We are in a world where every click can be a trap, and every email a gateway to a new attack. We have already discussed the most common cyber-attacks and how they can affect business assets. In this article we will go a step further to analyze how these AI-powered cyberattacks have evolved in 2024 and how you can deal with them.

1. Increasingly sophisticated social engineering attacks

In 2024, social engineering attacks will continue to take center stage. However, they will be harder to detect and more personalized than ever, with phishing and deepfakes leading the way. Cybercriminals are already implementing new techniques to achieve their goals. One of them is callback phishing, also known as callback phishing. In this new type of attack, cybercriminals send an email to victims simulating expensive subscriptions, in which they include a telephone number. The victims, upon seeing the high amount, call the phone number in the email in order to cancel the subscription. It is in that call that they will try to steal your data. Now then… How to avoid this and other types of social engineering attacks? With awareness and a robust Zero Trust security strategy. An example of this is Via Celere, which with the accompaniment of Softeng has achieved an advanced level of security, managing daily and centralized through Softeng Max Platform alerts Microsoft 365 and Azure. Here we tell you more about Vía Célere’s success story.

Ransomware and malware on new attack surfaces.

Malware will also continue to rise, exploiting new attack surfaces and new vulnerabilities. And yes, they will also be increasingly difficult to detect. New techniques such as dual ransomware or triple extortion attacks are already multiplying attacks and generating further financial, compliance and reputational consequences. The only way to avoid them is to have modern security solutions based on suspicious behavior detection, together with a policy of vulnerability analysis and management.

3. More potential entries for OT and IoT infrastructure attacks

With respect to OT, special attention will have to be given to critical infrastructures, public administrations and essential services, although private companies will also be targeted. As for IoT, more and more devices will appear that communicate with each other and access the Internet, creating more potential “gateways” for cyber attackers to exploit.

4. Identity theft and privilege escalation will continue to increase.

We are seeing more and more cases of using data such as names, Social Security numbers and bank details without consent. In 2024, these types of cyberattacks will continue to increase to produce lateral movements and compromise the maximum number of business assets. The reasons? Technological progress, characterized by greater interconnection and dependence on digital systems, which opens new doors for cybercriminals to exploit vulnerabilities.

5. Unsafe application design is gaining ground

This will be another susceptible attack surface and cybercriminals will focus on risks related to design flaws. On the one hand, we will need to obtain details of the assets published on the Internet for the detection of vulnerabilities. And, on the other hand, to establish with developers secure design principles and reference architectures based on reference frameworks.

Attacks are advancing, technology is advancing

In 2024 we will continue to battle cyber threats that are increasingly difficult to detect, and information and preparedness are our best weapons. As a leader in cybersecurity, it is our responsibility to always be one step ahead to help companies avoid attacks that can have serious consequences. Alex Imbernón, Cybersecurity Manager of Softeng, shares answers on this topic in his article: 3 key questions on cybersecurity that every CEO should know how to answer.

Your company is cyber resilient if it is able to anticipate threats, mitigate their potential impact and respond quickly so that business can continue as usual despite a security breach.

The term resilience has become very popular in the cybersecurity field. In short, a resilient environment is one that has the ability to overcome a security incident and maintain business continuity.

But how can you identify if your company is cyber-resilient?

The formula for knowing this is simple: if your company were to fall victim to a cyber-attack, such as ransomware, and you believe it would not be able to continue operating, then your company is not cyber-resilient.

Here I share with you some essential factors to create a resilient environment:

• Promote a culture of cybersecurity, raising awareness among both management and employees.
• To have modern security solutions that allow 24×7 monitoring of security incidents and to respond to them quickly and effectively.
• Establish an incident response plan and improve it based on lessons learned over time.
• Define, validate and periodically test a business continuity plan.
• Establish a risk and vulnerability management plan.

In short, it is important to design a comprehensive cybersecurity strategy aligned with business objectives to protect all digital assets wherever they are.

The power of collaboration to increase cyber resilience

The main cyber threats in 2024 will be increasingly effective. Therefore, the collaboration between companies and a partner specialized in cybersecurity is essential to have the necessary expertise and mastery of technology that allows simplifying all the complexity of cybersecurity to manage it efficiently.

Undoubtedly, this is a more than interesting topic for those business leaders with digital ambition. If you want to learn more, I invite you to visit Max Global Defense to find out how we can help you.

The Keops pyramid of cybersecurity represents the 5 levels that every company must apply in ascending order to ensure the protection of its business assets and a complete defense on exposed surfaces susceptible to attack. Want to know how you can build your own? So let’s get to work.

In the middle of the Egyptian desert, a construction of more than 146 meters high and 5.7 billion tons stands out: The Pyramid of Giza, also known as the Pyramid of Cheops. Its perfect structure makes it seem indestructible. Therefore, it is used as a reference in cybersecurity to represent how companies should organize and build their threat protection levels.

In this article, we will detail what each of the levels of the Keops pyramid in cybersecurity consists of, which has measures from the most basic to advanced approaches that will allow you to have an extremely robust protection.

Level 1: Basic Cybersecurity Solutions

Like any construction, the Keops pyramid of cybersecurity must start at the base. This first level of the pyramid is the one that will later support the rest of the structure and, therefore, it should be given the same importance as the rest, no matter how basic it may seem.

To begin with, it is essential to have minimum protection measures in place, such as firewalls, EDR antivirus, back-ups, multi-factor protection (2FA) and hardware encryption, among other measures. In this way, you can be directly protected against attempted attacks on your company’s network.

However, none of these protective measures would be of any use if you do not train your users on the types of threats they may receive and the risks associated with them. Therefore, another fundamental point at this level is the awareness of users so that they can recognize attacks and avoid falling prey to them with just one click.

Level 2: Attack vector protection and data classification

Once we have a solid foundation, we can move on to the second level of the KEOPS cybersecurity pyramid. Here we will focus on solutions aimed at protecting various attack vectors such as mail, password vulnerabilities and remote access to applications and data.

It also focuses on classifying data to become aware of its location, content and permissions to move on from there to more advanced levels of cybersecurity.

Some of the measures to be implemented at this level are password managers, web security, data and permissions auditing, software patch and digital certificate management, mail protection and zero trust access.

Level 3: Data and identity protection

The third level incorporates more sophisticated and specific solutions to protect user data and identity. Here, technologies are applied to prevent information leakage, exfiltration, control of data once it has left the company, advanced identity management and enterprise security both on-premises and in the cloud.

In recent years, as hybrid work has taken center stage in most enterprises, maintaining control from anywhere over your users and devices has become a major challenge.

If you are already at this level of protection and want to learn more about it, we recommend this demo on how to simplify identity governance and business asset protection with Microsoft Entra.

Level 4: Active robustness check of the system

The fourth level introduces a dynamic and constantly evolving perspective, in which cybersecurity adapts to the changing conditions of the environment. This involves the adoption of risk analysis solutions, vulnerability scanning and intrusion drills to effectively and continuously assess the security of a company.

At this level, the solutions adopted must be regularly updated to ensure that they remain effective in protecting a company against cyber threats.

Level 5: Active monitoring and SOC

The fifth and final level of the Cheops pyramid represents the most advanced approach to cybersecurity, focusing on resilience and proactivity. Here we work on the identification and neutralization of threats before they have a significant impact on the company, the implementation of incident response policies, as well as quick and efficient recovery in the event of an attack.

Companies that reach this level of security are already enabled to implement a modern SOC, through which they will be able to monitor and protect their company 24×7 against all the cyber threats to which they are exposed.

Start building your own Keops pyramid of cybersecurity

Building the Keops pyramid of cybersecurity does not require 30,000 people or 20 years of work as the original version did. However, not all solutions are suitable for all companies, and their analysis and implementation must be carried out by cybersecurity experts who have a good understanding of the complexities involved and have mastered the technology.

Let’s move forward together to start building your own protection pyramid. This is one of our experts.

The annual Microsoft Ignite 2023 event has once again left the technology community intrigued and excited by the more than 100 innovations presented in the Microsoft cloud; news related to Microsoft Copilot, Data and AI, infrastructure and, of course, cybersecurity.

Our experts in cybersecurity Softeng have followed the event in detail to identify the most important developments and unpack their keys to know how to maximize their potential, with the aim of improving and strengthening cybersecurity in enterprises.

1. Microsoft Defender XDR: New unified user experience with Sentinel, Threat Intelligence and Defender for Cloud Console (SIEM+XDR) capabilities.

Microsoft Defender Extended Detection and Response (XDR), is a security solution that provides integrated and automated protection across an organization’s entire IT infrastructure.

For the first time, Microsoft Defender XDR capabilities integrates all cybersecurity services on a single platform: Threat Intelligence, Microsoft 365 Defender, Microsoft Sentinel and Microsoft Defender for Cloud.

This allows access to all security operations tools in a single interface, making them easier to use and improving efficiency. In addition, with this integration we can take full advantage of automation and artificial intelligence technologies to improve cybersecurity.

From our SOC team, we are investigating the new capabilities offered by Microsoft Defender XDR to incorporate the new unified user experience to our modern CyberSOC service for security incident management and response(Softeng-CSIRT).

Microsoft Security Copilot has added Entra, Defender for Cloud and Purview to extend the use cases to identity, infrastructure and data protection.

Microsoft has also shared news on new AI capabilities in cybersecurity, particularly in incident investigation and response.

Microsoft Security Copilot is a generative AI-powered security product that helps cybersecurity teams increase their productivity. Therefore, with the addition of Entra, Defender for Cloud and Purview, Microsoft Security Copilot can extend its use cases to include identity, infrastructure and data protection.

For example, you can help determine why a login requires two-factor authentication, or summarize risks and define remediation steps for users, groups, logins or permissions.

3. Microsoft Defender CSPM: Proactive attack path analysis

Finally, Microsoft Defender for Cloud has enhanced the attack analysis engine with recommendations based on more complex risks, such as inter-cloud attack paths.

In addition, the new code-to-cloud mapping will also allow cybersecurity teams to reduce time and optimize effort to address critical security flaws directly in the code itself.

This way, our modern SOC team will have more visibility into attack exposure from Azure, AWS or GCP clouds.

4. Automatic Conditional Access Policies in Microsoft Entra: Optimizing Identity Protection

In order to better control how users access corporate resources, Microsoft has announced the automatic deployment of Microsoft Entra universal conditional access policies.

This new functionality uses real-time signals and machine learning to determine when to allow, block or limit access to application and sensitive data, ensuring that only healthy and trusted devices can access corporate resources. This maximizes safety without compromising productivity.

5. Microsoft Enters Private Access: Multifactor authentication is added for all local applications.

In addition to automatic conditional access controls, Microsoft Entra Private Access adds multi-factor authentication for on-premise computing resources, i.e. those that are physically located on an organization’s premises, increasing the security of applications and data.

In Softeng, our team of cybersecurity experts is already working on a digital event in which we will show the capabilities of Microsoft Entra, and, among them, Microsoft Entra Private Access. We will announce it soon on our LinkedIn account! Follow us at >

6. Microsoft Entra ID: Compatibility of passkeys with Microsoft Authenticator

By early 2024, Microsoft has promised that Entra ID users will be able to sign in with passkeys managed by the Microsoft Authenticator app.

The interesting thing about this new feature is that it will reinforce the two-factor methods, a mechanism that is resistant to phishing, leaks and allows us to log in more securely.

Related article: How can the 6 most common cyberattacks affect business assets?

7. AI Hub on Microsoft Purview: Sensitive Data Leak Detection in Generative AI SaaS Applications

Microsoft has announced the release of a trial version of its AI Hub on Microsoft Purview, an integrated solution that enables organizations to govern, secure and manage the use of generative AI applications across the enterprise.

With this solution, organizations can gain a complete view of the use of generative artificial intelligence applications, such as ChatGPT, Bard and others, and the associated data security and compliance risks.

The IA Hub solution in Microsoft Purview is an invaluable tool for organizations looking to better protect their sensitive data and comply with privacy and security regulations.

8. Microsoft Purview DLP: Preventing and blocking sensitive data leakage in generative AI SaaS applications.

Data Loss Prevention (DPL) in Microsoft Purview allows organizations to create policies to prevent their users from pasting sensitive information on specific websites, personal email, applications and social networks, among others.

Microsoft has announced this new functionality that extends the capabilities of Microsoft Purview DLP to block sensitive data leakage in non-corporate generative AI applications.

From Softeng, we move forward with confidence to embrace digital innovation

In Softeng we are one of Top Partner Cloud Microsoft most qualified in Europe, allowing us to accompany our customers by maximizing the power of the Microsoft cloud to drive digital innovation with security and intelligence.

The new developments announced at Microsoft Ignite 2023 motivate us to continue to embrace and simplify innovation, in order to accompany ambitious companies to move faster in their digitization in a secure way.

If you want your company to be well protected in order to move forward without fear, we invite you to learn more about what we can do together.

Cybersecurity has become a critical issue for businesses around the world, and having a Security Operations Center (SOC) service is essential to protect all vulnerable attack surfaces. However, traditional SOCs are no longer able to cover with agility, speed and effectiveness the sophistication of today’s cyber-attacks and their constant evolution, from ransomware attacks to advanced malware and phishing. Therefore, the most effective defense approach is to have a modern SOC service in place. A modern SOC monitors and protects 24×7 against all cyber threats to which an organization is exposed, based on 3 fundamental requirements: technologies, processes and infrastructure, and people.

Technologies

Advanced security solutions and tools

There are many companies that deploy a SOC without having security solutions deployed, with the objective of obtaining visibility only of the security events of some business assets that they consider critical, for example, some specific servers. But this approach is not the right one because if a serious incident occurs in any of the assets that are not monitored by the SOC, the company will not be aware of it until the incident spreads to the monitored assets, being already too late.

If security solutions are not deployed, the following situations occur:

1. Reduced ability to detect internally occurring threats.
2. The ability to apply remediation actions to cyber threats is limited to disconnecting the network and local infrastructure; with a great negative impact on the business.

Therefore, first of all, it is imperative to have a high level of security with modern solutions that protect all attack surfaces and that are supported by detection and response tools such as:

• Intrusion Detection System (IDS).
• Connection point detection and response (EDR) system.
• Security Information and Event Management Systems (SIEM).
• Security Orchestration, Automation and Response (SOAR) system.
• Extended and correlated detection systems on different attack surfaces such as Identities, Applications and data, devices and infrastructure (XDR).
• User and entity behavior analysis (UEBA) and machine learning (ML).

Only in this way is it possible to obtain a complete defense with a modern, intelligent and proactive SOC that is able to quickly identify, prevent and mitigate cyber threats.

Unified security platform

It is common for companies to use products and tools from different vendors, so it is necessary to also have a unified security management platform that enables the integration of all security tools and solutions. This helps to simplify the management and analysis of security data, and to provide complete visibility into enterprise systems and networks. Using security solutions that work under a single ecosystem, such as Microsoft’s cloud security solutions platform, allows us to correlate security events that affect all attack surfaces, so we have more capabilities to detect and investigate threats that may affect the organization.

2. Processes and infrastructure

Well-defined processes and scalable infrastructure

For the optimal functioning of a modern SOC, it is essential to have a robust and scalable cloud infrastructure to be able to collect, store, process and analyze large volumes of data, and to have well-defined and documented security processes and policies that establish the responsibilities and protocols to be followed to detect, respond to and mitigate security threats. Therefore, it is also important to foster collaboration between the SOC’s specialist team and other departments in the company, which can provide them with relevant information that allows them to better understand how cyber threats can impact the business in order to identify and mitigate risks much better. In addition, the SOC should coordinate with other departments to conduct incident response activities and communicate the results of security investigations to other departments.

3. Persons

Multidisciplinary team of cybersecurity experts

A modern SOC requires a multidisciplinary team of experts such as security engineers, security analysts, threat hunters, threat intelligence analysts and forensic investigators, with extensive knowledge of technologies for threat detection, prevention and analysis, artificial intelligence and machine learning, as well as the tactics, techniques and procedures of the most advanced threats. Having all these internal resources available in the company is unfeasible in most cases due to high costs, lack of experience and qualified personnel, etc. Therefore, the most common and intelligent decision is to have a SOC service managed by a partner specialized in cybersecurity that provides all the necessary resources, personnel and knowledge.

Discover Max Global Defense

In Softeng we have designed a modern, intelligent and proactive SOC service, which combines Microsoft technology along with advanced security solutions themselves, to obtain and maximize a global defense against cyber threats. Discover in this DEMO the potential of our next-generation SOC to anticipate, react and respond to any cyber threat.

El incremento de los ciberataques seguirá creciendo a lo largo del tiempo, por lo que es un tema crítico para las empresas. Es fundamental que las empresas estén preparadas para un escenario cada vez más hostil y complejo de defender, en el que las empresas se enfrentan a desafíos cada vez mayores en la detección y mitigación de ciberamenazas.

En este artículo, analizamos los puntos débiles más comunes en la detección y mitigación de ciberamenazas para actuar sobre ellos y conseguir obtener una defensa completa y anticiparse a las ciberamenazas de manera efectiva.

1. Defensa insuficiente y aumento de los ciberataques

Si se cuenta con medidas de seguridad tradicionales y tecnologías que no se entienden entre sí, no se puede obtener visibilidad total de las ciberamenazas que nos afectan. Esto produce una falsa sensación de seguridad, ya que no se pueden mitigar las amenazas en una fase temprana, y cuando ocurren, es demasiado tarde. Entonces, el impacto es tan grande que, en muchos casos, ya no podemos reaccionar. Por ello, es crucial disponer de medidas de seguridad avanzadas que cubran todas las superficies de ataque.

2. Falta de presupuesto y concienciación

Las empresas que no invierten en ciberseguridad tardan un promedio de 279 días en identificar y contener una intrusión. Y por cada día que una ciberamenaza pasa sin ser detectada, el coste de recuperación y los daños aumentan exponencialmente. Es necesario fomentar una cultura digital en la empresa que posicione la ciberseguridad como parte del negocio para que su inversión sea tan prioritaria y estratégica como lo es en otras áreas de negocio.

La mayoría de las empresas que no alinean la ciberseguridad con el negocio, tarde o temprano acaban sufriendo la paradoja del castillo de naipes (link a la landing con el ebook), y son atacadas muy fácilmente paralizando el negocio.

3. Ampliación de la superficie de ataque

Hoy en día, la red corporativa se ha descentralizado y los activos de negocio se extienden más allá del perímetro corporativo interno. Esto provoca que se amplíe la superficie de ataque y sea necesario intensificar el control, supervisión y confianza sobre las conexiones y el uso dentro de la red. ¿Cómo? Mediante la implementación de soluciones de seguridad que permitan detectar y mitigar todos los riesgos en las diferentes superficies vulnerables.

4. No poder anticiparse ante los ciberincidentes

Las empresas que no cuentan con soluciones desplegadas que protejan todas las superficies de ataque ni con una estrategia de ciberseguridad definida, no tienen la capacidad de anticiparse ante las ciberamenazas. Si a esto le sumamos el aumento y la sofisticación de los ciberataques, las empresas están obligadas a cambiar el enfoque reactivo a uno proactivo; de “reaccionar cuando se produce un incidente” a «cómo puedo anticiparme de forma efectiva ante un ciberataque».

5. Falta de personal cualificado y dedicado 24/7

Cada una de las superficies vulnerables que se deben proteger traen consigo diferentes complejidades y casuísticas. Tener el know-how y tiempo para saber gestionar y controlar eficazmente todo lo que conlleva la ciberseguridad es, hoy en día, extremadamente complicado. Los equipos internos de IT porque muchas empresas no cuentan con personal cualificado con un equipo de expertos multidisciplinar que puedan tener una dedicación completa para actuar sobre todas las áreas de la ciberseguridad.

¿Cómo tener una defensa completa frente a las ciberamenazas?

Un SOC moderno es el enfoque de defensa más efectivo en comparación con un SOC tradicional. Ofrece mayores beneficios en términos de seguridad y también en cuanto a la infraestructura y eficiencia operacional.

Descubre en este evento digital bajo demanda cómo maximizar la protección de tu empresa con un SOC de última generación para anticiparte, reaccionar y responder a cualquier ciberamenaza.