Cyber security was one of the great topics of 2020. With the transfer of company employees to their homes and with the constant digitization of duties, protecting the “virtual office” became essential and, with it, taking full protection of servers, documents and information housed in portals and platforms has become a cornerstone in large and small organizations. The different companies chose to scale their data and keep it always safe and available, although the dangers have now even increased.
According to the most recent Accenture State of Cyber security Resilience study , despite the fact that 82% of large organizations around the globe increased their investments in cyber security, 55% of the total are unable to defend themselves against cyber attacks. In fact, 44% of those surveyed in 2020 suffered effective attacks, while this time the figure grew to 69% and there were, on average, 270 attacks per company during the year. All due to the pandemic.
In this article we tell you a series of measures and recommendations for companies that want to safeguard their information and protect the data generated.
Cloud storage
It is one of the trends that has been on the market for some time, but has only been perfected. From the storage of small documents, to services that allow all the information available and generated by a company to be kept in the cloud.
What is the benefit? Different media and specialists point it out, but at the time of receiving a cyber attack, it is convenient to have all that information backed up and still available to resort to it, in the event of a security breach.
In fact, there are certain firms that make sure that, despite being attacked, they can continue to operate since their information is stored on external servers and that does not mean a major problem. In this sense, there are companies that provide services of this type at a local level, such as Claro with its Smart Scality.
The tool is a storage solution to scale linearly in multiple active sites and to be a single and distributed system, which also serves to protect company data, with data replication and encryption of the same before deletion.
It was precisely in this context of digitization that led to the pandemic that Smart Scality emerged, explains Francisco Guzman, director of Claro Empresas. “This highly digitized context has become a fertile environment for cyber attacks, intruders into company systems and infrastructure, among others. In order to prevent situations that compromise the operation, Smart Scality emerged, which generates a defined security perimeter, offering customers efficient protection and security, guaranteeing that there is no loss of information, as well as a safe environment against ransomware”.
Another advantage, says Guzman, “is the storage with the capacity to house large volumes of data, which is hosted locally, in our Liray Data Center.”
Endpoint encryption
It is one of the key points to be able to protect information. Far beyond the cloud, there may be data and information in different industries that are sensitive or essential for the full development of a project. For example, a company that is dedicated to programming or software development will not want its progress to be filtered or deleted by mistake. And even when talking about institutions linked to the State, the encryption of information is essential. Bank clients, for example, require that their data be protected. The same happens with clinical patients.
Disk encryption software, or terminals, is one of the many layers that are required within organizations to protect information and is usually the last in the chain. Different companies offer services to encrypt complete units -operating system and data of laptops or desktop PCs-, and also specific content in local units, detecting vulnerabilities and closing access to different threats.
Digital identity tools
One of the key tools are the digital identity tools in SaaS (software as a service) format, which allow managing access to the systems and data of the entire organization with end-to-end security. According to Claudio Ordonez, director of cybersecurity at Accenture Chile, the adoption of these tools is essential, considering that 80% of computer attacks are related to passwords. “Used well, they allow you to take advantage of artificial intelligence and machine learning to drive automation and maximize the value of investment in digital identity,” says the specialist. And he points out that, for example, in the world of retail and financial services, they allow each of the millions of users and customers of their digital channels to be identified,
In addition, these types of tools must be considered when designing new products and channels. “Not only because if they reach production without security they are easy targets for cybercriminals, but fixing security problems after they are built is much more expensive than having done it in the early stages of development,” he says.
Another relevant point, beyond these instruments, is that companies must be attentive to the growth of commodity malware, which is high-volume crimeware. This is, in the words of Ordonez, a danger that allows intrusions in the victim network and threatens both IT and OT systems. To deal with this threat, he says, companies must be brilliant at the basics: patching endpoint systems, identifying potential infection vectors, updating antivirus software, maintaining backups, and using application whitelisting. “Also conduct regular phishing awareness programs for all staff, segment Active Directory domains by role or criticality, and maintain a principle of least privilege for each user group and account,” he adds.
