Skip to main content

IS ZERO RISK ACHIEVABLE?

 

IS ZERO RISK ACHIEVABLE?

 

 

The forecasts in the field of cyber security are all more pessimistic than the others. Those made for the year 2020 were already not sad and unfortunately the actuality only confirmed them: It is said that computer attacks have exploded in 2020. We talk about exponential curve and inventiveness of the attackers (Guillaume Poupard, general director of ANSSI - National Agency for Information Systems Security) and this statement is valid for the whole world.

 

1.

 

The following list, which only shows a few of the most resounding attacks month by month, only confirms this observation:

 

-          January 2020: Travelex, Manor Independent Scool District, WAWA, Microsoft…

-          February 2020: Estee Lauder, Danish Tax Portal, DOD DISA (White House), General Electric, UK Financial Conduct Authority…

-          March 2020: T-Mobile, Mariott, Whisper, UK Home Office, Virgin Media, MCA Wizard…

-          April 2020: US Small Business Administration, Nintendo, Email.it…

-          May 2020: EasyJet, Blackbaud, Mistubishi, Illinois, Wishbone…

-          June 2020: Amtrak, University of California SF, AWS, Postbank, NASA…

-          July 2020: CouchSurfing, University of York, MGM Resort, V Sherd, EDP…

-          August 2020: Cisco, Canon, LG, Xerox, Intel, The Ritz London, University of Utah ...

-          September 2020: Nevada, BancoEstado…

-          October 2020: Barnes & Noble, Boom! Mobile, Google, Ubisoft, Crytek… (1)

-          November 2020: 30 healthcare organizations reported breaches, which resulted in nearly one million health records compromised, Ransomware continued to be the most common cyber threat, Ransomware Forces Baltimore County Public Schools to Close, US Fertility Clinic Giant Struck by Ransomware, Patient Data Stolen, Delaware County, PA, Country $ 500K DoppelPaymer Ransom, IOT Manufacturer Hit With $ 14M Ransomware Demand, Medical Billing Co. Data Breach Affects 100,000+ Students… (2)

-          December 2020: T-Mobile, Metro Vancouver's TransLink Transportation Agency, Dental Care Alliance, SolarWinds to Infiltrate 18,000 Government and Private Networks (3).

 

For the year 2021, G DATA CyberDefense predicts that it will be the year of "ransomware 2.0", with increasingly aggressive attacks,

 

More professional social engineering and more innovative malware (4)

 

Ransomware will become more and more "aggressive, targeted and intelligent" in a word, more sophisticated.

 

Malware-as-a-Service platforms and polyglot code (combining harmless files with malware) will be used on a larger scale. (5)

 

Hence, the need to "implement epidemiologically inspired approaches to quantify cyber threats that have not been observed, detected, or spotted to better address detection, risk assessment, and prioritization gaps" (Sophos 2021 Threat Report).

 

2.

 

In order to spread viruses or worms in their target's installations in order to steal data, exfiltrate them or penetrate information systems, attackers use vectors.

 

Among the most used and known vectors are Phishing in all its forms (Smishing, Vishing, Spear Phishing, Pretexting, Baiting, Answering, Water holding, Quid pro quo), social engineering (which is the main vector used for Ransomware), not to mention compromised websites, malvertising which requires no intervention from the victim, brute force, skimming...

 

Of course, there are many recommendations, means and tools that can be used to protect oneself from computer attacks. 

 

The best way to fight phishing and social engineering is to educate the users.

 

But in general, PREVENTION, DETECTION and RESTORATION are the keys to a good protection of a computer system.

 

Experts recommend, in case of a computer attack, to respect the 1-10-60 rule, that is to say 1 minute to detect the attack, 10 minutes to investigate and identify the nature of the attack and 60 minutes to remedy it.

 

But we have to admit that this rule is only an ideal to reach, an ideal that is in fact never or very rarely reached. To be convinced of this, it is enough to note the number of victims and who they are.

 

3.

 

Having held, from the middle of 2020, the same reasoning that led the SOPHOS team to conclude the 2021 threat report, PT SYDECO team concluded that the best way to protect a facility was to take inspiration from nature and follow its rules: Every living being has an immune system that protects its body from external bacterial attacks.

 

And when there is an epidemic, precautionary measures must be taken. Among these measures, the most basic is the isolation of the infected body.

 

PT SYDECO's Research and Development team had already created ARCHANGEL© to protect the internet and SST© to protect data by transforming and writing them in the form of waves without the use of any key, when are appeared, with the covid 19 pandemic, the attacks carried out against hospitals which resulted in deaths and against public services, depriving their users of their vital services (for example, the hacking of the computer system managing the drinking water network of a city in Florida).

 

It is a fact that against computer attacks, the traditional means of defense are ineffective: the attackers show an overflowing imagination and the time to find the adequate parades, the damage is done and the consequences are sometimes terrible: Death, Bankruptcy, Heavy financial burden, Loss of reputation...

 

The attacks against hospitals and public services have shown that it is not only the data that must be protected, but also and above all, the information systems.

 

It was therefore necessary to be able to immunize the information systems, programs, source codes against any attack.

 

A firewall, just like an antivirus, needs to know the nature of the attacking agent in order to counter it, and this knowledge comes only after a certain amount of time has been spent studying it.

 

Even if the staff of a company is educated, mistakes are human.

 

In these conditions the zero risk cannot be reached.

 

Therefore, to be effective, the system must be able to resist all types of attacks, all new viruses or worms, any failure of the staff to open wide the doors of the computer network of their office.

 

4.

 

PT SYDECO has created SP-One© (6) with all these requirements in mind.

 

SP-One© is a program and a system that is creating a hermetic secure shelter around the source codes or programs that are used either in an office, an administration, at University, in the Cloud, in any mechanic or in SaaS.

 

SP-One is acting as the immunity system of any information system.

 

One of the most important benefits of SP-One© is that even if the information system of an organization is victim of an attempt of a Ransomware attack and during and after such attack, THERE WILL BE NO DISCONTINUITY, in its work, its production, or its services:  

 

1.      The Hospital will continue to care,

2.       The Industry will continue to produce,

3.      The University will continue to educate their students,

4.      The Public Services will not stop.  

 

NO HUMAN LIFE IN DANGER, NO RANSOM TO BE PAID, and NO LOST IN PRODUCTION, NO LOST TIME IN REPAIRING THE SYSTEMS….   

 

5.

 

SP-One© system, which uses SST© and ARCHANGEL© technologies, does not need to recognize the type of attack in order to provide an effective defense: it obeys the 0-0-0 rule, which is the best one that can exist.

 

If SolarWinds had protected its company's software system with SP-One, it would have been impossible for the attacker to penetrate it and add malicious code into the company's software system.

 

So we can say that with SP-One©, ZERO risk is no longer a utopia.

 

*

 

(1)    https://www.zdnet.fr/actualites/2020-les-cyberattaques-qui-ont-marque-l-annee-39914023.htm

(2)    https://arcticwolf.com/resources/blog/top-cyberattacks-november-2020

(3)    https://arcticwolf.com/resources/blog/top-5-cyberattacks-december-2020

(4)    Bill Fassinou, https://securite.developpez.com/actu/310972/2021-sera-l-annee-du-ransomware-2-0-avec-des-attaques-de-plus-en-plus-agressives-une-ingenierie-sociale-plus-professionnelle-et-des-malwares-plus-innovants-selon-G-DATA-CyberDefense/

(5)    https://www.globalsecuritymag.fr/G-DATA-IT-Security-Tendances-pour,20210111,107020.html; https://www.sentinelone.com/blog/7-common-ways-ransomware-can-infect-your-organization/

(6)    https://syde.co/sp-one/

 

 

 

Comments

Popular posts from this blog

Hannover Messe 2021

Hannover Messe 2021   The World's largest Industrial Technology Exhibition "Hannover Messe 2021" will be completed tomorrow, April 16, 2021. There is still time for you to visit the exhibition, there will be a lot of information that you get related to the development of industrial technology in the world. Various sectors of industrial from various countries are in the exhibition. Indeed this exhibition is different from Hannover Messe in previous years, because this year Hannover Messe held full Digital. this is certainly a strategy to anticipate the spread of the Covid-19. But you don't have to worry, because even if it's refreshed digitally you can still get all the information you need. because there are features available to share contacts, livestreaming and even meetings within the Platform. This year Indonesia was selected as a Country Partner and represented by at least 156 Companies from Indonesia. one of them is PT Sydeco who concentrate fully on Cyber S

KASEYA CRASH

  I can't help but draw a parallel between KASEYA and SOLARWINDS. Both companies offer I would say "hyper-integrated" solutions, the "all in one", management and security, easy to use and both put forward the IT security not only of their solution but especially of the whole IT system of the users.   And both seem to either be adept at "do as I say, not as I do" unless they are deceiving users about the quality and effectiveness of their solutions. On closer inspection, both offer full visibility that should allow for immediate reaction and data protection. It is clear that both companies were unable to detect the early stages of the attacks, despite the vaunted performance of their security solutions. The fault of these two companies is that they wanted to "hyper-integrate" everything, the IT protection solution with the IT management solution. Data management and IT security cannot be integrated in one product. Of course, when

Cyber Crime

  Cyber Crime Cyber Crime atau kejahatan digital pasti sudah tidak asing lagi di telinga kita. Dari kejahatan yang sifatnya kecil dan sederhana sampai yang sangat besar dan kompleks. Motif mereka juga berbagai macam, mulai dari mengkopi data, merusak data maupun situs bahkan meretas atau mencuri data atau sebuah situs. Tentu tindakan mereka sangat merugikan kita, baik kerugian secara moril sampai kerugian materiil yang sangat besar. Sasaran mereka juga beraneka ragam, mulai dari Individu, Lembaga, perusahaan, Instansi swasta, bahkan Instansi Pemerintahan sekalipun tak luput dari serangan mereka. Mereka juga menyerang semua sektor kehidupan, seperti Perbankan, Pendidikan, Kesehatan, Perindustrian, Perdagangan, Pertanian, Penelitian, Pertanian dan lain sebagainya. Metode yang mereka gunakan untuk menyerang juga beraneka ragam dan terus berkembang seiring dengan perkembangan Teknologi dan perkembangan Ilmu Pengetahuan. Mulai dari penyerangan dengan menyebarkan Virus, Malware, Ransomwa