Frequently Asked Questions
Several major cyber attacks have taken place due to the absence of EDRs in computer security equipment, including that of the MGM hotel in Las Vegas in 2020 (personal information leaked by 10 million customers).
Companies that fall victim to such attacks pay a heavy price: financially, on the one hand, and in terms of their reputation. They risk taking years to regain public confidence.
Today, the complexity and evolution of IT infrastructures, applications, the cloud, virtual machines and endpoints increase the chances of being subjected to a cyberattack.
To secure these elements effectively, three aspects are required: a holistic view of the network, data collection and correlation between events and threats . This is what SIEM allows
What is a SIEM?
SIEM (for Security Information Management system or, in French, management of information and security events) has the role of detecting threats, attacks and anomalies thanks to its ability to correlate the various events. Thus, he can identify the cause of several separate events, such as a hacker having slipped into the network to perform manipulations or even an SMS or an email that would have been used to make phishing attempts.
Data collection and standardization
In order to be able to correlate events, SIEM collects them on logs and equipment, such as firewalls, routers, servers, databases, etc. These events are then normalized into a more readable format, allowing the IT team to search by criteria, for example.
The advantages of SIEM
Better network protection
SIEM also alerts you to suspicious activity on software and network connected devices - for example, it will alert you if a service provider installs software on your network that can potentially export data from your business.
Simplified network management
SIEM allows events to be archived as well as the generation and replay of old ones to conduct investigations after an incident.
Your company's compliance with legal requirements
To protect yourself from identity theft
With teleworking, multi-factor authentication has become a real necessity, whether remote connections go through terminal-server (TS), virtual private network (VPN) or even through an application hosted in the cloud.
Outsmart the clever foxes who would be tempted to pretend to be an employee: multi-factor authentication is the solution against identity theft by usernames and passwords.
What is Multi-Factor Authentication (MFA) and Two-Factor Authentication?
Multifactor authentication: A process for verifying identity that uses at least two different authentication factors.
Two-factor authentication: A method of verifying identity that uses precisely two different authentication factors.
The different authentication factors
In order to secure any connection or transaction of a user, the system will attempt to confirm their identity using various authentication factors.
The password is information that the user must know .
The token (or identification token - security token)
The token can either be a real token that the user must have when logging in or his smartphone.
A common problem with authentication with a simple username and password is that these are often found in company databases, which can be decrypted by a hacker. So even if you change your passwords regularly, you are still at risk.
In addition, a significant number of employees use passwords that are too simple, and therefore easy to crack. Some even write their passwords on Post-It notes on their computer screens.
Compromised passwords are involved in 80% of security breaches, hence the importance of having a multi-factor authentication system. Advantages
Significant reduction in security breaches:
- Allows you to verify the identity of the user to avoid intrusions.
- Improves network security when employees connect to it remotely with their various devices.
- Strengthens the credibility of the company in the eyes of its customers, particularly for transactional sites. After all, trust has to be earned.
Time and cost savings:
- Reduces the number of requests sent to IT technicians. In fact, more than a third of the requests received by the IT departments of companies that have password-only authentication systems relate to… passwords. Resetting them requires time that technicians could use more productively.
One of the biggest weaknesses of a business is not in equipment, but in human error. Indeed, often inadvertently or through ignorance, employees will pave the way for attacks, in particular by clicking on a corrupted link, by opening a document that is equally corrupt or by disclosing information to hackers. EDR is the most effective solution to guard against such attacks.
Ransomware often takes the form of an email with a clickable link or an attachment which, once opened, allows the perpetrator to take the data of his victim's network hostage: the perpetrator then demands a ransom in exchange. from which he "undertakes" to give the victim back access to his data.
Depending on the size of the company, its importance and its turnover, the perpetrators of this type of cyberattack can demand ransoms ranging from a few thousand dollars ... to several hundred thousand dollars. Ransoms even exceed the million mark.
However, the losses incurred are not limited to the value of the ransom. By no longer having access to their data for a long period of time, companies and government authorities thus trapped see their activities diminish or come to a complete stop.
In June 2020, the University of California, San Francisco, resolved to pay a ransom of US $ 1.14 million to recover sensitive medical school data seized by hackers.
In 2017, WannaCry attacked more than 200,000 computers around the world. Multinationals, hospitals and governments were among the victims of this ransomware , which caused global losses estimated at several hundreds of millions of dollars.
Ransomware does not discriminate: it attacks SMBs as well as large companies. However, hackers and government agencies remain popular with hackers because of their lucrative potential.
When your system is held hostage, unfortunately, it will be difficult for you to find all your data on your own. Faced with this impasse, some decide to pay the ransom, but we do not recommend submitting to hackers' demands in this way, as there is no guarantee that they will give your data back to you once they get their money.
If you have been struck by ransomware, EcoSysIP can help you minimize its losses and prevent its spread: contact us now.