Skip to main content

IS ZERO RISK ACHIEVABLE?

 

IS ZERO RISK ACHIEVABLE?

 

 

The forecasts in the field of cyber security are all more pessimistic than the others. Those made for the year 2020 were already not sad and unfortunately the actuality only confirmed them: It is said that computer attacks have exploded in 2020. We talk about exponential curve and inventiveness of the attackers (Guillaume Poupard, general director of ANSSI - National Agency for Information Systems Security) and this statement is valid for the whole world.

 

1.

 

The following list, which only shows a few of the most resounding attacks month by month, only confirms this observation:

 

-          January 2020: Travelex, Manor Independent Scool District, WAWA, Microsoft…

-          February 2020: Estee Lauder, Danish Tax Portal, DOD DISA (White House), General Electric, UK Financial Conduct Authority…

-          March 2020: T-Mobile, Mariott, Whisper, UK Home Office, Virgin Media, MCA Wizard…

-          April 2020: US Small Business Administration, Nintendo, Email.it…

-          May 2020: EasyJet, Blackbaud, Mistubishi, Illinois, Wishbone…

-          June 2020: Amtrak, University of California SF, AWS, Postbank, NASA…

-          July 2020: CouchSurfing, University of York, MGM Resort, V Sherd, EDP…

-          August 2020: Cisco, Canon, LG, Xerox, Intel, The Ritz London, University of Utah ...

-          September 2020: Nevada, BancoEstado…

-          October 2020: Barnes & Noble, Boom! Mobile, Google, Ubisoft, Crytek… (1)

-          November 2020: 30 healthcare organizations reported breaches, which resulted in nearly one million health records compromised, Ransomware continued to be the most common cyber threat, Ransomware Forces Baltimore County Public Schools to Close, US Fertility Clinic Giant Struck by Ransomware, Patient Data Stolen, Delaware County, PA, Country $ 500K DoppelPaymer Ransom, IOT Manufacturer Hit With $ 14M Ransomware Demand, Medical Billing Co. Data Breach Affects 100,000+ Students… (2)

-          December 2020: T-Mobile, Metro Vancouver's TransLink Transportation Agency, Dental Care Alliance, SolarWinds to Infiltrate 18,000 Government and Private Networks (3).

 

For the year 2021, G DATA CyberDefense predicts that it will be the year of "ransomware 2.0", with increasingly aggressive attacks,

 

More professional social engineering and more innovative malware (4)

 

Ransomware will become more and more "aggressive, targeted and intelligent" in a word, more sophisticated.

 

Malware-as-a-Service platforms and polyglot code (combining harmless files with malware) will be used on a larger scale. (5)

 

Hence, the need to "implement epidemiologically inspired approaches to quantify cyber threats that have not been observed, detected, or spotted to better address detection, risk assessment, and prioritization gaps" (Sophos 2021 Threat Report).

 

2.

 

In order to spread viruses or worms in their target's installations in order to steal data, exfiltrate them or penetrate information systems, attackers use vectors.

 

Among the most used and known vectors are Phishing in all its forms (Smishing, Vishing, Spear Phishing, Pretexting, Baiting, Answering, Water holding, Quid pro quo), social engineering (which is the main vector used for Ransomware), not to mention compromised websites, malvertising which requires no intervention from the victim, brute force, skimming...

 

Of course, there are many recommendations, means and tools that can be used to protect oneself from computer attacks. 

 

The best way to fight phishing and social engineering is to educate the users.

 

But in general, PREVENTION, DETECTION and RESTORATION are the keys to a good protection of a computer system.

 

Experts recommend, in case of a computer attack, to respect the 1-10-60 rule, that is to say 1 minute to detect the attack, 10 minutes to investigate and identify the nature of the attack and 60 minutes to remedy it.

 

But we have to admit that this rule is only an ideal to reach, an ideal that is in fact never or very rarely reached. To be convinced of this, it is enough to note the number of victims and who they are.

 

3.

 

Having held, from the middle of 2020, the same reasoning that led the SOPHOS team to conclude the 2021 threat report, PT SYDECO team concluded that the best way to protect a facility was to take inspiration from nature and follow its rules: Every living being has an immune system that protects its body from external bacterial attacks.

 

And when there is an epidemic, precautionary measures must be taken. Among these measures, the most basic is the isolation of the infected body.

 

PT SYDECO's Research and Development team had already created ARCHANGEL© to protect the internet and SST© to protect data by transforming and writing them in the form of waves without the use of any key, when are appeared, with the covid 19 pandemic, the attacks carried out against hospitals which resulted in deaths and against public services, depriving their users of their vital services (for example, the hacking of the computer system managing the drinking water network of a city in Florida).

 

It is a fact that against computer attacks, the traditional means of defense are ineffective: the attackers show an overflowing imagination and the time to find the adequate parades, the damage is done and the consequences are sometimes terrible: Death, Bankruptcy, Heavy financial burden, Loss of reputation...

 

The attacks against hospitals and public services have shown that it is not only the data that must be protected, but also and above all, the information systems.

 

It was therefore necessary to be able to immunize the information systems, programs, source codes against any attack.

 

A firewall, just like an antivirus, needs to know the nature of the attacking agent in order to counter it, and this knowledge comes only after a certain amount of time has been spent studying it.

 

Even if the staff of a company is educated, mistakes are human.

 

In these conditions the zero risk cannot be reached.

 

Therefore, to be effective, the system must be able to resist all types of attacks, all new viruses or worms, any failure of the staff to open wide the doors of the computer network of their office.

 

4.

 

PT SYDECO has created SP-One© (6) with all these requirements in mind.

 

SP-One© is a program and a system that is creating a hermetic secure shelter around the source codes or programs that are used either in an office, an administration, at University, in the Cloud, in any mechanic or in SaaS.

 

SP-One is acting as the immunity system of any information system.

 

One of the most important benefits of SP-One© is that even if the information system of an organization is victim of an attempt of a Ransomware attack and during and after such attack, THERE WILL BE NO DISCONTINUITY, in its work, its production, or its services:  

 

1.      The Hospital will continue to care,

2.       The Industry will continue to produce,

3.      The University will continue to educate their students,

4.      The Public Services will not stop.  

 

NO HUMAN LIFE IN DANGER, NO RANSOM TO BE PAID, and NO LOST IN PRODUCTION, NO LOST TIME IN REPAIRING THE SYSTEMS….   

 

5.

 

SP-One© system, which uses SST© and ARCHANGEL© technologies, does not need to recognize the type of attack in order to provide an effective defense: it obeys the 0-0-0 rule, which is the best one that can exist.

 

If SolarWinds had protected its company's software system with SP-One, it would have been impossible for the attacker to penetrate it and add malicious code into the company's software system.

 

So we can say that with SP-One©, ZERO risk is no longer a utopia.

 

*

 

(1)    https://www.zdnet.fr/actualites/2020-les-cyberattaques-qui-ont-marque-l-annee-39914023.htm

(2)    https://arcticwolf.com/resources/blog/top-cyberattacks-november-2020

(3)    https://arcticwolf.com/resources/blog/top-5-cyberattacks-december-2020

(4)    Bill Fassinou, https://securite.developpez.com/actu/310972/2021-sera-l-annee-du-ransomware-2-0-avec-des-attaques-de-plus-en-plus-agressives-une-ingenierie-sociale-plus-professionnelle-et-des-malwares-plus-innovants-selon-G-DATA-CyberDefense/

(5)    https://www.globalsecuritymag.fr/G-DATA-IT-Security-Tendances-pour,20210111,107020.html; https://www.sentinelone.com/blog/7-common-ways-ransomware-can-infect-your-organization/

(6)    https://syde.co/sp-one/

 

 

 

Comments

Post a Comment

Popular posts from this blog

KEUANGAN & DATA PRIBADI PEMAIN GAME ONLINE DALAM BAHAYA

Melindungi Gamer Online: Memahami Risiko dan Solusi Dalam beberapa tahun terakhir, dunia game online telah mengalami pertumbuhan eksponensial, sejalan dengan meningkatnya nilai aset game. Namun, lonjakan popularitas ini juga membawa segudang risiko yang mengancam para pemain dan operator. Dari upaya peretasan dan pencurian akun hingga transaksi yang tidak sah dan eksploitasi data, bahaya yang mengintai di dunia digital selalu ada. Mengingat tantangan-tantangan ini, sangat penting untuk menjelaskan pentingnya langkah-langkah perlindungan yang kuat dan solusi inovatif. Memahami Lanskap Aset game, yang terdiri dari mata uang virtual, item, dan akun, adalah sumber kehidupan ekonomi game online. Nilainya melampaui ranah virtual, bahkan sering kali melampaui transaksi di dunia nyata. Meskipun demikian, perlindungan konsumen tradisional yang diberikan oleh layanan perbankan dan pembayaran tidak ada di ranah game. Operator platform game sering kali mengadopsi pendekatan laissez-faire, membuat ...
Post a Comment
Read more
 Hospital Security in Question In a recent article titled "Cyberattacks: Public and Private Hospitals, Is the Worst Yet to Come?", Jean-Michel Tavernier1 provides a detailed analysis of why the medical sector is a prime target for hackers. He highlights the vulnerabilities that allow hackers to access sensitive data such as medical records, insurance information, and payment details. The compromise of this data can have severe consequences for individuals' privacy, financial security, and even personal safety, not to mention the financial damage to institutions and the risks to the quality of care provided to patients. System Vulnerabilities Tavernier points to the "excessive interdependence of the entire healthcare chain." Hospitals collaborate with a multitude of interconnected providers and partners, creating numerous opportunities for attackers. He suggests managing the attack surface (ASM), which means controlling and securing all entry points where unautho...
Post a Comment
Read more
                                                                     ERRARE HUMANUM EST   The Inescapable Nature of Human Error and Its Implications in Cybersecurity To err is human; one could even say it is a defining characteristic of humanity. Who has never made a mistake, whether out of distraction, ignorance, or because it was provoked? No one is immune to making mistakes, and most of the time, they are forgivable, even if their consequences can be very damaging. However, the fundamental, unforgivable error is doing nothing to avoid situations that lead to mistakes. Thus, to minimize errors due to distraction, one should avoid multitasking (for example, a surgeon operating should not be distracted by a nurse recounting her latest adventures) and refrain from performing actio...
Post a Comment
Read more