How to manage cybersecurity in an increasingly complex environment

The vulnerability of systems and the difficulty of retrieving information are becoming the current targets of cybercriminals

The uncertainty and misinformation generated by COVID, the increase in the volume of online shopping and associated electronic payments, new organisational models of teleworking and the boom in the price of cryptocurrencies are increasingly being exploited by cybercriminals.

The techniques used to carry out scams, extortion and blackmail are becoming increasingly surprising and sophisticated. It is not for nothing that businesses that use digitalisation as one of their best business weapons are constantly incorporating new levels of control and security to carry out their transactions or interact with their customers.

As if they were commercial campaigns, cybercriminals are attacking companies’ infrastructures looking for vulnerabilities in their systems. Cyber attacks and their consequences are becoming a critical problem, generating significant losses for businesses and even causing their demise.

In recent weeks, AddVANTE has been detecting major attacks aimed at capturing interest and obtaining entry credentials to the company’s internal infrastructures in order to gain access to Office 365. To do this, they use multiple techniques and even algorithms that “hammer” the different access doors of the company’s IT architecture and its communications systems.

Small and medium-sized companies are very attractive targets as they are not used to, or cannot afford to, invest heavily in protecting their systems against these attacks.

In view of this situation, at AddVANTE we have prepared a work programme focused on SMEs with a twofold objective. On the one hand, to analyse the vulnerability of systems to possible cyber-attacks and, on the other, to propose the necessary solutions and improvements to optimise protection levels and ensure business continuity in the event of such attacks.

It is essential for all companies to know the level of risk that their systems have, and for this, we carry out a totally free security diagnosis that will qualify their situation and prepare a roadmap to follow to protect the systems and secure the information.

Once the situation has been assessed, in collaboration with the company’s systems personnel, we verify the protection measures to be applied and/or the possibilities for improvement. To this end, we issue a report that includes three types of recommendations: basic to guarantee a minimum level of security, medium to increase the degree of reliability and those that we consider optimal which, although they will never be an absolute guarantee, will make generic attacks by cybercriminals much more difficult, inviting them to look for more unprotected prey.

Strengthening the IT security system does not necessarily imply an increase in costs. We have encountered, on countless occasions, companies that have purchased and installed protection software that is not correctly configured, causing a false security that can have dire consequences for the business.

Most companies already have professionals who are responsible for maintaining the IT environment and are capable of implementing the various action plans. In any case, AddVANTE can continue to accompany the client, offering its experience in selecting technical alternatives and contracting suppliers.

Also, if our clients so require, we can act as Project Manager, together with the company’s IT manager, during the implementation process.

In the case of cybercrime, any prevention is too little and therefore it is necessary to establish a clear and well-defined strategy to reduce possible risks, establishing roles and responsibilities within the company. However, should an attack finally occur that affects our systems, we must have a robust and well-planned information recovery plan that guarantees the viability of our business.