The role of the CIO in preventing myopia on the Board of Directors and keeping the company safe and secure

Myopia, known as near vision, occurs when we see clearly what is closest to us, but blur everything that is in the distance or at a certain distance. And in the business world, we call myopia when the focus is on the short term without being able to see what may come in order to be better prepared.

Well, in an increasingly digital world and with the current sophistication of cyberthreats, security is a vital strategic asset for the business, but it requires being able to clearly see the long term in order to act effectively now, in the short term. term; and avoid seeing it black when the damage is already unavoidable.

In this sense, we analyze the role of the CIO and CISO through 3 strategic objectives and their challenges, starting from a scenario of myopia in the Management Committee, in order to prevent it to keep the company protected and safe to continue moving forward. on your business goals:

1 . Promote a culture of Digital Trust

  • The fact: 60% of the main European companies will have increased their annual spending on cyber resilience by 20% by 2024, with the aim of protecting their digital investments, according to IDC.
  • The Challenge: Digitization has broken down the physical walls, opening the corporate perimeter on all five sides and leaving new attack surfaces unprotected. For this reason, it is essential that all the people in the company, at all levels, are involved and aligned because identity, that is, themselves, are the first line of defense.
  • The objective: All change begins with culture. To make the entire company aware of security risks and all their possible consequences, it is essential to promote an awareness plan to create a culture of digital trust, which must cascade down from Senior Management to all business areas.
    Only with a strong culture of digital trust will the company be able to successfully address the complex challenges of cybersecurity.

2. Implement a Zero Trust model

  • The stat: 68% of European organizations suffered a ransomware attack that included data theft in 2022, according to IDC.
  • The Challenge: Ransomware attacks are one of the biggest threats to enterprise digital security today. Ransomware-as-a-Service (RaaS) is a business model that facilitates ransomware attacks, regardless of the cybercriminals’ knowledge. But this is just a sample of all the types of cyberthreats that exist and how easy it can be to launch a malicious attack. Therefore, it is vital to secure and protect all attack surfaces and always be vigilant. It is important to bear in mind that any threat, no matter how slight, can have a critical impact on any of our vulnerable surfaces and cause the business to falter, suffering from the house of cards paradox.
  • The goal: Implementing a Zero security model is the best defensive approach and generates a clear tangible benefit to the business. With Zero Trust you always know who, what, when, where and how someone is trying to access corporate resources and applications, giving IT the information it needs to detect, prevent and respond to potential cybersecurity incidents.

3. Embrace and scale digital cloud innovation in a secure environment

  • The stat: By 2025, more than half of organization spending on application software, business process services and systems infrastructure will have moved to the cloud, according to Gartner.
  • The challenge: The adoption of new technologies by companies is something that has always happened. Innovating is not new, but today it is essential for any organization to be well prepared, progress and remain competitive. Now, there is no innovation without a budget. Therefore, the challenge is to consolidate security as a strategic asset to increase the budget implication that allows having the necessary resources and a secure cloud environment to innovate.
  • The goal: Adopting the cloud as a model for digital innovation is the way forward. And this undoubtedly happens by doing it in a scalable and secure way in the face of the sophistication of cyberthreats that are produced as spores in an increasingly digital environment, making it necessary to always be alert.

In summary, promoting a culture of digital trust, demonstrating the benefits for the business of a Zero Trust security strategy and adopting digital innovation in the cloud in a scalable and secure way, are three strategic objectives that must be underlined in the CIO’s agenda. and CISO to turn security into a high-value asset for the business.

How to get out of the cybersecurity maze

Cómo salir con éxito del laberinto de la ciberseguridad

Technological progress has changed the rules of the game in business and the way we work, opening new paths to enhance productivity and increase business efficiency. But also new risks associated with remote work, devices, information…, which place cybersecurity at the forefront of company priorities.

To better understand its complexity and be able to make informed decisions, we share with you four factors that make security so complex when it comes to detecting, preventing and responding to vulnerabilities, threats and attacks, and how to address them to successfully exit the maze of cybersecurity:

1. Perimeter opening

Today, the corporate network has been decentralized to facilitate remote work, there has been an increase in devices, we share more information and data, and we have infrastructures in different places; thereby expanding the cybersecurity perimeter. And this fact, forces to intensify the control, supervision and confidence on the connections and use within the network.

  • Having a specialist partner that provides the know-how and technological training to protect the entire perimeter in an integrated manner is a high added value for companies, due to the complexity of cybersecurity, the lack of a team of experts within of the company itself and, without forgetting, how fast technology advances and that requires constant updating.

2. Threat sophistication

When we speak of sophistication, we refer to the automation and speed of attacks with increasingly destructive cybercrime strategies and, in many cases, irreversible, as can happen with zero-day attacks.

  • How to avoid it? For this, it is necessary to have integrated and intelligent solutions that communicate with each other efficiently – that do not create silos that can leave the door open – to analyze threat information in real time, correlate large amounts of data to detect patterns and anomalies, and anticipate to respond automatically and coordinated.

3. The human factor

The human factor is often the trigger for the threat gateway, whether the user has been tricked into a phishing attack, lost a device, or intentionally or unintentionally sending unprotected sensitive information to the wrong person , among other possible cases.

  • For all these reasons, the culture of digital trust and technological training are the best reinforcement for the first line of defense, users, with the aim of understanding cybersecurity risks and providing them with the appropriate tools to be part of the solution.

4. Multitude of different products

One of the challenges that CISOs and CIOs must address is the large number of existing products and technologies and how to integrate them so that they work efficiently. The great challenge comes when you end up managing a network of solutions from different manufacturers.

The reasons? They do not communicate or speak the same language because each deals with a specific problem, creating silos in the security strategy; and this makes it require more operational dedication and greater reaction time.

  • Having a single platform in the cloud allows us to protect all attack surfaces in an integrated and centralized way, avoiding the complexity that comes from integrating and maintaining multiple products from different manufacturers.

Boost Zero-Trust

A Zero-Trust strategy is the best defensive approach to order with a well-defined and proven methodology – based on the basic principles of continuous verification, access with least privileges and assuming the security breach at any time – in order to protect everything the perimeter, minimize human errors and anticipate and counter threats by detecting, preventing and responding effectively.

 

We recommend you:

Cómo salir con éxito del laberinto de la ciberseguridad

The 3 essential challenges of the CISO and their keys to address them

The consolidation of hybrid work together with the sophistication of cyber threats has put security in the focus of companies, where CISOs play a key role. We share the 3 essential challenges of the CISO and how to address them.

Cómo salir con éxito del laberinto de la ciberseguridad

How to avoid suffering the paradox of the house of cards to guarantee digital security

Cybersecurity is a strategic necessity that, in many cases, companies still do not have as a priority and generates what we call the house of cards paradox: focusing solely on the business without protecting the corporate environment. How to avoid it?

The 3 essential challenges of the CISO and their keys to address them

Los 3 retos del CISO y sus claves para comprenderlos mejor

The consolidation of the hybrid work environment together with the sophistication of cyber threats has put security in the focus of companies, where CISOs and IT managers, in general, have a key role.

IDC Research Spain predicts that during this 2022 the trend of adopting security as a service will be confirmed, at least in 38% of companies, since the massive migration to the cloud demands intrinsic security to protect company assets .

We share with you the 3 essential challenges that the CISO must face and their keys to better understand them, in order to successfully address and accelerate cybersecurity.

1. The complexity of security

Each of the surfaces to be protected brings with it different complexities and casuistry. Having the know-how to effectively manage and control everything that cybersecurity entails is a high added value, which companies prefer to cover with a specialist partner .

Specifically, we highlight these three factors that make security such a complex labyrinth when it comes to detecting, preventing and responding to vulnerabilities, threats and attacks : perimeter opening, threat sophistication, the human factor and a multitude of products different.

2. Budget investment

According to one of IDC Research Spain ‘s key predictions, by 2023 55% of organizations will allocate half of their security budgets to cross-technology ecosystems/platforms designed for rapid consumption and unified security to drive agile innovation.

The economic impact of a security breach and its repercussions on the business is usually greater than what it would have cost to avoid it. Here, the saying: “prevention is better than cure” must be a maxim. The risks of an attack are already well known: operational stoppage with its consequent irreversible economic loss, reputational crisis, loss of clients, leak of confidential data, etc.

Of course, a company can recover from a cyberattack, but with total certainty it will mark a before and after, leaving a scar in its history, which could have been avoided.

3. The risks underlying the hybrid work environment

How to protect the company by guaranteeing connectivity and access to the corporate network in a decentralized environment and with employees working with personal devices (BYOD)?

In a hybrid work model, connectivity needs are continually changing because employees can connect whenever and wherever they are , ensuring their productivity. However, in this context, any user and device can easily become an attack surface, opening the door to security risks due, precisely, to the opening of the perimeter beyond the office environment.

Connectivity and security . Two challenges in one to guarantee connection and secure access to the corporate network and centralize the orchestration of all devices, according to the needs of each user. To do this, organizations must educate employees , deploy solutions that allow them to work from personal computers (BYOD) with the same security as if they were corporate computers managed by IT, and establish controls that protect the different attack surfaces to guarantee security.

Effectively addressing digital security requires a unified approach, and Microsoft’s cloud security solutions platform is clearly a competitive advantage over other alternatives.

 

We recommend you:

Los 3 retos del CISO y sus claves para comprenderlos mejor

How to get out of the cybersecurity maze

We share four factors that make security so complex when it comes to detecting, preventing and responding to vulnerabilities, threats and attacks, and how to address them to successfully exit the labyrinth of cybersecurity.

Los 3 retos del CISO y sus claves para comprenderlos mejor

Why should your company adopt a Zero Trust security strategy?

Cyber attacks are increasing day by day with more virulence than ever. Do not take anything for granted, do not trust anything or anyone; This is the slogan of Zero Trust or zero trust, a cybersecurity model that consists of completely eliminating trust from the equation. What can we do in this increasingly complex situation?

How to avoid suffering the paradox of the house of cards to guarantee digital security

Cómo evitar sufrir la paradoja del castillo de naipes para garantizar la seguridad digital

With the new paradigm of hybrid work and the acceleration of digitization, new strategic needs have arisen, such as cybersecurity , which, in many cases, companies still do not have as a priority and generates what we call the house of cards paradox : putting the focus solely on the business without protecting the corporate environment susceptible to any external cyber threat or internal security incident. How to avoid it?

We share 3 keys to avoid suffering the paradox of the house of cards:

 

1 – Create a culture of digital trust

For many companies, cybersecurity still requires a change in mentality that must be supported by the company’s management to promote a culture of digital trust. And this must become an important asset for companies to understand cybersecurity risks and equip employees with the right tools and training to be part of the solution. Zooming in on the impact that a security incident can have, it could produce an operational stoppage, a leak of sensitive information to third parties, even a reputational crisis with its consequent loss of trust on the part of customers, among other risks.

For this reason, it is vital to promote a culture of digital trust to facilitate the adoption of a Zero Trust security model , where the leadership of the cybersecurity manager is key to promoting change and guaranteeing the involvement of the different business areas, aligning all the company.

 

2 – Adopt a Zero Trust security model

Once culture has been consolidated as the engine of change, the priority is to increase and maintain the level of digital trust necessary for the business. How? With a Zero Trust security model , evolving from traditional and reactive security based on trust – because it is no longer effective – to proactive security, under the premise of never trusting anything or anyone, focused on data and identity, and based on continuous verification to protect all potential attack surfaces.

 

3 – Enhance security by simplifying its complexity thanks to the Microsoft cloud

Security is complex due to the large number of solutions and products that exist from different providers and the integration between them; the sophistication of the threats; the technological training and knowledge that its management requires; the dedication required to evaluate and rule out false alarms, etc. From IDC Research Spain, they point out that the solution undoubtedly goes through the cloud with a holistic platform.

This is where the Microsoft cloud offers us a single platform to protect all attack surfaces in an integrated manner through integrated, reliable, intelligent, flexible and scalable solutions and applications, and where a business-aligned strategy is essential to move forward on the path adoption of a Zero Trust security model.

Are companies prepared to tackle cybersecurity?

In most companies, they do not have the specialist roles with the know-how or expertise in security solutions to identify, detect and prevent any breach or incident in order to guarantee the cyber -resilience of their house of cards . For this reason, it is key to have a specialist strategic ally who accompanies the company all the way, knows how to simplify the complexity of solutions and how to solve all needs in an agile manner. At Softeng , we accompany our clients by promoting innovation to take advantage of the maximum potential of Microsoft’s cloud security solutions.

Leaders across all sectors and industries are increasingly aware of the high value of digital security. Following a Zero Trust model is what will guarantee that the business does not falter and continues on its feet when an attack or security incident occurs; and take it for granted that it will happen.

 

We also recommend:

 

Cómo evitar sufrir la paradoja del castillo de naipes para garantizar la seguridad digital

The paradox of the house of cards and the importance of cybersecurity →

Analyzing the paradox of the house of cards in the business context can help us glimpse how fragile any organization is in the face of cyber threats. To address cybersecurity, it is necessary to create a culture of digital trust, adopt a Zero Trust security model.

 

Cómo evitar sufrir la paradoja del castillo de naipes para garantizar la seguridad digital

Why your company should adopt a Zero Trust security strategy →

Cyberattacks are increasing day by day with more virulence than ever, with more impact for companies and with increasingly millionaire ransoms. Do not take anything for granted, do not trust anything or anyone; This is the slogan of Zero Trust or zero trust, a cybersecurity model that consists of completely eliminating trust from the equation. What can we do in this increasingly complex situation?

The Solution to the Hybrid Work Challenge: Microsoft’s New Cloud PC

Windows 365, tu pc en la nube

As we have overcome most of the restrictions imposed by the pandemic, we see the emergence of a new work model in which organizations are shifting towards a hybrid work environment , with employees returning to the office and others continuing to work from home changing location as needed, adding the advantages of remote work and face-to-face activity.

In a study conducted internally at Microsoft on the job trend, it was found that 73 percent of workers want flexible remote work options, but at the same time, 67 percent say they also want more in-person collaboration after the job. pandemic. These figures can be applied to any organization in the world and highlight the need to establish hybrid work in all companies as a reconciliation opportunity to provide greater added value to the people who form it. However, this new scenario poses new challenges for companies.

The hybrid work challenge for companies

Providing workers access to organizational resources at home, office and everywhere in between, as well as giving them the flexibility to be able to stay home for a day, sometimes unexpectedly or unplanned, poses a new challenge. for IT departments and company security. Many users tend to connect from personal computers, which are neither protected nor managed by IT, which means that if a cybercriminal managed to enter any of these computers, it would have consequences for the entire organization.

But in this new work environment, it is not just about allowing and securing remote access. Now the user experience is more important than ever to attract and retain talent, improve productivity and ensure safety.

The solution

Microsoft offers a cloud solution that adapts to the new hybrid work environments that are needed in the current context, while solving the challenges that companies face, its name is: Windows 365 .

Windows 365 is first and foremost a PC in the cloud. A service that offers a new way to experience Windows 10 or Windows 11, transmitting your personalized applications, settings and content from the Microsoft cloud to any device so you can work with it from anywhere. This approach creates a completely new and unique category in the world: the cloud PC .

One of the main benefits of Windows 365 is simplicity. Businesses can create a cloud PC in minutes and assign it to their employees quickly and easily, choosing the size of the cloud PC that best meets the performance needs of the user, with a fixed price per user /month.

“Windows 365 combines the power and security of the Microsoft cloud with the versatility and simplicity of the PC.”

Windows 365 was announced in early July this year at Microsoft’s Worldwide Partner Conference. Satya Nadella, CEO of Microsoft defined it this way: – “In the same way that applications were brought to the cloud with SaaS, we now upload the operating system to the cloud, providing organizations with greater flexibility and a secure way to empower your workers to be more productive and connected, regardless of their location. “-

Such has been the success of Windows 365 since its launch that Microsoft had to suspend free trials due to high demand.

Windows 365, tu pc en la nube

A solution adapted to the new hybrid work environments.

The evolution of Windows to an operating system that can also be in the cloud offers new possibilities to organizations of all sizes, helping them choose the best option for a particular user or role and facilitating a variety of scenarios for the new world of work.

Windows 365 is designed for organizations that need agile solutions, easy to maintain and above all secure so that any worker can always have the same corporate computer with everything they need, without having to take it anywhere.

Here are some of the scenarios in which Windows 365 is the ideal choice:

  • Staff with flexibility to work in the office or at home.
  • Staff working remotely using their personal (non-corporate) device.
  • Personnel in mobility.
  • Companies with temporary workers or a lot of staff turnover.
  • Need to work with powerful PCs that do not allow easy transport (for example, CAD equipment).
  • Contingency plan to have a PC (or hundreds) in minutes, in case of any event that may have been triggered.

Security and control for IT

Windows 365 is safe by design by protecting and storing information in the cloud, without the user being able to download it to their personal device as they did before. In addition, in its Enterprise version, all the policies and security measures that the company has deployed for the rest of the physical corporate teams are automatically applied to it. Finally, by having the team in the cloud, IT does not have to worry about users requiring and using a VPN from their personal computers or for their security.

The administration for IT is similar to that of the physical devices of the organization since a Windows 365 Enterprise computer not only applies corporate security policies but also IT manages them from the Microsoft EndPoint Manager console (Intune).

Windows 365 or Azure Virtual Desktop?

Windows 365 is based on Azure Virtual Desktop. However, while Azure Virtual Desktop is designed for business environments where full control, flexibility and optimization capacity is required to adjust computing and storage, Windows 365 simplifies IT’s work by eliminating the need to manage any infrastructure behind, in exchange for a fixed price per user according to the desired power.

Although from a user experience point of view, they are practically the same, there are aspects that differentiate the two Microsoft solutions:

Windows 365

  • PC dedicated per user, with persistent data.
  • Optimized to simplify IT management.
  • Desktop with Windows 10 or Windows 11.
  • It is managed from Microsoft Endpoint Manager, like the rest of the PCs.
  • Does not require advanced knowledge
  • Predictable price, pay per user / month (SaaS)

Azure Virtual Desktop

  • Persistent, dedicated non-persistent, or shared desktop for n users.
  • Optimized for flexibility (requires advanced technical knowledge).
  • Windows 10/11 desktop, multisession option and Remote App
  • Full control over the configuration and environment of VMs (management from Azure)
  • Requires advanced knowledge
  • Pay per use of the platform in Azure (consumption) + user license

It should be noted that both Windows 365 and Azure Virtual Desktop are solutions that adapt to the hybrid workplace and in case more customization and flexibility are required, especially if your company has experience in virtualization, Azure Virtual Desktop may be the best option.

conclusion

By leveraging the power of the Windows operating system and the potential of the cloud, Windows 365 offers any organization greater peace of mind in three key ways: Power, simplicity, and security.

Do you want to see a demo and learn more about the advantages and the scenarios in which Windows 365 can help you?

Windows 365, tu pc en la nube

Next Thursday, October 28, we will tell you about it in a digital event in which you will be able to learn about all the possibilities of the solution and how it facilitates productivity and safety in the new era of hybrid work.

 

 

 

Yes i want to know more

 

Why should your company adopt a Zero Trust security strategy?

Estrategia Zero Trust

Don’t take anything for granted, don’t trust anything or anyone ; This is the slogan of Zero Trust , a cybersecurity model that consists of completely eliminating trust from the equation.

Goodbye to the perimeter

Until recently, security models had always sought to generate an environment defined by a perimeter where the interior of the network was protected from an exterior full of potential threats, assuming that everything that was within that perimeter o network was considered trusted by default.

Today and in the current context, conventional ways of securing access to the corporate network, applications and data are no longer adequate. With an increasingly dispersed workforce, the boundaries of the perimeter are expanding, there is no longer a contained or defined network to protect, and critical business data is located outside the corporate firewall. So, instead of assuming that your organization is safe behind a firewall, you need to consider that there will be a security breach, either through malicious intent or carelessness.

In addition, cyberattacks are increasing day by day with more virulence than ever, with more impact for companies and with more and more millionaires rescued . What can we do in this increasingly complex situation?

“Traditional perimeter-based security cannot keep up with the complexity of hybrid work and the proliferation of multiple devices from which users access”

The solution: Zero Trust

The Zero trust model is the best defensive approach your organization can take. With this model, all users and devices are classified as untrustworthy on principle. Access to the network and all services and resources is not granted until the person requesting it can verify their identity or their device through multi-factor authentication.

Zero Trust adopts three key principles:

  • Verify: Explicitly, authenticating and continually authorizing access. The fact that, for example, we have a username and password does not prove that we are the user to whom those credentials belong. For this reason, every request for access to a resource in your organization should always be verified.
  • Access with minimum privileges: Limit the access of users by granting the minimum privileges to work and fulfill their function.
  • Assume the gap: With this strategy it is assumed that there may be attackers both within our network and outside it and that an attack is going to occur. For that reason, no user or device should be trusted by default.

With Zero Trust you always know who , what , when , where and how someone is trying to access corporate resources and applications , providing IT with the information it needs to properly assess risk and limit access.

Zero Trust through the company’s digital assets

The Zero Trust approach must extend throughout the digital environment and function as an integrated security philosophy from start to finish. The following diagram shows how to implement this methodology:

Estrategia Zero Trust

This system, through continuous risk assessment and a real-time security policy validation engine at its core, offers protection through signal analysis and threat intelligence, ensuring that identities are verified and authenticated and that devices be safe before granting access to data, applications, infrastructure and networks. In addition, visibility, analysis, automation, and remediation are applied continuously and comprehensively.

Now that we know how this methodology works, we are going to go into detail in each of the areas to protect:

Estrategia Zero Trust

Identity
Verify and secure each identity with strong authentication

Identities, whether they represent people, services, or devices, define the core of Zero Trust’s strategy and control. With this model it is assumed that all users are not trusted, so that it is required to confirm and authenticate the identity not only to ensure the first access to the platform and the information it contains, but at each new level of access, so that you are only granted sufficient privileges to perform a certain job or task.

Before an identity attempts to access a resource, the organization must:

  • Verify identity with strong authentication. Today it is essential that all accounts are protected with double factor authentication (MFA). Likewise, if we use a unified identity (the same identity for all applications), we will establish a much simpler and more robust security strategy.
  • Ensuring that access is consistent and customary for that identity, using machine learning analytics intelligence, which analyzes and learns from user behaviors creating a pattern of normality that helps quickly detect any unusual user behavior.
  • Follow the principles of least privilege access mentioned above.

By adopting this security strategy, companies can more easily adapt to changes; for example, by removing access privileges from departing employees or adjusting the privileges of those whose responsibilities have changed.

Estrategia Zero Trust

Devices
Allow only trusted devices to access company resources

Once an identity has been granted access to a resource, the data can be distributed to a variety of different devices, from IoT devices to smartphones, BYOD to managed devices, and on-premises workloads to cloud-hosted servers. This diversity creates a very broad attack surface that requires us to continually verify health status from a corporate policy compliance standpoint.

There are a few key rules for protecting devices on a Zero Trust model:

  • The platform, as well as the applications running on the devices, are securely provisioned, properly configured, and kept up-to-date.
  • There is a quick and automated response to contain access to corporate data in the event that the security of a device is compromised.
  • The access control system ensures that all policy controls are in place before the data is accessed.

Estrategia Zero Trust

Applications
Ensure applications are always available, visible and secure

Applications provide the interface through which data is consumed, so control policies must be applied to:

  • Discover the use of non-IT-approved user applications (Shadow IT)
  • Guarantee adequate access permissions.
  • Monitor and detect unusual behaviors.
  • Control user actions.
  • Validate the secure configuration options.

Estrategia Zero Trust Data
Protect sensitive data wherever it is located or travels

Data protection is one of the primary responsibilities of security and compliance teams. Data must remain protected while at rest, in use, and as it leaves the devices, applications, infrastructure, and networks that are under the organization’s control. To guarantee protection and that access to data is restricted to authorized users, the data must:

  • Inventory and Sort
  • Label yourself and apply restricted access based on attributes.
  • Encrypt

When data and sensitive content are controlled by the right tools, organizations can:

  • Report and enforce policy decisions to block or delete emails, attachments, or documents.
  • Encrypt files with sensitivity labels on devices.
  • Automatically classify content with sensitivity labels using policies and machine learning.
  • Track and monitor sensitive content using policies as content travels in and out of your digital environment.

Estrategia Zero Trust

Infrastructure
Strengthen defenses to detect and respond to threats in real time.

Infrastructure – be it on-premises servers, cloud-based virtual machines, containers, or microservices – represents a critical threat vector. Modern security with an end-to-end zero trust strategy makes it easy to:

  • Employ Just-In-Time and Just-Enough-Access (JIT / JEA) administrative privileges to strengthen defenses.
  • Use telemetry to detect attacks and anomalies.
  • Automatically block and flag risky behavior and take protective measures.

Estrategia Zero Trust

Net
Go beyond traditional network security approaches.

Ultimately, the data is accessed through the network infrastructure. Rather than believing that everything behind the corporate firewall is secure, a Zero Trust strategy assumes that breaches are inevitable. That means you must verify each request as if it originated from an uncontrolled network; As we have discussed before, identity management plays a crucial role in this.

In the Zero Trust model, there are three key objectives when it comes to protecting the network:

  • Apply critical controls to improve visibility and prevent attackers from moving laterally across the network.
  • Be prepared to detect attacks before they happen and minimize the extent of damage and how quickly it spreads, in the event of an attack.
  • Employ end-to-end protection, encryption, monitoring, and analysis.
  • Networks must be segmented (including micro-segmentation deeper within the network)

How do Microsoft solutions help?

To be successful, Zero Trust relies heavily on signal integration and interpretation; the environment must be connected in order to provide the signals needed to make decisions and offer end-to-end coverage. Attacks can come from anywhere; from the outside, but also from the inside, so it is essential to have a transverse safety system that can move from top to bottom and from left to right.

In this sense, Microsoft considers the Zero Trust strategy as the cornerstone of effective protection and has a differential element compared to other manufacturers of security solutions since it is the only company that considers identity, device management, data infrastructure in the cloud and defense against modern attacks as a whole, offering integrated and connected solutions that span all the key points of cybersecurity:

  • Identities: Through Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) and Azure Active Directory that manage and protect hybrid identities, and simplify employee access. Microsoft Defender for Identity uses Active Directory cues to identify, detect, and investigate advanced threats, compromised identities, and harmful indirect actions directed at the organization. More details
  • Devices: Through Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection), a solution that combines Windows 10 technology and Azure cloud service to offer businesses proactive protection , post-violation detection , investigation automated response and response to advanced threats on your networks. More details
  • Data: Through Microsoft Defender for Office 365   (formerly Office 365 Advanced Threat Protection), protects your organization from malicious threats posed by email messages, links (URLs), documents, and collaboration tools. More details . Also, through Microsoft Information Protection, you can classify, label and protect documents and emails as they are created or modified. More details
  • Applications: Through Microsoft Cloud App Security , a complete SaaS solution that provides IT departments with visibility and control over the cloud applications used by the users of your organization (those allowed and those not allowed). More details
  • Infrastructure: Through Azure Defender,   an evolution of Azure Security Center with threat protection capabilities to protect infrastructures wherever they are, including virtual machines, databases, containers, IoT and much more, whether they are hosted in the hybrid cloud (Azure and / or other clouds) as if they still reside in a classic on-premises datacenter. More details

A long-term project in which Softeng can help you

While the Zero Trust model is most effective when integrated throughout the environment, implementing it is a gradual journey that requires planning and executing correctly so that the impact on the user experience is minimal.

Most companies positively value a phased approach due to the complexity of this journey, with expert accompaniment and this is where Softeng can help you by offering   our experience and knowledge to help you gradually implement the Zero Trust model.

Do you want to know more about how we can help you? Contact us!

Yes, I want to know more

The house of cards paradox and the importance of cybersecurity

Have you ever tried to build a house of cards?

It is a project that requires a well-defined plan, going card by card – step by step – and demands maximum focus with millimetric precision so that each one is perfectly placed and aligned with the previous one so that, as a whole, they solidly support the vertical growth of the castle. However, you can have the best cards with perfectly aligned edges and a surgeon’s pulse, but even so, an external (unavoidable) or internal factor (any kind of incident or human error) will shake everything that has been built and, in many cases, the castle will collapse and crumble with irreversible consequences.

Analyze the paradox of the house of cards in the business context, it can help us see how fragile any organization is in the face of the risks underlying digitalizationWith the increasing sophistication of cyber threats and the rise of hybrid work, in which many users connect to the corporate environment from unprotected personal computers (BYOD).

How do I know if I am building a house of cards?

The companies and those responsible for each business area are focused on their activity, with a well-defined plan, letter by letter and aligned with the strategic objectives to contribute to building a larger company. However, if the company had a security breach now, would they have the resources and knowledge to detect it in time and fix it?

In this hyper-connected environment where we use multiple platforms and cloud services, you must ensure that you have all potential attack surfaces – identities, devices, applications, data and infrastructure – protected. Otherwise, you are suffering from the house of cards paradox.

If you’re connected, you’re vulnerable; it’s a fact of life. In fact, according to the most recent IDC data, 57% of European organizations suffered a ransomware attack that blocked access to their systems in 2021, although this is not the only threat facing enterprises. The good news is that the company can be protected, unlike the house of cards. The solution? Invest in cybersecurity to be better protected against cyber threats and prevent security incidents, both external and internal.

“The economic impact of a security breach is usually far greater than what it would have cost to prevent it.”

Carlos Colell, CEO of SOFTENG

To address cybersecurity it is necessary to create a culture of digital trust that allows us to adopt a Zero Trust security model, to enhance security by simplifying its complexity and, finally, to have the support of a partner that provides the appropriate technological training and resources.

Advanced Threat Protection with Microsoft 365 Defender

Microsoft 365 Defender

In the new global context, threats and cyberattacks have intensified, increasing the exposure of companies to suffer a security incident. Attackers target the organization’s most vulnerable resources to escalate laterally to higher-value assets. For this reason, companies can no longer consider a protection approach for individual areas such as email or computers, they must consider a comprehensive and unique protection approach that covers all areas from identity to computers, applications, mail electronic and hybrid or cloud infrastructure.

To meet this need, Microsoft has consolidated its threat protection products under the Microsoft Defender brand, a set of security solutions that prevent, detect, and respond to advanced threats. Microsoft Defender is divided into two families:

  • Microsoft 365 Defender for End User Environments is an integrated set of solutions that prevent, detect, and respond to sophisticated threats and attacks on identities, teams, cloud applications, email, and documents.
  • Azure Defender for hybrid and cloud infrastructures is an evolution of the threat protection capabilities of Azure Security Center that protects hybrid and cloud infrastructures offering capabilities to protect hybrid and multi-cloud workloads, including virtual machines, bases of data, containers and IoT.

In this article we are going to explain Microsoft 365 Defender in detail and in the next few days, we will publish a new post in which we will delve into Azure Defender.

Microsoft 365 Defender Microsoft 365 Defender

As threats become more complicated and persistent, alerts increase and security teams are overwhelmed. Microsoft 365 Defender (formerly known as Microsoft Threat Protection) leverages the Microsoft 365 security portfolio to automatically analyze threat data across all domains and create a complete picture of every attack in a single dashboard.

Microsoft 365 Defender offers a powerful set of solutions that detect and stop attacks anywhere in the chain, keeping the organization in a safe state.

That protects?

Microsoft 365 Defender

Identities: Through Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) and Azure Active Directory that manage and protect hybrid identities, and simplify employee access. Microsoft Defender for Identity uses Active Directory cues to identify, detect, and investigate advanced threats, compromised identities, and harmful indirect actions directed at the organization. More details

Microsoft 365 Defender

Devices: Through Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection), a platform that combines Windows 10 technology and Azure cloud service to offer businesses proactive protection , post-violation detection , investigation automated response and response to advanced threats on your networks. More details

Microsoft 365 Defender

Email and Documents: Through Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection), protect your organization from malicious threats posed by email messages, links (URLs), and collaboration tools. More details

Microsoft 365 Defender

Applications: Through Microsoft Cloud App Security , a complete SaaS solution that provides IT departments with visibility and control over the cloud applications used by the users of your organization (those allowed and those not allowed). More details

 

With this integrated solution, security teams can match threat signals that each product receives and determine the full scope and impact of a threat; how it entered the environment, what was affected (including infected identities, devices, and mailboxes), and how it affects the business overall. It also performs automatic actions to prevent and stop attacks and self-correct the mailboxes, computers, and identities of affected users.

Microsoft 365 Defender

How is it licensed?

Any of these licenses gives you access to Microsoft 365 Defender features in the Microsoft 365 Security Center at no additional cost:

  • Microsoft 365 E5
  • Microsoft 365 E5 security
  • Windows 10 Enterprise E5
  • Enterprise Mobility + Security (EMS) E5
  • Office 365 E5
  • Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection)
  • Microsoft Defender for Identity (formerly Azure Advanced Threat Protection)
  • Microsoft Cloud App Security
  • Microsoft Defender for Office 365 Plan 2 (formerly Office 365 Advanced Threat Protection)

Learn more about Microsoft 365 Defender:

 

 

The current landscape forces companies to be protected against security threats and to be able to detect and respond quickly to them. For that reason, Microsoft 365 Defender is the best solution, its powerful automation detects and stops attacks and will return your organization to a safe state.

At Softeng, we are committed to providing solutions to our clients and offering them our experience in this area, so we encourage you to follow our blog where we will continue to inform you about the security tools and solutions that we can offer you.

Do you want to know more about Microsoft 365 Defender? Contact us!

Yes, I want to know more

Protect your workloads in the cloud with Azure Defender

Azure Defender

As the world adapts to work remotely, security becomes a crucial issue that poses a great challenge to businesses. The threat landscape is constantly evolving and the attack surfaces are ever wider, something that compromises IT departments, which must strive to face threats with multiple solutions that are often not well integrated, nor interconnected. and what is worse, they are not complete enough.

To meet this need, Microsoft offers Microsoft Defender , a set of security solutions that prevent, detect and respond to advanced threats, providing companies with complete visibility and coordinated defense. It is divided into two families:

  • Microsoft 365 Defender for End User Environments is an integrated set of solutions that prevent, detect, and respond to sophisticated threats and attacks on identities, teams, cloud applications, email, and documents.
  • Azure Defender It is an evolution of Azure Security Center with threat protection capabilities to protect infrastructures wherever they are, including virtual machines, databases, containers, IoT and much more, whether they are hosted in the hybrid cloud (Azure and / or other clouds) as if they still reside in a classic on-premises datacenter.

In the previous article we went into detail on Microsoft 365 Defender and in this article we are going to explain how Azure Defender helps.

The solution to protect your workloads in the cloud

With Azure Defender, integrated with Azure Security Center, you get an additional layer of security with which you can protect your workloads hosted in any cloud and / or on-premises against the most advanced threats, such as attacks from brute force remote desktop protocol (RDP) or SQL injection attacks. Also, with Azure Defender you can optimize your security with artificial intelligence and automation.

Azure Defender

Azure Defender console built into Azure Security Center

What types of resources does Azure Defender protect?

Azure Defender unifies security management for different types of workloads within Azure Security Center by providing comprehensive defenses on the following types of resources:

  • Azure Defender for Servers: Advanced protection and threat detection for Windows and Linux machines including machine learning technology and vulnerability assessment analysis on virtual machines.
  • Azure Defender for App Service: Identifies attacks targeting web applications running through App Service, constantly scanning applications for potential vulnerabilities.
  • Azure Defender for Storage: This is a native Azure security intelligence layer that detects unusual and potentially dangerous attempts to access or breach storage accounts. It uses advanced security artificial intelligence and Microsoft Threat Intelligence capabilities to deliver contextual security alerts and recommendations.
  • Azure Defender for SQL: Extend the Azure Security Center data security suite to protect your databases and data wherever it is, hosted in Azure virtual machines, on-premises, or in other clouds.
  • Azure Defender for Kubernetes – Azure Kubernetes Service (AKS) is a Microsoft-managed service that enables you to develop, deploy, and manage containerized applications. Azure Defender provides environment hardening, workload protection, and runtime protection.  
  • Azure Defender for Container Logs: Container image scanning for potential vulnerabilities and generating security recommendations to avoid threats.
  • Azure Defender for Key Vault: Azure Key Vault is a cloud service that protects encryption keys and secrets, such as certificates, connection strings, and passwords. Azure Defender provides an additional layer of security intelligence for this service.
  • Azure Defender for Resource Manager: Azure management and deployment service that enables the creation and updating of all the resources in your Azure account. Azure Defender automatically monitors resource management operations for any organization, regardless of whether they occur through the Azure portal, Azure REST APIs, Azure CLI, or other Azure scheduling clients.
  • Azure Defender for DNS: Provides an additional layer of protection for cloud resources by continuously monitoring all DNS queries from your Azure resources and running advanced security analysis to alert when suspicious activity is detected.
  • Azure Defender for IoT: Threat detection and analysis in IoT environments and Azure IoT solution, providing an inventory of resources and functionalities for vulnerability management and threat detection on all IoT devices.

In addition to defending your Azure environment, you can add Azure Defender capabilities to protect non-Azure server workloads and virtual machines from other clouds (such as AWS and GCP)

Security alerts integrated with Azure Sentinel
The Microsoft Defender threat protection suite, Microsoft 365 Defender and Azure Defender, are integrated with Azure sentinel, Microsoft’s security information and event management tool. With Azure Sentinel, you can bring all Microsoft Defender security analysis together in a single, unified view, reducing complexity and increasing visibility so your IT team can see what matters, and when it matters.

In the case of Azure Defender, when it detects a threat in any of the areas of the environment, it generates a security alert that contains the details of the affected resources, suggested remediation steps and, in some cases, an option to trigger an application logic as an answer.

In conclusion, Azure Defender provides unified, intelligent, and automated security to enable businesses to gain threat visibility – a critical security capability that every organization must have. Additionally, Microsoft Defender’s unified end-to-end protection is key to increasing resilience and preventing attacks.

At Softeng, we are committed to providing solutions to our clients and offering them our experience in this area, so we encourage you to follow our blog where we will continue to inform you about the security tools and solutions that we can offer you.

Do you want to know more about Azure Defender? Contact us!

Yes, I want to know more

2020 balance of cyber incidents in Spain and projection for 2021

Balance de la ciberseguridad en España y proyección para el 2021

This 2020 has been the year of the heyday of cybercrime in which COVID-19 has had a catalytic effect that has exposed the vulnerabilities of the vast majority of companies that were not prepared in terms of cybersecurity to have their workforce working remotely. In this scenario, the cybercrime industry has seen a great opportunity and has acted very harshly through increasingly sophisticated attacks with the aim not only of stealing money from companies or asking for a ransom for freeing up their resources, but also to spy, to gain property. intellectual or governmental purposes.

THE DATA ON CYBER CRIME IN 2020

The data that the National Intelligence Center (CNI) has just reflected in the XIV cybersecurity conference of the National Cryptological Center (CCN) are overwhelming. According to the agency, as a result of the pandemic, a clear increase has been detected not only in the number of cyberattacks, but also in their severity. In figures, during 2019 the CNI detected 3,172 highly dangerous cyber incidents, while in the current year 2020 they have doubled to 6,690. For its part, the CCN has detected a total of 73,184 total cyber threats in 2020, an increase of 70% over the previous year .

Representatives of both agencies agreed that “we are experiencing an exceptional situation that is putting us all to the test.”

THE MOST OUTSTANDING CASES

There are many high-profile cases of cyberattacks that have reached the media throughout the year.

  • Adeslas : Your computer systems, such as those that manage medical test authorizations and user policies, had 6 weeks paralyzed from one day to the next due to ransomware.
  • Mapfre : Also due to ransomware, it had to leave 90% of its staff unable to work for several days due to a stoppage of its servers.
  • Zendal : The Vigo-based pharmaceutical company was the victim of an attack known as the CEO Scam. With this method, a hacker, impersonating the CEO, ordered an employee of the financial department to make a bank transfer for the amount of 400,000 euros, within the framework of a confidential operation for the development of a vaccine for Covid-19 with an Asian partner. The department, trusting that it was obeying management orders, repeated the operation several times. The result: a 9 million euro scam against the pharmaceutical company.
  • Vueling : Together with the parcel delivery company Nacex, they suffered a computer vulnerability that allowed a group of cybercriminals to inject malicious code into computer programs that allowed them to modify the behavior of certain services to access databases and steal information from thousands of users.
  • Prosegur : You had your servers disabled due to ransomware. The incident forced them to close all accounts and eliminate any communication with their clients and caused a serious internal crisis in the company, where clients such as Inditex could not explain how the company they had outsourced for cybersecurity could have been hacked.
  • Acciona, Adif, Decathlon or Endesa are other examples of large companies that have been attacked in this fateful 2020 in terms of cybercrime.
  • Thousands of SMEs . Still, the above cases are just the tip of the iceberg. According to data provided by Acierto.com, the vast majority of cyber attacks in Spain are carried out against SMEs, which are the target of 70% of cybercrimes . This figure is also below reality, because not all companies that are victims of cyberattacks choose to report for fear that their company’s image will be deteriorated.

WHAT HAPPENS WHEN YOU ARE ATTACKED

The ways of obtaining economic benefits from hackers are increasingly diverse and depending on the objectives and the level of sophistication, some tactics are used or others.

Extortion

When a hacker manages to paralyze a service by blocking the servers, they may ask for a ransom to free it again. In addition, once it has reached this point, cybercriminals already have a lot of information about the company, so they measure the amount demanded based on their victim’s billing.

According to data from Incibe, the National Cybersecurity Institute, paying a ransom does not guarantee that the data will be recovered, and in many cases it serves cybercriminals to request more than the amount originally demanded and even attack again in the future, understanding which is a company that is willing to pay.

Sale of data

Another way to monetize your work is through the sale of data. Once inside the servers, cybercriminals have access to corporate information, which they can sell to competitors, and to the information of their clients – personal data such as email, telephone or passwords – which are usually sold on the Deep Web to other criminals who they will reuse those credentials.

Usually the data is sold without the company having knowledge of this situation. He only finds out when it is an extortion case.

Penalty for non-compliance

In addition, by compromising the sensitive data of their clients, companies are exposed to serious penalties for not having sufficiently protected this data and thus violating the European data protection regulation GDPR.

IT layoffs

One possible consequence of the company being attacked is the dismissal of those responsible for cybersecurity. This is the case of companies like Prosegur, which fired its cybersecurity leadership after hacking their accounts, or Innovatech, which laid off more than 300 employees due to a massive ransomware infection.

THE PREDICTION FOR 2021

From Softeng, coinciding with other cybersecurity experts, we highlight how the changes produced in teleworking will continue to pose great challenges, mainly due to the inefficiencies of remote access and the vulnerabilities of VPNs.

Devices used in homes will be more at risk, and cybercriminals may try to access corporate computers through employees’ personal devices.

More ransomware attacks

Ransomware attacks are being one of the most effective tools of cybercriminals, and what we will see is an increase in 2021. We will see an increase in Ransomware as a Service attacks of ‘double blackmail’, in which the threat is both kidnapping of the data as the public release of the same.

New forms of phishing

Email will continue to be the main gateway for cybercriminals, but with increasingly sophisticated lures. Social isolation encourages people to share more personal information online, which hackers use to create more compelling lures that lead to fraud and compromise company emails.

WHAT CAN YOU START DOING TO PROTECT YOURSELF

Fortunately, companies have started to take it very seriously and take strong measures to protect their assets. This year our clients have taken an important leap in the protection of their companies: 87% of them have increased their protection, of which 92% have significantly reduced the number of threats and security breaches.

Basic measurements are no longer enough

According to data from Microsoft in its Microsoft – Digital Defense Report 2020 report , the vast majority of the compromised companies did not have even basic protection, such as the use of double authentication for user access to corporate resources or email protection and links . In these circumstances, the vulnerability is very wide and the effort of a hacker to access the data very little.

Adopt a Zero Trust strategy

Zero trust is the best defensive approach your organization can take. Conventional ways of securing access to the corporate network, applications and data are no longer adequate in this new context. With an increasingly dispersed workforce, critical business data now sits outside the corporate firewall. So instead of assuming that your organization is safe behind a firewall, you should assume that there will be a security breach either through malicious intent or carelessness.

You want to know more? Contact us!

Yes i want to know more