To talk about Cybersecurity is to bring up a series of regulations, procedures and standards to follow, but with all of this we are already familiar. However, it is important to reinforce this subject since, even in 2022, with so much information available, attacks are still happening and with increasingly severe consequences.

According to Cybersecurity Ventures, 94% of malware is sent by email and it is estimated that in 2021, there was a ransomware attack on an organization every 11 seconds.

The truth is that the numbers for the future are not the most positive either, by 2031, attacks on users or companies are expected to appear every two seconds.

Constantly updating on new technologies and adopting various approaches against cyberattacks to protect assets has been a practice that several organizations have followed.

For companies to protect themselves, it is necessary to create an evolutionary flow with well-defined, planned operational processes, integrating the various departments of each organization.

A holistic view of Cybersecurity becomes essential to streamline an entire company flowchart where all processes need to be reviewed, new systems adopted and a culture of constant learning focused on prevention implemented.

The foundation needs to be grounded

Having recent and up-to-date equipment is a good practice that allows you to decrease the attack rate, since every day there are vulnerabilities associated with the devices and the software installed on them. Many of these vulnerabilities can be addressed by updating the versions made available by the manufacturers. However, some precautions go beyond the adoption of these good practices, such as implementing a "ZeroTrust" security approach.

This is a proactive, integrated approach to security across all pillars: identity, infrastructure, devices, data, network, and applications. When implemented, organizations must adhere to the following principles:

• Explicit verification: where all security decisions should be made based on all available data points, including identity, location, device state, resource, data classification, and anomalies.
• Least-privilige access: access should be limited with adaptive Just-In-Time (JIT) and Just-Enough-Access (JEA) policies and, risk-based.
• Assume the threat: reduce the attack surface, end-to-end encryption, continuous monitoring and automated threat detection and response.

A Zero Trust approach enables users to work productively and securely, regardless of their physical location.

Passwordless security, is it possible? Are Passwordless Solutions Here to Stay?

With the evolution of biometric access and facial recognition, the use of passwords in the coming years will not be as significant as it is today, largely due to the fact that people end up reusing their passwords, thus compromising different platforms. The same is true in the event of an attack, so the use of a Multi-factor Authentication (MFA) solution is recommended and essential.

According to Microsoft's November 2021 study, the use of MFA reduces the effectiveness of identity attacks by more than 99%.

According to the Verizon 2022 data breach research report, more than 80% of attacks are related to weak or stolen passwords.

Major platforms are already prepared with authentication strategies like Windows Hello and FIDO, but they are not yet in the scope of understanding all devices and platforms. Therefore, knowing more and implementing passwordless solutions has been one of the new bets for decreasing cyberattacks.

Today we have new technologies that can evaluate specific rules for access authorization, verifying user identity, device state and location, networks and data, adding an additional layer of security for users and organization.

Two-step verification and encryptions combined with artificial intelligence (AI) help reduce the use of one of the weakest links in Cybersecurity, passwords, but it is important to understand that passwords in the future will be as a backup to intelligent authentication rather than the primary access tool.

The "Cyber Resilience" moment: the importance of control

As the boom in access and financial transactions has increased with the pandemic, it is very important that companies do not let their guard down in terms of security. Maintaining timely delivery and availability is crucial in the very hostile context we see for the future of online security. Maintaining a secure organization is a path, not a goal. It is very important that the culture of Cybersecurity is very present throughout the natural evolution of our organizations.

In order to achieve resilience in the face of attacks, organizations must practice good cyber hygiene, implement architectures that support Zero Trust principles, and build risk management into the business.

An essential step for the security of organizations is to define a Security Operations Center (SOC) that aims to continuously monitor and improve the organization's security posture while preventing, detecting, analyzing and responding to cybersecurity incidents 24 hours a day.

It acts as the hub or central command post that collects telemetry of an organization's entire computing infrastructure, including, networks, devices, identities, applications and services, wherever the assets reside. The proliferation of advanced threats adds value in gathering context from multiple sources.

Essentially, the SOC is the correlation point for each recorded event within the organization that is being monitored. For each of these events, the SOC team must decide how they will be managed and how to take action.

There are three layers, each responsible for more advanced and critical tasks:

• Layer 1 - Triage
• Layer 2 - Incident investigation and response
• Layer 3 - Analysts at the top of the hierarchy, responsible for supporting level 2 analysts with complex security issues, proactively searching and automating processes for incident investigation and remediation.

Training is also a way to prevent

In the work environment, it is important to keep employees informed. The focus is on investing in training, education and awareness actions for good security practices, where not only prepared technical teams will be needed, but also all departments and teams in the organization.

When we talk about cybersecurity education, we should prioritize the usability of the processes, so that the teams can have a greater understanding of what should be done and the benefits that this brings besides really understanding the real impacts of a data exposure.

The infrastructure that makes the difference

It cannot be said enough that organizations need to adapt to this whole process and invest in some operational premises:

• Identity and device management;
• Application security: finding the balance between the correct assignment of accesses and maintaining control of the applications, in order to ensure that the applications and the data they contain are protected;
• Access definition and control: assigning strictly necessary roles to users;
• Protection of information: Laws and regulations such as RGPD standardize the treatment and storage of personal data and help manage and protect corporate information while maintaining high levels of compliance;
• Cloud Migration: Migrating data to the cloud gives greater security of information and data;
• Software Engineering: The fuel to make everything work properly is to use software prepared to assist in preventing and resolving security or anti-fraud issues.
• Data and AI: Technology and all the evolution with machine learning and AI came to assist also in security processes, allowing the creation of mechanisms and automatisms in order to reduce the impact of incidents and effort of technical teams;
• Prevention and training: training and prevention are key areas of intervention to ensure the sustainability of the operations system, as well as improving the state of occupational safety and risk management.

André Rodrigues | Software Engineer - Identity & Security