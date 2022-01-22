The best way to fight cyber incidents and limit their impact is to prevent them from the start. Jose Sosa, SOC services manager at Entelgy Innotec Security, gives the keys on what cyber incidents are, which are the most common, how to detect them and what recommendations can be quickly adopted to avoid suffering from them.

What is a cyber incident?

A cyber incident is any event that could pose a risk to the network security Y information systems of a user or organization, either caused by an agent intentionally or due to bad practice.

What are the most common cyber incidents?

The most frequent cyber incidents are usually related to the human factor, that is, they are triggered by a user’s bad practice.

In this sense, the general lack of awareness in the use of ICTs can lead to information leaks and theft, blocking and infection of a system or device by malware (malicious computer program), data hijacking, identity theft by social engineering, etc.

What kind of tools are used to detect and tackle them?

The main tool that is necessary to have in all computers and devices, both personal and work, is a antivirus. This will serve as a shield and will protect systems against possible threats, blocking and eliminating the malware it detects. Therefore, if an individual has carried out a bad practice that has caused the entry of a malicious program, the antivirus can help to tackle this problem and prevent it from posing a real risk. In addition, it is highly recommended to have other tools, such as anti-spam solutions to detect possible spam attempts. phishing, endpoint solutions and a firewall, whose goal is to protect the network.

On the other hand, in the case of organizations and companies of strategic interest, adherence to the Early Warning System (SAT) of the National Cryptologic Center, dependent on the National Intelligence Center, is highly recommended. The objective of this is precisely the rapid detection of cyber incidents and anomalies within the organization so that these can be responded to as quickly and efficiently as possible.

Finally, it is very important to notify if a cyberattack has been suffered, in order to act promptly and prevent its possible spread. In the case of citizens and companies, the Incident Response Team of the National Cybersecurity Institute (INCIBE-CERT) will be notified, and in the case of public bodies, the Incident Response Team of the National Cryptologic Center (CCN-CERT) .

What recommendations should users start adopting today to avoid risks?

As already mentioned, the best measure is prevention. And in this sense, there are numerous recommendations that any user can apply and that can make a big difference:

● uses strong passwords, unique for each service and modify them at least twice a year.

● Access only websites that use HTTPS. This ‘s’ at the end means the connection is secure.

● Do not connect to networks Public Wi-Fi.

● Do not open links or download attached files from a suspicious email.

● Keep all devices, software, and apps updated to the latest version available.

● Do not download applications outside of the official stores, such as Google Pay and the App Store.

● Makes Backups periodic.

● lock your team or device whenever you are not using it and configure several unlocking options (password, PIN, pattern, biometric systems, etc.) to prevent anyone from accessing it without your consent.

● uses double factor authentication to access social networks and other platforms.

● Don’t use the work teams for your personal use, and vice versa.