Criminals use a double-ransomware approach on the web. How to protect yourself?

Grzegorz Kubera speaks with Piotr Konieczny, head of the Niebezpiecznik.pl security team.

Piotr Konieczny: About the importance of the human being in the security model. Everyone has heard that people are the weakest link in security, but not everyone knows what zero trust is, how to implement it in your business processes, and how to respond to security incidents. safety – because these will happen sooner or later, no matter what we do.

However, our correct response to threats is crucial. Without it, even despite considerable security expenditures, one can be blown away by a poorly managed incident.



|
press material

The zero trust model assumes that we should not trust by default and believe that even employees have good intentions. This generally means that we need and want to authenticate everything that tries to access and log in to the systems used in the company. In the era of hybrid and remote working, security challenges increase even more. What do you think we should implement to improve home office security?

First, well-adapted employee identification and authentication mechanisms. Today it can be implemented very simply and inexpensively. Just give employees U2F tokens [klucze bezpieczeństwa, zwykle podłączane na USB – red.]that are needed to connect to company services, such as email or CRM.

The U2F token looks like a USB key and is safer to use than any one-time code sent by SMS or generated by applications such as Google Authenticator.

Why?

Such a token means that even if an employee catches the most popular attack today: phishing, the hijacked data will prevent the attacker from accessing company systems.

What other practices do you recommend?

In addition to fighting phishing, it’s important to be prepared for malware attacks. There are many solutions here, but it is important to introduce some form of whitelisting [dopuszczenia do działania aplikacji z zamkniętej listy – red.] and appropriately limit what an employee can run or install on their computer. Unfortunately, I will not recommend a solution here, because it must be selected according to the risk model for a given company, taking into account the position and needs of a given type of user, and even in a company, there may be several.

Leave a Comment