In order to have an effective cybersecurity plan, first of all one must know what assets need to be protected, whether they are tangible or intangible (buildings, computers, programs, data...). Once known, one must investigate the possible vulnerabilities in order to determine the risks. What is the purpose of the plan? To prevent, avoid or eliminate those risks.
In the first half of 2017, many computers around the world were affected by a harmful program called "WannaCry", which once executed on the computers encrypted the data in such a way that it prevented the normal execution of the programs. And users were forced to pay in bitcoin at a hidden network address. Once the payment was made, they received the key to decode the data, and were able to return to normal, if such an abusive situation could be called that, when both individuals and employees received an email simulating a known company and ran an attachment.
Why were both individuals and companies affected? Because the course they followed until they fell into the trap was easy and simple, since in both cases they had received an email simulating a company known in the market and they executed an attached program starting the process, becoming unstoppable. Could the previous situation have been avoided?
Collaboration, intentional?
Nowadays, we know that there are many people in the world dedicated to understanding the vulnerabilities of operating systems, whether for large corporations or for security services, even sponsored by countries, which could make it easier for this group to carry out intrusive cyber-attacks on computers. But to this specialisation we must add how important is the collaboration, intentional or not, of people who receive or use emails. Some additional questions arise: does everyone need to have access to the internet? can everyone enter or extract data by clicking on an external hard drive, (pendrive) or similar? which employees can have open communications? are the access keys used secure? If we have equipment in our charge, do we apply the security policies that software manufacturers recommend? It has been observed, and it is well known, that even though the vulnerability is known, many companies do not apply the appropriate policies.
All this leads us to think about how many resources, in time and money, should be devoted to cybersecurity and how far to go. Questions that everyone has to answer in one way or another. Finally, in order to avoid cyber security being taken as an activity that prevents the daily development of any business and to live it as an ally that allows working in a safe way, even if certain processes and procedures have to be followed, we must have a proper communication policy.
Manuel García Ramírez
MGR Consultants IT and Security Manager