Ten key points to tackle cyber attacks strategically

Jul 7, 2023

Ten key points to tackle cyber attacks strategically

To avoid damages caused by malicious software, such as ransomware, – established as one of the Chile’s most recurring incidents – companies must implement several initiatives to strengthen their structure.

Santiago, June 06, 2023 – Ransomware has been positioned as the type of cyber attack with the greatest increase in Chile and Latin America.  This is stated by an Entel Ocean study which compared this type of incident in the first semester of 2023 with the same period in 2022 and identified an attack increase of 27% in Chile.  This data is included in Chile’s third position, behind Brazil and Mexico, regarding the amount of ransomware received to date.

Ransomware is a type of malicious software often sent via unsolicited phishing emails, which trick users by hijacking and blocking files or systems to prevent access. The “hijacker” uses encryption to turn files into hostages.  And when the victim pays the ransom, they supposedly receive a decryption key to release the locked systems.

With this scenario in mind, Ricardo Pulgarín, Cirion Technologies’ Security Solutions Architect, explains that “companies and institutions should focus on strengthening their cybersecurity framework”.  To this end, the expert provides 10 recommendations for strategically addressing potential threats:

1. Protect recovery systems and backup data: In the event of incidents caused by individuals, ransomware or natural disasters, adopting measures that enable a quick recovery of data and systems is critical. To allow this, data must be backed up, recovery tests must be performed, and a contingency plan must be implemented to define recovery point objective (RPO) and backup frequency, as well as the recovery time objective (RTO).
2. Run recovery test runs: This ensures that data is available, that every resource can be recovered, and that everything is working as expected. Furthermore, the determined chain of command should be communicating appropriately and there should be group and individual accountabilities.
3. Cybersecurity training and awareness: Establishing data security must be a priority for the company. Therefore, appropriate training is key for employees to understand the risks the company may be subject to and the importance of being accountable when facing potential threats.
4. Define the surface of attack: Organizations should know which systems, devices, and services in their environments are necessary to maintain their business online and inventory active. This will help them identify their most vulnerable areas and lay out the baseline for system recovery.
5. Audit and manage the most vulnerable devices: For a comprehensive security strategy, it is essential to count on controls throughout all of the network’s critical points. There’s no doubt that perimeter security is important, but for it to be effective – given users’ high mobility – it  must also be complemented by security in final users’ devices.
6. Sectorize the network: Sectorization can help contain malware. If a threat reaches the network, it should be “blocked” and prevented from moving around unchecked, therefore interrupting the collection of information.  This requires “splitting” the network into smaller segments to enhance the flow of traffic and prevent threats from moving laterally.
7. Safeguard e-mails to avoid ransomware access: In addition to safeguarding network devices, it is also imperative to ensure that email solutions are executed with their latest updates and that firewalls are in place.
8. Expand the focus on identity: Organizations should implement double-factor authentication mechanisms for its remote users and customers, thus providing double validation access to the most critical information. Also, they must monitor usage of gateways, protocols, and network services to prevent malicious applications from finding a security breach that can be explored by the attacker.
9. Strengthen security along entire Cyber Kill Chain: The Cyber Kill Chain model examines how cybercriminals act to achieve their goals. Potential human failure underscores the need for a robust security technology and a cyber security strategy which integrates multiple controls and allows visualization of the different stages an attacker needs to cut through before being successful.
10. Implement an incident response plan: A clearly defined and proven incident response plan will strongly contribute to a better outcome in case cyber attacks occur.

Cirion Technologies has a complete integrated security portfolio, with mitigation and network protection services, among others, customizable to any industry’s requirements.

For additional information, visit https://www.ciriontechnologies.com/es-cl/seguridad-integrada/

About Cirion

Cirion is a leading digital infrastructure and technology provider, offering a comprehensive suite of fiber networks, connectivity, colocation, cloud infrastructure, and communications and collaboration solutions with the purpose of furthering Latin America’s progress through technology. Cirion serves over 5,500 Latin America-based and multinational customers, including enterprises, government agencies, cloud service providers, wireline and wireless carriers, ISPs, and other leading businesses.  Cirion owns and operates a portfolio of networks and data centers, with extensive coverage throughout the Latin American region.  Learn more about Cirion at www.ciriontechnologies.com

Follow us on our Social Networks:

LinkedIn | Twitter | Facebook | Instagram | YouTube | Blog

Media Contact:

Carolina Díaz
Impronta
Tel: + 56 9 42523795
cdiaz@impronta.cl

Paulette Cartes
Impronta
Tel: + 56 9 34114971
pcartes@impronta.cl

Cybersecurity: five critical areas companies must safeguard

May 7, 2023

Cybersecurity: five critical areas companies must safeguard

In today’s reality, where international cybercriminals use malware and ransomware to carry out attacks, companies must adopt organizational strategies centered on creating protection ecosystems which include IT security, focused on information security.

Santiago, July 04^th, 2023 – Although IT security has always been a relevant aspect of companies’ operations, never has this topic been so critical. With companies and institutions rapidly advancing in their digital transformation processes, and employees working in remote or hybrid systems, security has become increasingly vulnerable.

However, the notion that “this won’t happen to me” is still too frequent among companies of all sizes and segments. Without going too far, according to a 2022 Gartner report, by 2025 45% of organizations worldwide will have suffered attacks on their supply chain software, thus providing hackers and malicious actors a fertile soil where they can leverage weaknesses to drive malware and ransomware attacks, to destroy infrastructures and obtain economic gain.

So, what must companies do regarding cybersecurity?

Ricardo Pulgarín, Cirion Technologies’ Security Solutions Architect, explains: “Regardless of their size and business, companies must have an organizational security strategy encompassing two aspects: IT security – the set of technologies, processes and practices designed for network, devices, programs and data protection – and information security, such as the measures and techniques employed to control and safeguard all data handled inside the organization, ensuring that they are exposed only to the appropriate recipients; this is the area of greatest risk.

Beginning with IT security, companies must possess different protection tools to create an ecosystem which can predict and deflect attacks, detect, and contain incidents, and obtain responses to foster research and resolve the problems detected.

In Pulgarín’s opinion, in a scenario where vulnerabilities can cause severe damages to a company’s operation, this ecosystem must focus on 5 key areas to prevent and address potential cyberattacks:

1. Development: Everything a company publishes in the web; for instance, source codes, applications, commercial web pages, corporate sites, and other developments.
2. Data Centers: All services except web pages, such as GPS management, biometry software, virtual machines, user authentication systems, and file repository, among others.
3. Connectivity: Every access channel, such as Internet, MPLS, and broadband channels, among others.
4. Endpoints: User devices, such as business computers and tablets, as well as corporate smartphones.
5. Users: They are the ones who consume the information and need to know what should be done to prevent them from being victims of hacker scams, through awareness and training on cybersecurity.

About Cirion

Cirion is a leading digital infrastructure and technology provider, offering a comprehensive suite of fiber networks, connectivity, colocation, cloud infrastructure, and communications and collaboration solutions with the purpose of furthering Latin America’s progress through technology. Cirion serves over 5,500 Latin America-based and multinational customers, including enterprises, government agencies, cloud service providers, wireline and wireless carriers, ISPs, and other leading businesses.  Cirion owns and operates a portfolio of networks and data centers, with extensive coverage throughout the Latin American region.  Learn more about Cirion at www.ciriontechnologies.com

Follow us on our Social Networks:

LinkedIn | Twitter | Facebook | Instagram | YouTube | Blog

Media Contact:

Carolina Díaz
Impronta
Tel: + 56 9 42523795
cdiaz@impronta.cl

Paulette Cartes
Impronta
Tel: + 56 9 34114971
pcartes@impronta.cl