Articles by tag
How MDR Improves Your Managed Service Business’ Bottom Line
Managed Detection and Response (MDR) solutions improve a managed service business’s bottom line by reducing the risk associated with cyber attacks. Cost of Risk vs Cost of MDR It seems like every week that the team at CYDEF posts about the increasing frequency and severity of cyber-attacks. That’s because these intrusions have become a daily occurrence, and something we have [...]
Data Breaches and How to Prevent Them
Data breaches occur when a cyber attacker illegally accesses confidential information. Investing in cybersecurity awareness training and a detection response solution is the best prevention against a data breach. What Is a Data Breach? A data breach occurs when an unauthorized party accesses private data. Data breaches are most often intentional and part of a campaign by cybercriminals who work [...]
SOC 2: What Is It and Why Should You Care
SOC 2 is a reporting standard used to assess a business’ internal controls related to Information Technology. It is based around the Trust Principles of Security, Availability, Integrity of processing, Confidentiality and Privacy. What is SOC 2? SOC 2 is short for Service Organisation Controls. These controls help businesses that outsource IT to understand the policies, procedures and processes that cloud service providers use in their solutions. Why Does SOC [...]
CYDEF’s Approach to a Secure Software Development Life Cycle
A Secure Software Development Life Cycle (SSDLC) is a collection of best practices that provides added security checks to the standard software development life cycle. It’s a crucial part of CYDEF’s development process and a core element of our solutions. Security is Essential at All Stages of Development At CYDEF, security is foundational to the entire organization and especially to its software development life cycle. As a result, security is baked into every phase of development, starting with requirements and ending with complete verification. From day one, CYDEF’s Chief Technology Officer, Tiago de Jesus, has insisted [...]
Cyber Threat Research: Nuclear Power Plant Cyber Attack
In early September 2019, the Kudankulam Nuclear Power Plant in Tamil Nadu, India suffered a cyber intrusion. On September 3, a local security expert and former member of the Indian signals intelligence agency received a tip that there had been a malware attack and informed the Indian CERT on September 4. Mission Critical Systems Effected by Cyberattack The attack was [...]
Cybersecurity: The Need To Find Common Ground
According to Colonial Pipeline CEO Tim Felt, paying ransom for the return of his company’s data was the hardest thing he had to do. However, the ransom represented less than two days of revenue, based on $1.3B generated by Colonial Pipeline in 2020. Unmanaged System Leaves Colonial Exposed The source of the breach was a virtual private network (VPN) account for a system that was supposedly no longer in use. Unfortunately, the VPN was [...]
Revue de mi-année 2021
Comme nous venons de passer la première moitié de 2021, j’ai décidé de revoir le top 5 des menaces que nous avons détectées durant cette période de 6 mois. À tous les quarts, nous produisons des rapports de tendance pour certains clients. Pour ce faire, nous creusons dans notre base de données d’incidents pour générer des statistiques. Un de nos [...]
2021 Mid-Year Threat Review
As the first half of 2021 comes to a close, I decided to look back at the top 5 threats we detected during this 6-month period. Every quarter, we produce trend reports for some clients. To do so, we dig back in our incident database to generate reports. One of our clients (who doesn’t receive a lot of alerts; they [...]
Cyber Immunity in an Era of Rampant Attacks
Cyber immunity is a critical component to a successful cybersecurity strategy, especially in an era of rampant cyber attacks. How CYDEF Earns Your Trust For living things, the natural world is a hostile environment filled with countless mutating threats. Static measures like hard shells, cell walls and simple membranes offer some general protection, but without a complex immune system, no [...]
EDR Price Comparison
EDR price comparison is not the best criteria to use when selecting your Managed Service’s newest cybersecurity partner. The promise to ‘cut the cost of a single salary’ overlooks the fact that AI and machine learning still require human supervision. EDR Price Comparison Myths In our conversations with partners, the team at CYDEF has heard one story time and again: [...]
The Basics: Secure Software Development
Secure Software Development Lifecycle (SSDLC) is an approach to software development that emphasizes the value of security at every phase of product development. What is Secure Software Development Lifecycle? Secure Software Development Lifecycle (SSDLC) is a collection of best practices focused on adding security to software development. By taking a security first approach from requirement gathering through to product release, [...]
Check Your {User} Privileges
User privileges settings in commercial software frequently (and inadvertently) expose your business to privilege escalation attacks. Monitoring for access rights changes can help to proactively mitigate the risks. The team at CYDEF advocates for the principle of minimum privileges; according to which users should have only the minimal access rights to perform their jobs. A big part of the goal of minimum privileges is to ensure that users do not casually operate their machines with administrator privileges. After all, [...]