"Be the Sole Master at Home - An Imperative in Cybersecurity"
January 2024 by Patrick Houyoux LL.M. ULB, Brussels, Trinity College, Cambridge, UK. President – Director PT SYDECO
Cybersecurity, defined by the objective it pursues, aims to protect natural and legal persons against any digital attack so that they keep intact what belongs to them, whether material or immaterial goods, so that they are available to them at any time, unchanged and under their exclusive control and to avoid direct and indirect damage inherent in any infringement of their exclusive right of ownership or enjoyment of their assets. It is by fully understanding the issues and implications of cybersecurity that we will be able to apply effective measures.
Who should be protected?
The natural person or entity that owns an IT system is the first potential victim in the event of an attack.
What should we protect?
Assets, whether tangible or intangible, encompass much more than a simple IT system. Reputation, competitiveness, production, services, and even the economy of damages are an integral part of the assets to be preserved.
What purpose?
So that these assets remain available, unaltered, confidential and under exclusive control at all times.
How to protect?
Of course, and everyone knows it, there is a range of tools available on the market, which range from peripheral protection (firewall) to close protection (Deep Packet Inspection is sometimes included in the next generation firewall like this is the case of ARCHANGEL© 2.0), to antivirus through learning responsible behavior, education, training and monitoring of good practices or even compliance with security policies issued in large entities.
By following security advice and using the latest cutting-edge tools, you can be sure to offer your assets the best possible protection, provided you are the only one with absolute control over everything that touches them.
However, you must be careful not to let the worm enter the apple
You must therefore be careful about external services. Indeed, we lose this absolute control when we use the services of third parties, whether to secure our communications, our financial transactions or our work from home (VPN), or to have access to our data or to share it (Cloud Storage ) or by using Cloud computing services (Saas, Paas, Iaas, Faas) of which we do not know and cannot know the degree of security of their servers nor the way in which access to these services is managed and even less if their operating systems are not tainted with vulnerabilities.
Cloud Risks
Cloud computing, although offering undeniable advantages, also exposes it to major risks. Security incidents at giants like SolarWinds, Kaseya, Okta and recent breaches like Log4j highlight the vulnerability of the systems.
This vulnerability is very understandable when we know that three parties are generally involved in Cloud computing, the end customer or user of the service (you, individual or organization); the data owner - company that provides a service or products to the customer; and the data holder - a third party cloud service provider who provides hosting (storage, application, hardware) to the data owner with the obvious consequence of multiplying the attack surface for malicious actors (1).
Apple’s recent study, published on December 7, 2023, highlights the intensification of the threat. With over 80% of breaches involving data stored in the cloud and a staggering 2.6 billion records compromised over the past two years, the data security risks in the cloud are alarming (2) .
And the future outlook is not rosy, with all professionals in the security sector agreeing that attacks will only increase, especially since hackers have gotten their hands on AI. .
Statistics from Check Point Research show a 48% increase in cloud network attacks in 2022 compared to 2021, with the largest increase in Asia at 60%. This observation is corroborated by Kaspersky’s for whom "Cloud technology will become a preferred attack vector, because digitalization increases cybersecurity risks" (3).
File Transfer and VPN
Online file transfer services and VPNs are not immune from attacks. Recent cases, with the latest, MOVEit, have exposed millions of sensitive data, highlighting the need for constant vigilance (4) and critical vulnerabilities have been exploited by hackers in Pulse Connect Secure (PCS) VPNs, VPN-SSL, Palo Alton Networks VPN "Global Protect" (5).
.
The Solution: Be the sole master of your tools
Mastering all the tools with which your assets come into contact, whether for communications security or for remote access, is essential and this can only be done if the servers that enable them are located at home.
And this is where PT SYDECO comes in with its latest cybersecurity product.
The Integrated Protection System offers a complete solution including:
– A Next Generation Firewall (ARCHANGEL© 2.0), at the cutting edge of progress which protects the network and what it contains,
– A VPN Server protected by ARCHANGEL 2.0 which guarantees the total security of communications, financial transactions, at home or on the way, as well as
– An Online File Sharing System (SydeCloud©), which allows you to have access to your data wherever you are in the world with any device you use (all the advantages of the Cloud without its disadvantages and dangers).
Thus, by having these tools at home, you become the sole master of your servers and you ensure the total security of your assets.
Financial Arguments
Beyond security, repatriating your servers can represent significant savings, as demonstrated by the experience of the company Basecamp (6).
In conclusion, cybersecurity requires a proactive approach and total mastery of the tools used. PT SYDECO offers an integrated solution, placing everyone as the sole master of their home, thus guaranteeing the protection and security of assets.
4. https://www.01net.com/actualites/plus-importants-hack-2023-plus-grave-prevu.html
5. https://www.zdnet.fr/actualites/des-hackers-ont-pirate-des-serveurs-vpn-pour-installer-des-portes-derobees-dans-des-entreprises-du-monde-entier-39899171.html; https://www.lemagit.fr/actualites/252528257/VPN-SSL-nouvelle-vulnerabilite-critique-inedite-chez-Fortinet; https://www.lemondeinformatique.fr/actualites/lire-les-vpn-de-palo-alto-fortinet-et-pulse-vulnerables-75997.html
6. Bill Fassinou, 23 ferier 2023, https://Cloud-computing.developpez.com/actu/341839/Le-directeur-technique-de-Basecamp-affirme-que-l-entreprise-economisera-7-millions-de-dollars-sur-5-ans-en-abandonnant-le-Cloud-au-profit-de-sa-propre-infrastructure/