We are in a world where every click can be a trap, and every email a gateway to a new attack. We have already discussed the most common cyber-attacks and how they can affect business assets. In this article we will go a step further to analyze how these AI-powered cyberattacks have evolved in 2024 and how you can deal with them.

1. Increasingly sophisticated social engineering attacks

In 2024, social engineering attacks will continue to take center stage. However, they will be harder to detect and more personalized than ever, with phishing and deepfakes leading the way. Cybercriminals are already implementing new techniques to achieve their goals. One of them is callback phishing, also known as callback phishing. In this new type of attack, cybercriminals send an email to victims simulating expensive subscriptions, in which they include a telephone number. The victims, upon seeing the high amount, call the phone number in the email in order to cancel the subscription. It is in that call that they will try to steal your data. Now then… How to avoid this and other types of social engineering attacks? With awareness and a robust Zero Trust security strategy. An example of this is Via Celere, which with the accompaniment of Softeng has achieved an advanced level of security, managing daily and centralized through Softeng Max Platform alerts Microsoft 365 and Azure. Here we tell you more about Vía Célere’s success story.

Ransomware and malware on new attack surfaces.

Malware will also continue to rise, exploiting new attack surfaces and new vulnerabilities. And yes, they will also be increasingly difficult to detect. New techniques such as dual ransomware or triple extortion attacks are already multiplying attacks and generating further financial, compliance and reputational consequences. The only way to avoid them is to have modern security solutions based on suspicious behavior detection, together with a policy of vulnerability analysis and management.

3. More potential entries for OT and IoT infrastructure attacks

With respect to OT, special attention will have to be given to critical infrastructures, public administrations and essential services, although private companies will also be targeted. As for IoT, more and more devices will appear that communicate with each other and access the Internet, creating more potential “gateways” for cyber attackers to exploit.

4. Identity theft and privilege escalation will continue to increase.

We are seeing more and more cases of using data such as names, Social Security numbers and bank details without consent. In 2024, these types of cyberattacks will continue to increase to produce lateral movements and compromise the maximum number of business assets. The reasons? Technological progress, characterized by greater interconnection and dependence on digital systems, which opens new doors for cybercriminals to exploit vulnerabilities.

5. Unsafe application design is gaining ground

This will be another susceptible attack surface and cybercriminals will focus on risks related to design flaws. On the one hand, we will need to obtain details of the assets published on the Internet for the detection of vulnerabilities. And, on the other hand, to establish with developers secure design principles and reference architectures based on reference frameworks.

Attacks are advancing, technology is advancing

In 2024 we will continue to battle cyber threats that are increasingly difficult to detect, and information and preparedness are our best weapons. As a leader in cybersecurity, it is our responsibility to always be one step ahead to help companies avoid attacks that can have serious consequences. Alex Imbernón, Cybersecurity Manager of Softeng, shares answers on this topic in his article: 3 key questions on cybersecurity that every CEO should know how to answer.

Your company is cyber-resilient if it is able to anticipate threats, mitigate their potential impact and respond quickly so that business can continue as usual despite a security breach.

The term resilience has become very popular in the cybersecurity field. In short, a resilient environment is one that has the ability to overcome a security incident and maintain business continuity.

But how do I know if my company is cyber-resilient?

The formula for knowing this is simple: if your company were to fall victim to a cyber-attack, such as ransomware, and you believe it would not be able to continue operating, then your company is not cyber-resilient.

We share with you some essential factors to create a resilient environment:

• Promote a culture of cybersecurity, raising awareness among both management and employees.
• To have modern security solutions that allow 24×7 monitoring of security incidents and to respond to them quickly and effectively.
• Establish an incident response plan and improve it based on lessons learned over time.
• Define, validate and periodically test a business continuity plan.
• Establish a risk and vulnerability management plan.

In short, it is important to design a comprehensive cybersecurity strategy aligned with business objectives to protect all digital assets wherever they are.

The power of collaboration to increase cyber resilience

The main cyber threats in 2024 will be increasingly effective. Therefore, the collaboration between companies and a partner specialized in cybersecurity is essential to have the necessary expertise and mastery of technology that allows simplifying all the complexity of cybersecurity to manage it efficiently.

Undoubtedly, this is a more than interesting topic for those business leaders with digital ambition. If you want to know more, log on to Max Global Defense and find out how we can help you.

The Keops pyramid of cybersecurity represents the 5 levels that every company must apply in ascending order to ensure the protection of its business assets and a complete defense on exposed surfaces susceptible to attack. Want to know how you can build your own? So let’s get to work.

In the middle of the Egyptian desert, a construction of more than 146 meters high and 5.7 billion tons stands out: The Pyramid of Giza, also known as the Pyramid of Cheops. Its perfect structure makes it seem indestructible. Therefore, it is used as a reference in cybersecurity to represent how companies should organize and build their threat protection levels.

In this article, we will detail what each of the levels of the Keops pyramid in cybersecurity consists of, which has measures from the most basic to advanced approaches that will allow you to have an extremely robust protection.

Level 1: Basic Cybersecurity Solutions

Like any construction, the Keops pyramid of cybersecurity must start at the base. This first level of the pyramid is the one that will later support the rest of the structure and, therefore, it should be given the same importance as the rest, no matter how basic it may seem.

To begin with, it is essential to have minimum protection measures in place, such as firewalls, EDR antivirus, back-ups, multi-factor protection (2FA) and hardware encryption, among other measures. In this way, you can be directly protected against attempted attacks on your company’s network.

However, none of these protective measures would be of any use if you do not train your users on the types of threats they may receive and the risks associated with them. Therefore, another fundamental point at this level is the awareness of users so that they can recognize attacks and avoid falling prey to them with just one click.

Level 2: Attack vector protection and data classification

Once we have a solid foundation, we can move on to the second level of the KEOPS cybersecurity pyramid. Here we will focus on solutions aimed at protecting various attack vectors such as mail, password vulnerabilities and remote access to applications and data.

It also focuses on classifying data to become aware of its location, content and permissions to move on from there to more advanced levels of cybersecurity.

Some of the measures to be implemented at this level are password managers, web security, data and permissions auditing, software patch and digital certificate management, mail protection and zero trust access.

Level 3: Data and identity protection

The third level incorporates more sophisticated and specific solutions to protect user data and identity. Here, technologies are applied to prevent information leakage, exfiltration, control of data once it has left the company, advanced identity management and enterprise security both on-premises and in the cloud.

In recent years, as hybrid work has taken center stage in most enterprises, maintaining control from anywhere over your users and devices has become a major challenge.

If you are already at this level of protection and want to learn more about it, we recommend this demo on how to simplify identity governance and business asset protection with Microsoft Entra.

Level 4: Active robustness check of the system

The fourth level introduces a dynamic and constantly evolving perspective, in which cybersecurity adapts to the changing conditions of the environment. This involves the adoption of risk analysis solutions, vulnerability scanning and intrusion drills to effectively and continuously assess the security of a company.

At this level, the solutions adopted must be regularly updated to ensure that they remain effective in protecting a company against cyber threats.

Level 5: Active monitoring and SOC

The fifth and final level of the Cheops pyramid represents the most advanced approach to cybersecurity, focusing on resilience and proactivity. Here we work on the identification and neutralization of threats before they have a significant impact on the company, the implementation of incident response policies, as well as quick and efficient recovery in the event of an attack.

Companies that reach this level of security are already enabled to implement a modern SOC, through which they will be able to monitor and protect their company 24×7 against all the cyber threats to which they are exposed.

Start building your own Keops pyramid of cybersecurity

Building the Keops pyramid of cybersecurity does not require 30,000 people or 20 years of work as the original version did. However, not all solutions are suitable for all companies, and their analysis and implementation must be carried out by cybersecurity experts who have a good understanding of the complexities involved and have mastered the technology.

Let’s move forward together to start building your own protection pyramid. This is one of our experts.

The annual Microsoft Ignite 2023 event has once again left the technology community intrigued and excited by the more than 100 innovations presented in the Microsoft cloud; news related to Microsoft Copilot, Data and AI, infrastructure and, of course, cybersecurity.

Our experts in cybersecurity Softeng have followed the event in detail to identify the most important developments and unpack their keys to know how to maximize their potential, with the aim of improving and strengthening cybersecurity in enterprises.

1. Microsoft Defender XDR: New unified user experience with Sentinel, Threat Intelligence and Defender for Cloud Console (SIEM+XDR) capabilities.

Microsoft Defender Extended Detection and Response (XDR), is a security solution that provides integrated and automated protection across an organization’s entire IT infrastructure.

For the first time, Microsoft Defender XDR capabilities integrates all cybersecurity services on a single platform: Threat Intelligence, Microsoft 365 Defender, Microsoft Sentinel and Microsoft Defender for Cloud.

This allows access to all security operations tools in a single interface, making them easier to use and improving efficiency. In addition, with this integration we can take full advantage of automation and artificial intelligence technologies to improve cybersecurity.

From our SOC team, we are investigating the new capabilities offered by Microsoft Defender XDR to incorporate the new unified user experience to our modern CyberSOC service for security incident management and response(Softeng-CSIRT).

Microsoft Security Copilot has added Entra, Defender for Cloud and Purview to extend the use cases to identity, infrastructure and data protection.

Microsoft has also shared news on new AI capabilities in cybersecurity, particularly in incident investigation and response.

Microsoft Security Copilot is a generative AI-powered security product that helps cybersecurity teams increase their productivity. Therefore, with the addition of Entra, Defender for Cloud and Purview, Microsoft Security Copilot can extend its use cases to include identity, infrastructure and data protection.

For example, you can help determine why a login requires two-factor authentication, or summarize risks and define remediation steps for users, groups, logins or permissions.

3. Microsoft Defender CSPM: Proactive attack path analysis

Finally, Microsoft Defender for Cloud has enhanced the attack analysis engine with recommendations based on more complex risks, such as inter-cloud attack paths.

In addition, the new code-to-cloud mapping will also allow cybersecurity teams to reduce time and optimize effort to address critical security flaws directly in the code itself.

This way, our modern SOC team will have more visibility into attack exposure from Azure, AWS or GCP clouds.

4. Automatic Conditional Access Policies in Microsoft Entra: Optimizing Identity Protection

In order to better control how users access corporate resources, Microsoft has announced the automatic deployment of Microsoft Entra universal conditional access policies.

This new functionality uses real-time signals and machine learning to determine when to allow, block or limit access to application and sensitive data, ensuring that only healthy and trusted devices can access corporate resources. This maximizes safety without compromising productivity.

5. Microsoft Enters Private Access: Multifactor authentication is added for all local applications.

In addition to automatic conditional access controls, Microsoft Entra Private Access adds multi-factor authentication for on-premise computing resources, i.e. those that are physically located on an organization’s premises, increasing the security of applications and data.

In Softeng, our team of cybersecurity experts is already working on a digital event in which we will show the capabilities of Microsoft Entra, and, among them, Microsoft Entra Private Access. We will announce it soon on our LinkedIn account! Follow us at >

6. Microsoft Entra ID: Compatibility of passkeys with Microsoft Authenticator

By early 2024, Microsoft has promised that Entra ID users will be able to sign in with passkeys managed by the Microsoft Authenticator app.

The interesting thing about this new feature is that it will reinforce the two-factor methods, a mechanism that is resistant to phishing, leaks and allows us to log in more securely.

Related article: How can the 6 most common cyberattacks affect business assets?

7. AI Hub on Microsoft Purview: Sensitive Data Leak Detection in Generative AI SaaS Applications

Microsoft has announced the release of a trial version of its AI Hub on Microsoft Purview, an integrated solution that enables organizations to govern, secure and manage the use of generative AI applications across the enterprise.

With this solution, organizations can gain a complete view of the use of generative artificial intelligence applications, such as ChatGPT, Bard and others, and the associated data security and compliance risks.

The IA Hub solution in Microsoft Purview is an invaluable tool for organizations looking to better protect their sensitive data and comply with privacy and security regulations.

8. Microsoft Purview DLP: Preventing and blocking sensitive data leakage in generative AI SaaS applications.

Data Loss Prevention (DPL) in Microsoft Purview allows organizations to create policies to prevent their users from pasting sensitive information on specific websites, personal email, applications and social networks, among others.

Microsoft has announced this new functionality that extends the capabilities of Microsoft Purview DLP to block sensitive data leakage in non-corporate generative AI applications.

From Softeng, we move forward with confidence to embrace digital innovation

In Softeng we are one of Top Partner Cloud Microsoft most qualified in Europe, allowing us to accompany our customers by maximizing the power of the Microsoft cloud to drive digital innovation with security and intelligence.

The new developments announced at Microsoft Ignite 2023 motivate us to continue to embrace and simplify innovation, in order to accompany ambitious companies to move faster in their digitization in a secure way.

If you want your company to be well protected in order to move forward without fear, we invite you to learn more about what we can do together.

El incremento de los ciberataques seguirá creciendo a lo largo del tiempo, por lo que es un tema crítico para las empresas. Es fundamental que las empresas estén preparadas para un escenario cada vez más hostil y complejo de defender, en el que las empresas se enfrentan a desafíos cada vez mayores en la detección y mitigación de ciberamenazas.

En este artículo, analizamos los puntos débiles más comunes en la detección y mitigación de ciberamenazas para actuar sobre ellos y conseguir obtener una defensa completa y anticiparse a las ciberamenazas de manera efectiva.

1. Defensa insuficiente y aumento de los ciberataques

Si se cuenta con medidas de seguridad tradicionales y tecnologías que no se entienden entre sí, no se puede obtener visibilidad total de las ciberamenazas que nos afectan. Esto produce una falsa sensación de seguridad, ya que no se pueden mitigar las amenazas en una fase temprana, y cuando ocurren, es demasiado tarde. Entonces, el impacto es tan grande que, en muchos casos, ya no podemos reaccionar. Por ello, es crucial disponer de medidas de seguridad avanzadas que cubran todas las superficies de ataque.

2. Falta de presupuesto y concienciación

Las empresas que no invierten en ciberseguridad tardan un promedio de 279 días en identificar y contener una intrusión. Y por cada día que una ciberamenaza pasa sin ser detectada, el coste de recuperación y los daños aumentan exponencialmente. Es necesario fomentar una cultura digital en la empresa que posicione la ciberseguridad como parte del negocio para que su inversión sea tan prioritaria y estratégica como lo es en otras áreas de negocio.

La mayoría de las empresas que no alinean la ciberseguridad con el negocio, tarde o temprano acaban sufriendo la paradoja del castillo de naipes (link a la landing con el ebook), y son atacadas muy fácilmente paralizando el negocio.

3. Ampliación de la superficie de ataque

Hoy en día, la red corporativa se ha descentralizado y los activos de negocio se extienden más allá del perímetro corporativo interno. Esto provoca que se amplíe la superficie de ataque y sea necesario intensificar el control, supervisión y confianza sobre las conexiones y el uso dentro de la red. ¿Cómo? Mediante la implementación de soluciones de seguridad que permitan detectar y mitigar todos los riesgos en las diferentes superficies vulnerables.

4. No poder anticiparse ante los ciberincidentes

Las empresas que no cuentan con soluciones desplegadas que protejan todas las superficies de ataque ni con una estrategia de ciberseguridad definida, no tienen la capacidad de anticiparse ante las ciberamenazas. Si a esto le sumamos el aumento y la sofisticación de los ciberataques, las empresas están obligadas a cambiar el enfoque reactivo a uno proactivo; de “reaccionar cuando se produce un incidente” a «cómo puedo anticiparme de forma efectiva ante un ciberataque».

5. Falta de personal cualificado y dedicado 24/7

Cada una de las superficies vulnerables que se deben proteger traen consigo diferentes complejidades y casuísticas. Tener el know-how y tiempo para saber gestionar y controlar eficazmente todo lo que conlleva la ciberseguridad es, hoy en día, extremadamente complicado. Los equipos internos de IT porque muchas empresas no cuentan con personal cualificado con un equipo de expertos multidisciplinar que puedan tener una dedicación completa para actuar sobre todas las áreas de la ciberseguridad.

¿Cómo tener una defensa completa frente a las ciberamenazas?

Un SOC moderno es el enfoque de defensa más efectivo en comparación con un SOC tradicional. Ofrece mayores beneficios en términos de seguridad y también en cuanto a la infraestructura y eficiencia operacional.

Descubre en este evento digital bajo demanda cómo maximizar la protección de tu empresa con un SOC de última generación para anticiparte, reaccionar y responder a cualquier ciberamenaza.

I would like to start this article with a fact: by the end of 2025, the global cost caused by cyber-attacks is expected to exceed $10.5 trillion, 15% more than three years ago. This statistic leaves us with a clear message, and that is that there is no doubt that it is increasingly necessary to treat cybersecurity as a strategic business priority.

So, here are 3 key questions that every CEO should know how to answer to understand the cybersecurity context, and be prepared for what’s coming.

1. What will change in cybersecurity in 2024?

Undoubtedly, the most relevant change in cybersecurity will be – and already is – artificial intelligence.

But beware, the impact of AI on cybersecurity is paradoxical: it will be a transformative tool to improve defense against cyberattacks, but, at the same time, it will also increase the quality and quantity of cyberattacks.

We know that AI will be used by cyber attackers to launch more sophisticated and intelligent attacks. This will result in the dominant cybersecurity threats during 2024 being harder to detect, from personalized phishing to automated malware, because they will adapt to try to evade detections and compromise business assets.

However, it will be AI itself that will help us detect and respond to cyber threats in the shortest possible time, thanks to its real-time anomaly detection capabilities, machine learning and automated incident response, among others.

If we compare it to a game of chess, the AI will be the queen and will have the ability to create powerful strategic advantages for both the attacker and the defender.The management committee will have to make the most of the moves of this key piece because one wrong move could lose them the game.

2. Is there a way to get ahead of the attacker?

“Know your enemy and know yourself, and you will win hundreds of battles,” says Sun Tzu in the military treatise “The Art of War.” Personally, I like to use this famous phrase as an analogy for cybersecurity…

• Know your enemy: It is vital to have up-to-date and accurate information about the cyberattack, based on 3 key elements: the techniques used by the attacker, the common characteristics of the cyberattack and the behavior of the cybercriminals once they have compromised the organization.
• Know yourself: For example, you should know what your business assets and weaknesses are, perform regular security audits, encrypt information, foster a culture of cybersecurity at all levels, etc.

Once we have identified both the enemy and ourselves, we have one last point to anticipate the attacker. To do so, I will use another phrase from Sun Tzu: “The best defense is a good offense”. In other words, it is going to be very important to have modern security solutions based on AI and behavioral analytics, along with a team of cybersecurity specialists and an incident response plan.

All this will allow us to identify the threat at an early stage, anticipate it quickly and effectively, improve our security posture, prevent in many cases a breach before it occurs, and minimize the impact on the business, thus becoming more cyber-resilient.

You must know the enemy, know yourself and counterattack when an incident occurs, as this will be the art of getting ahead of the attacker.

3. What is the first step my company should take in 2024 to increase its cybersecurity?

There are several steps companies should consider to boost their cybersecurity. The first of these is not technical, but rather organizational: raising awareness of the need to invest in cybersecurity and adapt it to business models and assets.

It is common for most companies not to question investing in ERP, inventory software or invoicing processes, for example. But only companies with ambition know that if none of them are secured, the moment these assets are compromised, the business will be affected and thus cause a total shutdown of the company with all the economic and reputational damage that goes with it.

Security must be brought into the digital environment just as physical security is invested in and prioritized with security cameras, access controls or anti-theft locks, among many others.

Once this is clear, there is one more step. Last but not least, it is essential to have a team of cybersecurity specialists.

This is where a security operations center(SOC) comes into play, bringing together technologies and a cybersecurity team to analyze, manage and respond to emerging security breaches.

As a cybersecurity guard and 24×7 video surveillance service, a modern SOC allows you to reduce the risk that your assets could be compromised by a security breach.

Discover in this DEMO
the potential of our state-of-the-art SOC to anticipate, react and respond to any cyber threat.

Don’t wait for an attack to protect your business

Those of us who work in the world of cybersecurity know the great consequences that cyberattacks can have for a company, no matter how common they may seem. Therefore, the main mistake is that many – not to say the vast majority – are still waiting for problems to appear before taking action. And sometimes it’s too late, because being reactive is very expensive.

Digitally ambitious CEOs know that in this new era of artificial intelligence, they will only be able to protect business assets well if, on the one hand, they promote cybersecurity awareness throughout the organization, and, on the other hand, if they adopt a Zero Trust security strategy.

As a conclusion, in 2024 the dangers will advance, but so will the technology and the awareness of the importance of cybersecurity in companies. However, it is up to each individual which path he or she wants to take. Shall we move forward together?

The pandemic has been a turning point for many companies, highlighting the importance of being agile to surf the waves of change generated by a world that is increasingly digital, more connected – and with greater security risks, for this reason – and which is advancing at a high speed pace.

Those futuristic science fiction movies are already a thing of the past in the present that we live in. An example of this is IoT applications, the use of data, process automation, the application of artificial intelligence… where the playing field is the cloud.

Today, the cloud is a necessity, but the vast majority of companies do not take advantage of its full potential. This hinders their possibilities when it comes to innovating and advancing with the speed and security necessary to progress and always remain competitive. However, only those companies with digital ambition understand the importance of driving innovation as a competitive advantage to lead tomorrow.

The DNA of companies with digital ambition

The genome is the unique combination of genes and constitutes the operations manual with all the instructions for any living organism to develop and grow. Like human beings, in companies we can also talk about a genome that influences their growth and development, whose DNA contains the genes of each company that are expressed through its vision, value proposition, training, corporate culture, etc

Technological advances, digitization, cyberattacks… have caused the genome of some companies to evolve over the rest to continue advancing and remain competitive. We are talking about companies with digital ambition, and they have 3 unique genes that are decisive in influencing their development and growth: the innovative, resilient, and analytical genes.

The innovative gene (INVR)

Digitally ambitious companies are constantly looking for new ways to use technology to improve their business processes, products and services. They are aware of the importance of the cloud and, therefore, seek innovative solutions in order to maximize its full potential.

For this reason, they have a strategic vision of investment in IT, being a key area, and they are aware that innovation is a fundamental part of the business, so they are also willing to experiment with emerging technologies and take risks to get the most out of it. technology party.

The resilient gene (RSLT)

Companies that develop the resilient gene increase their ability to adapt, compete and thrive in a changing and uncertain environment. A resilient company is more sustainable, that is, it is capable of maintaining its stability and continuity over time despite obstacles, adversities and the competition itself in its sector.

For this reason, and in an environment where security threats and attacks are increasing and more sophisticated, a company with digital ambition knows the value of investing in cybersecurity to protect not only its digital assets, but also its reputation and the trust of its stakeholders, from customers to shareholders.

The analytical gene (ANLTC)

Companies with digital ambition promote a data-driven culture. Companies that understand the value of data and the importance of analytics to convert information into business insights and make better data-based decisions; not in assumptions. The analytical gene means that these companies have a clear tendency towards operational excellence and a clear customer focus.

For this reason, companies with digital ambition have solid strategies focused on optimizing processes and taking advantage of the maximum potential of data with automation solutions, advanced analytics and artificial intelligence.

The CIO, business leader

If before we talked about the genome as an instruction manual, it has no value if nobody follows it. In the case of companies with digital ambition, it is the CIO or technology director who must guide the company from the Management Committee to follow this manual and promote it to create that competitive advantage that can be developed with these differential genes.

Today, the CIO is a leader with a strategic vision who understands the objectives and priorities of the business and leads the IT area so that the company continues to grow and always remains competitive.