Connect with KAÏNA-COM !

All about cybersecurity

Cybersecurity is a set of actions on people, technologies and processes against cyber-attacks. Cybersecurity, like Digital Security, is a branch within Information Security, being often confused as the same thing, however we will use this article in order to explain their difference.



Information Security aims to take care and ensure that data is protected, whether physical or digital. Within this aspect, the understanding between the three becomes clearer, since Digital Security takes care of digital data and Cybernetics protects and prevents cyber-attacks.
Usually a solution or prevention only arises because there is a problem, and in the case of cybersecurity it is no different. It is an answer to a major problem: cyber-attacks.

  1. Cyber-attacks
    Attacks are actions taken by criminals, who take advantage of network vulnerabilities to attack and steal data. Important data, which if stolen, will bring huge losses to your company.
    One way in order to check statics linked to cyber-attacks is to access the following link:
    https://securelist.com/it-threat-evolution-q2-2019-statistics/92053/ 

    PS) The statistics shown in this page, are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
    That is why it is so important that you know what types of attacks are and how to prevent them.
    Let's look at some types of attacks:

    • Virus
      A virus is a program or piece of code used to damage your computer, corrupting system files and destroying data. The virus is inactive on the machine until it is executed, that is, the infected program must be ran. From there, it can infect other computers on the network, steal passwords and data, corrupt files, forward spam to e-mail contacts, or even control the computer.
    • Vers
      They are older than virus, they became fashionable in the late 90s, and for almost a decade, they arrived as message attachments. One person opened an email and the entire company was infected in a short time. What makes it so devastating is its ability to spread without end user action. Virus, by contrast, require an end user to, at least, start it.
    • Adware
      The strategy is to try to expose the end user to unwanted and potentially malicious advertising. A common adware program can redirect a user's browser searches to web pages similar to other product promotions. This type of attack aims to obtain sensitive user information, namely location, access password details (passwords), and computer OR e-mail IP addresses.
    • Ransomware
      Also known as a “digital hijacker”, Ransomware is a software that installs on your machine, encrypts system data after installation and blocks users from accessing it. With that he asks for a ransom for the company, usually done in bitcoin, which is a cryptocurrency. A huge loss for the company that suffers this type of attack.
    • Trojan Horse
      It is a malware that hides itself in programs that seem harmless or tries to trick the user into installing it. This type of malware does not multiply or infect other files, it is hidden by collecting information or configuring system security holes. In addition, the infection can control the computer and block the user's access to it.
    • Spyware
      It is practically invisible spy software that works in the background, unnoticed, while collecting data or providing remote access to the hacker. It is one of the most dangerous malwares, since it does not only damage the device, but also seeks the user's personal identity. During a hacker attack, spyware is useful in collecting financial information, such as passwords, bank accounts and credit card data. Usually, the spy comes in software or when downloading from websites, for example, when downloading movies and music.
  2.  La valeur de l’information

    Have you seen all of these different attacks.? And that is just a little bit of the many existing ones. Now imagine this legion of attackers, with these numerous malicious tools, trying to steal your company's data? Would you have losses? How much is information worth?
    A major misconception that many people, including small and medium-sized businesses, is not knowing or minimizing the value of information. Many believe that only big, mega-companies are targeted by hackers, who are looking for opportunities to get their hands-on information.
    And that's exactly where the big mistake lives: hackers are looking for information! It doesn't matter if they belong to large or small companies, they want data, information and opportunities to steal them. Such opportunities are found in vulnerabilities.
    Your information is valuable and extremely important, it is data from employees, customers and data from the organization itself that can fall into the wrong hands.
    Such data is essential for your company, not only in the functionality of the business, but can also generate legal responsibilities that you should be aware of. A good example can be found in credit card numbers, sometimes stored in the company's databases.
    Failure to protect this data may expose you to lawsuits by those affected by the leak. Not to mention the damage to your reputation.
     
  3. Prevention is the way
    NWe must be aware that Cyber-attacks are present and that all companies are targets. In view of this, prevention is the best way.
    Imagine that you are aware of an outbreak of dengue. Many people close to you are getting sick, suffering from the disease. You know that there are focal points where the mosquito can breed and settle in your home, places of standing water, humid places. You have received guidance on how to prevent yourself, but you have ignored it because you did not have any symptoms, so rest assured. You can prevent it, but you have chosen to cure it, wait for the disease to come, with it the fever, the pain and all the wear and tear of being sick. Lose days of work, study time, activities and consequently money.
    Now think of your company. How much is your information worth? Your reputation? And your relationship with customers? That's exactly what we're talking about when it comes to cybersecurity.
    That is why prevention is the best way, many companies only see the risks and their dimension after they have already been injured.
    Let's present some tips to guarantee your company's cybersecurity.
     
  4. Some tips to protect your business
    Create a Security Policy Prepare a detailed document with the most important aspects for the company's routine. One tip is to use ISO / IEC 17799 as a basic standard on the concept of information security.
    • Be proactive and prevent attacks
      There are steps you can take to prevent attacks on your network. We call it security layers.
      • Firewall
        Le pare-feu a pour but de protéger votre réseau contre les attaques externes. Il est en bordure et à la fin du réseau, empêchant tous les IPS non autorisés d'entrer.
      • IDS / IPS
        These two complement the work of the firewall. The IDS identifies any and all types of strange, unusual activity on the network. For example: an excessive download of files, after doing this it sends this alert information to IPS that will take the blocking actions of the IPD that is doing this type of excessive download.
      • Webfilter
        Not all attacks are external, in fact there are many attacks that come from within your network. The role of the webfilter is to protect those who are within your network: computers, users who have free access to work within your network. Because they can bring vulnerabilities to attacks.
        The webfilter manages what can or cannot be accessed by your machines or users who are part of your network. With this tool, you can apply the security policy for employees, such as the sites that may or may not be accessed.
      • VPN and Voucher
        In addition to users who are connected to their network in physical space, many companies have remote access, the director who accesses company data through his notebook at home, accessing data and making transactions in the company. For this access to be secure, it is necessary to create the VPN , which is basically a secure tunnel between the user from outside authorized to access what is inside the network.
        It is important to use this tool to monitor network visitors, people who will participate in a meeting or some conference and for users who access the wi-fi network, if the company has the same authorization for access.
      • Antivirus
        Some attacks are types of software that install themselves on users' network machines to collect data. The virus is a much more powerful software that these attacks, which inhibits them from happening. The function of the antivirus is to protect your machine, the specific user.
      • Backup
        It is a copy of all company data that will allow the company to survive, should an attack happen. And it must be done regularly.
    • Have a good action plan
      It is essential to have an action plan to be triggered in the event of an incident. In addition to educating / identifying employees and systems most prone to attacks.
      Talk about awareness plans to company users.
    • Count on an expert
      If the internal employee needs to divide his time between routine tasks and taking care of the company's security, the scenario becomes complicated. The ideal is to have specialized help and support for your business.
      We hope you understand a little about Cybersecurity and its importance. And that the best way is prevention. Any questions please contact us.

NOTE : Kaina-COM offers a complete solution to protect you from all dangers of malicious attacks.
Our experts are able to adapt to your environment and detect your faults.
For any request for additional information or a quote, please contact us: info@kaina-com.fr