Latin America. A few weeks ago the world woke up to the news that the Wanna Cry malware, a malicious program that spread to every computer connected to the cloud, infected an estimated number in more than 200,000 computers around the globe. The director of the European police office Europol, Rob Wainwright, told British broadcaster ITV that it has already infected teams from more than 150 countries.
With 22 years, the technical expert of British origin, who warned that cybercriminals could return to the load by changing the malicious code of this malware and that, in that case, it will be impossible to stop them. Computers "won't be safe until they install the corrective as quickly as possible," he tweeted from his @MalwareTechBlog account.
The recent events that we have witnessed worldwide have exposed shortcomings of prevention in companies. It has been evident that organizations leave the protection of sensitive information in the hands of users, a very comfortable situation for IT areas leaving the door open for organizations that profit from this lack of caution and attention. Well, reality tells us that the user does not protect the information unless it is of a personal nature, which generates a very high and real risk of loss or theft as in the case of cyberattacks. But it is not the only situation in which companies lose out, as there is the inappropriate use of sensitive data and even the commercialization of confidential information.
Although companies began to carry out a review of the vulnerabilities to which they were exposed, it has not been seen that the next logical step is yet taken to have the right solutions. The prioritization and implementation of professional solutions has not yet been placed in the first place.
The key to protecting against these attacks, in addition to updating your antivirus and doing a massive scan, is to identify and eliminate system vulnerabilities in the devices of corporate networks. The professional use of IT management software specialized in rule-based intrusion detection, control of removable mobile devices and storage minimizes data loss and recovery times.
Organizations increasingly have more mobile users connecting to insecure networks, users copying confidential information on removable media without any control, users delivering codes, access codes, sensitive information through connections and unsecured pages, raising the percentage of risk of data loss and information leakage.
These types of attacks have brought with them a series of questions that must have an immediate solution if organizations intend to keep their customers captive. "Companies must take care not only of their information, but also of corporate image to customers, because being evidenced by having been violated leaves organizations with a negative and unreliable image about how they protect their interests and those of their customers," said Eduardo Rueda, VP of Marketing and Sales LATAM for Aranda Software.
It is important to have backup solutions that offer multi-layered protection against data theft and unauthorized access to files through functionalities such as encryption on endpoints, remote erasure and prevention in data theft, blocking or policies of use of usb ports, blocking of applications, connections or malicious agents.
The recommendations from the point of view of the experts are:
- Know the status of the technological assets that the organization has, modifications made and related security incidents.
- Guarantee the encryption of the disks of the company's portable computers, as well as the internal and external use of them.
- Take responsibility for the information and not outsource it, users although they have the management, the company must implement the means for the care and protection of their sensitive data.
- Do not wait for "the child to fall into the well", the forecast of undesirable scenarios must be a priority, since it is known that the recovery of information takes twice as long and costs 4 times more than protecting in advance.
Leave your comment