledge of the software.

Hackers can infect connected devices by sending a virus, affecting their performance, and causing irreversible damage.

Likewise, these malicious attackers can steal personal data and information from computers, laptops, tablets, mobile phones, and other connected digital technology devices.

The practice of these crimes can generate harm with no turning back for those who suffer them, and they are more common than it seems.

During the crisis of the new coronavirus, this became even more evident.

The Scenario of Cyberattacks During the New Coronavirus Pandemic

It is possible to state that, if the situation was already quite serious before the pandemic, with the arrival of the new coronavirus, it only worsened.

The new virus brought many complications and, due to the preventive measures required to avoid a more catastrophic situation than the current one, preventive sanitary measures were taken, including social distancing.

This has led many people to work from home. The number of home office jobs had a considerable increase because companies and businesses across the country had to start a process of moving from the physical to the virtual world to survive the crisis.

A consequence was people starting to consume more products online due to isolation, which caused the virtual market and the demand for connectivity to skyrocket.

From this perspective, especially considering the emergency context of society’s shift to the digital world and coinciding with the growth in the number of users, the consequence was a considerable increase in the number of cyberattacks.

This demonstrates a problematic situation in several spheres.

For this reason, it becomes increasingly important to take preventive measures, both concerning the new coronavirus, as well as the security of your electronic equipment and digital devices.

Some precautions and preventive measures can be essential so that a situation as unpleasant as cybercrime is avoided, preventing possible troubles and losses that can often be irreparable.

Protect Yourself from Cyberattacks During the Pandemic

Although it is regrettable to have to worry about the security of your electronic devices, as well as data and personal information in virtual systems that, presumably, should be protected, it is important to be aware of the dangers that exist within the digital world.

By knowing the risks, one can look for preventive measures and, in this way, reduce the chances of potential damage. Here’s some information that can help protect against cyberattacks.

Choose Your Password Wisely

It may seem trivial, but choosing a more complex password makes it very difficult for attackers to gain access to your systems and networks.

Therefore, an important tip is to choose passwords with a higher degree of difficulty, especially those used in more significant virtual spaces; try to develop a more elaborate password.

At the same time, it is interesting to change the password from time to time, helping to reduce the number of data recorded during a certain period.

We often access websites or virtual platforms on different electronic devices and this can facilitate access by malicious individuals.

In the last year, there was also an increase in the number of leaks of various users’ data and information throughout Brazil.

For this reason, it is recommended that you double-check if you are among this group of people. You can perform this check through the senhasegura Hunter website and find out if any of your data has already been exposed.

If after checking it, you discover that your privacy has been invaded and your data has been exposed, immediately change your passwords and check that there has been no serious damage.

Search for PAM Solutions

PAM (Privileged Access Management) solutions work as a great support in managing the passwords of your organization’s critical systems and in protecting your data.

This type of solution works as a repository that stores and protects passwords, information, and important documents of your business. Also, a PAM solution such as senhasegura monitors access and ensures control and security of the passwords provided.

In a world of complex cybersecurity threats and mobile workforces armed with multiple apps and devices, security in Zero Trust aims to provide comprehensive protection.

The Zero Trust approach never assumes that a request comes from a trusted source, even if it originates from inside the corporate firewall, for example.

Everything is treated as if it came from an open, unsecured network, and trust itself is seen as a responsibility within the zero-trust framework.

Zero-trust security can also be called non-perimeter security. This term shows how it is the opposite of traditional security models, which follow the “trust, but verify” principle and consider users and endpoints already authenticated within the company perimeter or those connected via VPN (Virtual Private Network) as secure.

But this implicit trust increases the risk of data breaches caused by insider threats, as it allows for extensive, unverified sideways movement across the entire network. Keep reading and learn more about Zero Trust-based security.

What is Zero Trust-based Security?

Zero Trust is a security framework that requires all users, inside or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and behavior before receiving or maintaining access to applications and data.

Zero Trust assumes that there is no traditional network edge. Networks can be on-premises, in the cloud, or a hybrid combination with resources anywhere, as well as workers anywhere.

The execution of this framework combines advanced technologies such as multi-factor authentication, IAM (Identity and Access Management), identity protection, and state-of-the-art endpoint security technology to verify user identity and maintain the system’s security.

This approach also requires considering data encryption, email protection, and asset and endpoint hygiene verification before connecting to applications.

Therefore, zero-trust-based security requires organizations to continuously monitor and validate that a user and their device have the correct privileges and attributes.

Also, it requires the organization to know all of its services and privileged accounts and be able to establish controls over what and where they connect. One-time validation is simply not enough, as threats and user attributes are subject to change.

How to Implement Zero Trust-based Security?

The concept of zero trust can be built on your existing architecture and does not require you to eliminate and replace existing technology.

There are no Zero Trust products. Some products work well in Zero Trust environments and others that do not. Zero Trust is also quite simple to deploy, implement, and maintain using a simple five-step methodology. This guided process helps you identify where you are and where to go.

Identify the protection surface of your environment.

1. Map data transaction flows.
2. Build an architecture using zero trust concepts.
3. Create, communicate, and educate based on a zero-trust policy.
4. Continuously monitor and maintain processes and technologies.

How Important is Zero Trust-based Security?

Zero Trust is one of the most effective ways for organizations to control access to their networks, applications, and data. This concept combines a wide range of preventive techniques, including identity verification and behavioral analysis, micro-segmentation, endpoint security, and least-privilege controls to stop potential intruders and limit their access in the event of a breach.

It is not enough to establish firewall rules and block by packet analysis. A compromised account that goes through authentication protocols on a network perimeter device must still be assessed for each subsequent session or endpoint it tries to access.

Having the technology to recognize normal versus anomalous behavior allows organizations to tighten authentication controls and policies rather than taking over the connection via VPN or SWG (Secure Web Gateway), which means the connection is completely secure and reliable.

This additional layer of security is critical as companies increase the number of endpoints on their network and expand their infrastructure to include cloud-based applications and servers, not to mention the boom of service accounts on microsites and other locally-hosted machines, VM, or via SaaS.

These trends make it more difficult to establish, monitor and maintain secure perimeters. Additionally, a borderless security strategy is vital for organizations as a global workforce that offers employees the ability to work remotely.

What Are the Benefits of a Zero Trust Approach?

The main benefits of a zero-trust model for protecting systems, information, and other valuable assets for businesses are:

Superior risk mitigation by closing security breaches and controlling lateral movement in the net.

• Improved cybersecurity and support for mobile and remote workers.
• Strong protection for applications and data, whether in the cloud or on-premises.
• Reliable defense against advanced threats such as APT (Advanced Persistent Attack).

Finally, by segmenting the network by identity, groups, and role and by controlling user access, zero-trust-based security helps the organization contain breaches and minimize potential damage. This is an important security measure, as some of the more sophisticated attacks are orchestrated by invasive credentials (internal or compromised).

As the classic approach to enterprise security is no longer viable, companies must shift to meet their users’, applications’, and data’s needs wherever they are.

Today, that means the cloud, which offers greater and better flexibility, collaboration, connectivity, and performance.

Learn about senhasegura and check our services! Also read about the 7 Signs Your Business Needs to Improve the Security of Sensitive Data.

This May, the Center for Internet Security (CIS) has launched version 8 of the security control tool for critical systems, especially marked by structural progress aimed at cloud and mobile environments. The concentration of online tasks and the remote work model are becoming increasingly popular due to mobility restrictions caused by the pandemic, which generates, proportionally and positively, technological evolution to ensure the execution of work, social and entertainment activities.

What Is Different?

 CIS Controls v8 is based on the activities performed, not on the user who controls the devices or on the devices themselves. Whereas previous versions focused on a centralized network that grouped all coordination and security endpoints, version 8 tracks virtual changes and assimilates new cyberattack modalities based on real threats cited in Verizon’s 2021 Data Breach Investigations Report.

 Until the previous version (7.1), the set consisted of 20 main controls and 171 sub controls, but the modernization of the system condensed the total to 18 controls and 153 safeguards (yes, the term has also changed!) divided into 3 Implementation Groups (IGs), which work as a practical guide to help organizations of all sizes with their particular needs and to adapt them to current regulations. 

 As IG1 is the primary Implementation Group, every company needs to start with it, as it is considered the set of “basic cyber hygiene” and serves to preserve the information system from the most recurrent attacks. In the current version, it supports 56 safeguards in total, while IG2 has 74 and IG3 has 23 safeguards, making up the complete package.

To ensure essential protection, the following controls must be adopted: 

4: Secure configuration of company assets and software

5: Account management

6: Access control management

14: Security awareness and skills training

 

v8 Extra Points: 

CIS CSAT Pro self-assessment capabilities, with location tracking, optional data sharing, separation of roles and user behavior;

Community Defense Model (CDM) v2.0, with safeguards mapping and consultation of reports released by the industry, which indicate the main threats and frequent attacks;

CIS Controls Mobile Companion Guide and CIS Controls Cloud Companion Guide, which are guides for implementing CIS security best practices for mobile devices such as mobile phones and tablets; and for cloud environments, respectively.

What Does the Launch of Controls v8 Mean? That CIS understood the defense priorities of the critical data environment and streamlined the cybersecurity process. For businesses, the result is the quality of critical system security options and the practicality of complying with regulatory data protection requirements (PCI-DSS, SOx, HIPAA, and others).

Source: https://www.cisecurity.org/blog/18-is-the-new-20-cis-controls-v8-is-here/

Text: Priscilla Silva