Information Security Everywhere

Valentin Almiron
CODE + CONTOUR by IPSY
7 min readAug 15, 2022

--

When we talk about information security, the first thing that comes to mind is a cybercriminal (sometimes incorrectly referred to as a “hacker”) trying to break into an entire nation’s highly confidential security system, but cybersecurity entails protection for all of us. As consumers, we rely on sellers to have safeguards that protect our personal information and ensure our privacy, assuming their compliance with the industry standards that require those protections.

State-of the-Art in Information Security

In 2022, all companies and nations have taken measures to ensure information security; everyday, a new threat is presented either by a group of cybercriminals or a vulnerability in software that’s used worldwide.

What is a vulnerability? When a website, app, or software has a vulnerability, that means there is a weakness in the program that allows a potential attacker to perform an action for which the software was not created. An example would be someone accessing confidential data on a device, or allowing remote execution of commands (that means allowing an attacker located anywhere in the world to take control of your device) not authorized by the administrator.

These potential security threats have given rise to a wide variety of professions related to safeguarding information to counteract the efforts of these cybercriminals. There are roles related to compliance/risk/incident management, infrastructure security, cloud security, cyber intelligence, application security, and ongoing research to better understand and detect vulnerabilities within different systems before cybercriminals have a chance to, and report them to each vendor for immediate action. There are many more related professions in cybersecurity, with more roles being created every day out of necessity and to keep up with the rate of new technological innovations.

Although not comprehensive, there are some common methods companies will take to ensure their network is secure.

Cyber Resilience

The transition in the last two years from working in the office to fully remote work in many industries, and the subsequent increase in cloud service usage, has resulted in a significant increase of cyber attacks. Large companies with significant investments in cybersecurity have been affected by different incidents in recent years, so what should companies do?

Cyber resilience has taken more prominence within the cybersecurity field, and its approach changed from protecting the borders to ensuring that business operations can recover after a cyber attack or data breach.

What Is It?

Cyber resilience is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or rely on cyber resources. In other words, cyber resilience is the ability to continuously deliver the intended outcome despite adverse cyber events. Since it is not possible to prevent companies from suffering an incident, this action is often sought to minimize their impact.

Cyber resilience is made up of five key pillars:

  • Identify critical assets, systems, and data. You must understand the resources that support all critical functions within a business context.
  • Protect critical infrastructure services. In this step, you should install first-line security programs that will limit or contain the impact of any potential threat.
  • Detect strange events and suspected data breaches or data leaks before major damage occurs. This step demands constant security monitoring.
  • Respond to a detected security breach or failure. This function involves an end-to-end incident response plan to ensure business runs as usual in the face of a cyberattack.
  • Recover to restore any affected infrastructure, capabilities, or services that were compromised during a cybersecurity incident. This step focuses on making a timely return to normal efforts.

The universe of cyber threats is huge and resources are often scarce, so the challenge for companies is to focus on how to deal with cyber threats.

What are we doing at BFA?

As a native digital company, BFA loves nothing more than to see our community members thrive. We know you’re unique, and we know you trust us with your personal information when you visit or join our team. That is why we work extensively on different initiatives to safeguard the information entrusted to us by millions of members.

The main projects we are continuing to build in terms of cyber resilience capabilities during this period of the year are:

  • Security & compliance activities: To comply with the standard, such as PCI-DSS, referring to online payments and privacy regulations, ensuring the protection of our customers’ data.
  • Threat intelligence: Many data breaches, data leaks, and scams exposed to the companies are identified weeks, or even months, after their publication. Being ahead of this problem through a proactive approach with early warnings allows us to be able to lay out actions using information from the OSINT sources that matter most — whether it’s social media, chat services, foreign-language forums, marketplaces, paste sites, or the deep and dark web — to track and remediate threats from across the web. This approach is essential to keep information safe and away from malicious actors.
  • Phishing prevention: Strengthening and redefining the processes we use to identify threats and implementing tools that facilitate the reception of reports internally, in addition to reevaluating the email security infrastructure to assess adequate protections.
  • Awareness program: Implementation of a comprehensive program regarding information security issues so that all employees are trained. Due to the increase in phishing attacks, one of the major training initiatives for this year will be on phishing, and employees will be trained to identify and be vigilant of this type of threat.
  • Vulnerability management: Define the processes to be able to remediate or mitigate vulnerabilities from third-party software or internal developments, and refer to our external report program to receive security reports related to our state of security and our platform for external security researchers.

What does the future hold?

Cybersecurity Threats 2023

We’ve selected three of the top 10 cybersecurity threat predictions for 2023, based on reports by leading cybersecurity solutions companies, to tell you about the ones we foresee having the most impact.

1. Geo-Targeted Phishing Threat

The term phishing defines a criminal activity which uses techniques to manipulate users in order to obtain confidential information. Its aim is to gain access to sensitive data, such as usernames and passwords, PIN codes, and more. Access is usually achieved by sending emails masquerading as a trustworthy person or business. The email can look very genuine, and will contain graphics and content which may have originally come from the source it is impersonating. You will be asked to enter, under various pretenses (data verification, financial operations), some of your personal data, such as bank account numbers, usernames, or passwords. All such data, if submitted, can easily be stolen and commandeered.

This type of technique has been extended to phone calls (‘vishing’), sending text messages (‘SMSmishing’) and any other communication channel in which a criminal tries to impersonate a real person or business.

In other cases, phishing can be used with the objective to trick a person into downloading a malicious file they believe to be genuine, in order to take control of their device or execute a Ransomware attack that involves encrypting the person or company’s information, and then asking for a ransom to deliver the decryption key.

For online users, phishing attacks continue to rise in frequency and severity. This is the first point of entry for attacks on companies, according to the latest reports from various IT security companies.

Cybercriminals are increasingly accessing and gathering information on their targets in order to improve the effectiveness of their phishing attempts. For example, some now use your geolocation to create custom phishing websites or email chains that target victims. This kind of thing makes it difficult for individuals to distinguish between phishing scams and the real deal.

Keep your eyes open for odd-looking messages and avoid opening strange attachments.

2. Surge in supply chain attacks

A supply chain attack takes advantage of trust relationships between different organizations that might install and use company software within their networks, or that they work with as a vendor.

A supply chain attack targets the weakest link in a chain of trust. If an organization has strong cyber security but has an insecure trusted provider, attackers will target that provider. With a foothold in the provider’s network, attackers could move onto the more secure network by taking advantage of the trust that’s been already established between the two businesses’ working relationship.

These types of attacks are becoming more and more prevalent, using a quadruple extortion model: retain the victim’s critical data, threaten to leak and publish the breach, threaten to target their customers, and attack the supply chain of the victim or associated providers.

3. Zero-day and known vulnerabilities

A zero-day vulnerability is a software vulnerability discovered by researchers before the vendor is aware of it. Because vendors don’t know, there is no patch for zero-day vulnerabilities, making attacks successful.

How do we avoid this? We need a patch from the vendor. On some occasions, cybersecurity companies have solutions that mitigate these vulnerabilities until the vendor issues the fix.

In addition, vendors frequently provide a solution to vulnerabilities of their products, and this requires processes that allow each company to update the software being used — namely, the one that is accessible from the Internet. If this does not happen, a company may have an exposed service to the internet, with a known vulnerability that could be overtaken by a potential attacker.

Due to the paranoia and anticipation of these attacks becoming more frequent, developing cyber-resilience capabilities as soon as possible is a necessity for companies, not an option.

--

--