Audit and consulting

Cyber-resilience: the key to overcoming incidents

The goal of cyber-resilience for an organization, whether or not it belongs to a strategic sector, whether or not it provides one of these digital services, is to maintain its primary purpose and integrity in the face of a cybersecurity threat or attack to an ideal level. Continuous detection processes must be established given that total prevention will never be guaranteed.

Tags:

Best practices

Industrial Control System

Policies

Studies & stats

Sodinokibi: prevention, identification and response

Sodinokibi uses the RaaS (Ramsonware as a Service) model, which favours its rapid spread. In this article we present some lines of action that should be followed in the case of having been a victim of this sophisticated malware or if it is suspected that it could have infected our systems.

Tags:

Do you know the Spanish National Guidelines for Reporting and Managing Cyber Incidents?

The latest version of the “Spanish National Guidelines for Reporting and Managing Cyber Incidents”, has been updated. In addition to this update, INCIBE-CERT has published the Appendix “Managing cyber incidents in the private sector”

Tags:

Continuity

Incident

NetWalker ransomware: analysis and preventative measures

In the last few days there have been various reports, both nationally and internationally, of a ransomware campaign called NetWalker, also known as Mailto or Koko, which appears to target healthcare centers, taking advantage of the current state of alarm declared as a result of the COVID-19 pandemic.

Tags:

Sodinokibi: features and operation

The ransomware attacks have experienced a great evolution from its beginnings, being able to identify a great amount of different families at the present time, many of them are highly sophisticated, with high propagation and persistence. In this blog we explain what is Sodinokibi and how it works.

Tags:

Teleworking: VPN and other recommendations

In this article, we review virtual private networks, or VPNs, one of the most important measures for teleworking, as they allow a connection to the organization through secure networks, and the advantages they offer, as well as additional security recommendations to help ensure cyber security.

Tags:

#CyberCOVID19

Bastioning procedures

Continuity

Networking

Virtualization

Secure use of communications and protocols at charging stations

Electric charging stations are increasingly used in urban furniture in cities. Electric cars and their need to be charged are a reality. Because of this, there is an increase in supply points that depend on specific protocols and communications for these stations.

Tags:

Bastioning procedures

Critical infrastructures

Industrial Control System

Industrial protocol

Policies

Safe development

The importance of the cybersecurity strategy for the industry

The union of the IT and OT worlds is unstoppable, which means that the cybersecurity strategy, traditionally focused on the IT field, must now include aspects related to the industrial world. Having a good cybersecurity strategy is essential for IC systems to survive in this new era.

Tags:

Measuring the severity of vulnerabilities: changes in CVSS 3.1

The open and most-widely-used framework for communication and vulnerability scoring, the CVSS (Common Vulnerability Scoring System), has been updated, incorporating improvements in its new version 3.1 with respect to the previous one. This standard assesses the severity of computer systems vulnerabilities and assigns them a score of 0 to 10.

Tags:

Cybersecurity standards at sea

Trips across the ocean have changed over the years with the arrival of the industrial revolution and information technology, among other things, making technology its best ally, both to automate their navigation and to control their location from land-based stations. However, this total dependence on technology brings with it important security issues that need to be addressed with the importance they deserve.

Tags:

Continuity

Critical infrastructures

Industrial Control System

Legal compliance

Policies