Hardsecure emerged in 2011, through a team with a high background in the cyber component. The exponential increase in the volume and sophistication of cyberattacks has created the need for a complete company that offers customized services that enable organisations to increase their security. Hardsecure has a highly specialized team, which provides services ranging from consultancy to the implementation of anticipatory measures. Currently, the security of the information system in organisations should be seen in a proactive way, through the adoption of security policies that ensure the confidentiality, integrity, authenticity and non-repudiation of their information, as well as the proper functioning of the IT infrastructure. In addition, organisations must be prepared to face threats at the level of cyber-attacks, through the adoption of cybersecurity capabilities that ensure 360º visibility, mitigation and blocking, through the use of internal capabilities that ensure heuristic and behavioural analysis of traffic in the data network, to prevent the occurrence of cyber-attacks that happen anywhere in the world and that may directly or indirectly influence your organisation. In this way, Hardsecure supports organisations in being prepared to face threats at the level of cyber-attacks.

Sector News & Trends

Knowledge sharing

Join the team

Unprepared

Reactive

Proactive

Productive

Provides Certificate Authority, Revocation and Lifecycle Management of digital certificates/entities, including the appropriate training of registration authority personnel (PKI Structures).

The Cyber Security Monitoring Service provides the monitoring of all assets (internal or external), to detect and identify threats and Indicators of compromise (IOCs) in order to ensure cyber security monitorization in a real time environment.

The Cybersecurity Industrial Control Systems Services provides guidance on how to secure Industrial Control Systems, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements.Our services provide an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks.

Hardsecure has a service that grants a Cyber Security Code Review, created as a process of auditing the source code for an application or/and database, to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places. Our Cyber Security Code review ensures that an application or database has been developed so as to be “self-defending” in its given environment.

Zero Trust Architecture (ZTA) is an enterprise cybersecurity strategy services that is based on zero trust principles and designed to prevent data breaches and limit internal lateral movement. Hardsecure services (based on NIST 800-207) grant the creation of a ZTA, based on logical components, possible deployment scenarios, and threats. It also presents a general road map for organizations wishing to migrate to a zero-trust design approach to network infrastructure and discusses relevant organizational policies that may impact or influence a zero-trust architecture strategy.

Information Security Compliance is the practice of exercising due diligence and due care to protect the confidentiality, integrity, and availability of critical business assets.An effective program takes a holistic view of an organization’s security needs, and implements the proper physical, technical, and administrative controls to meet those objectives.

Provision of expert guidance for the implementation, configuration and management of Customer endpoint security software. This guidance is used to harden Customer CIS against attack and compromise. The endpoint security guidance consists of the following mandatory/optional controls: Endpoint antimalware Host-based Intrusion Prevention (IPS) Secure web-browsing Desktop Firewall Central management control for endpoint management Removable media protection USB Device Control protection Data Leakage Prevention Data-at-rest encryption Email antimalware Patch management Endpoint Detection and Response Rogue Systems Detection Security measures that prevent unauthorized removable CIS storage media being used on the CIS Secure media erasure Endpoint Security Hardening Guidelines/configuration

This service combines a number of subservice flavours, each of which provide cyber security specialist development capabilities, mainly supporting sustainment activities, typically brought in when an IT department needs to outsource their organization's information security needs to a third party.

The Payment Card Industry Data Security Standard (PCI-DSS) & Payment Application Data Security Standard (PA-DSS) services provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS.

Gateway Security Services provide a secure interconnection of different networks or network sections in order to protect an organization's key information. Service is comprised principally of Next Generation Firewalls (IPS/IDS, AV, URL & App, VPN/SSL & VPN/IPSEC,…), WAF, Clusters, DMZ architectures, Proxy and Email Gateway.

Cyber Security Incident Response Service provides secure communications and security computers Incident, Violation and Security Investigation. The service enables an effective and efficient response to immediately contain detected and/or reported Incidents, including incident containment, eradication, recovery, and follow-up.

Cyber Security Helpdesk provides to the customers a single point of contact for cyber security related incidents, requests and advice as well as security equipment configuration.

The Security Audit Support Service provides guidance and support for security accreditation and re-accreditation activities for active and pipeline services, including the preparation of documentation required to support Security Accreditation in ISO27K.

Cyber Security Awareness Service: Support customers to understand how much their end users know about the cyber security threats; their networks face and the risks they introduce. End users are considered the weakest link and the primary vulnerability within a network. Organizations allocate funding to protect their networks from outside threats and reduce vulnerabilities. Being that end users are a major vulnerability, technical means to improve security are not enough: organizations must also provide training for a personal awareness of cyber security, educate employees on current threats and how to avoid them. People play a vital role in Cybersecurity. There are no Processes or Technology able to resist ta a Human Error. Therefore, raising awareness is vital to increase Security but it is required to involve people. The goal of the Cybersecurity Awareness Service is to involve all People and educate them to change habits and endorse Security as an attitude. Risk Communication and Education. Educate all relevant stakeholders to understand the risk associated with using the CIS for the objectives currently being undertaken.

The CIS Components, Supply Chain Trustworthy Analysis and Third-Party Risk Service, provides assessment to CIS components and their trustworthiness as well as analysis of vendor risk. This service provides analysis and evaluation on the reliability of CIS components and the trust that can be placed upon them. Coordination in Security Risk Assessment of Customer Working Groups supports, leads, or coordinates Security Risk Assessment Working Groups for Customer programmes or projects.

Cyber Threat Intelligence (CTI) Analysis Team deliver to the customers, information about threats and threat actors that helps mitigate harmful events in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence or intelligence from the deep, surface & dark web / darknet, Tor, Freenet, I2P, Riffle, and others.

Cyber Security Forensic Analysis Service provides CIS Forensics and Malware analysis which are conducted to better understand security threats, to support the understanding, mitigation, remediation of incidents and to gather evidence held accountable in a court of Law.

Hardsecure provides data security and privacy services in accordance with GDPR. This is the toughest privacy and security law in the world. This regulation it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.The regulation was put into effect on May 25, 2018, with harsh fines against those who violate its privacy and security standards, with penalties reaching into millions of euros.

The Cyber Security Vulnerability Assessment & Pentest Service seeks to assess compliance to standards and identify vulnerabilities, through the online or onsite analysis of CIS, infrastructure, web, mobile, wireless, to allow remediation to occur.

E-mail is the most widely used information exchange service in the ICT world. Financial crime is on the rise, through the fraudulent exploitation of business communication via E-mail. To this end, the attackers, often criminal organizations, use advanced resources aimed at misleading the target as to the true identity of their interlocutor and the legitimacy of the action to be carried out/authorized. This type of crime, often framed in situations of Business E-mail Compromise (BEC) or E-mail Account Compromise (EAC), in which the attackers manage, through fraudulent processes, to make undue payments/bank transfers happen for their benefit, representing a real and quantitative risk for organizations and their value chain. In addition to the financial component, this service is used by attackers to carry out other attacks, such as data leakage, exploitation of different types of malwares to compromise the service, user equipment or in more complex cases (such as ransomware) the entire IT infrastructure. It is increasingly important to ensure that the E-mail service is correctly configured from a security point of view and that users are made aware of the precautions to take when using E-mail.

Did you know that 27% of malware attacks in 2020 were the result of ransomware, according to Gartner? Ransomware is malware that encrypts the victim's files. The attacker demands payment of a ransom in exchange for a decryption key. The victim is threatened with the disclosure of public data if he fails to pay the ransom. According to the ITR, ransomware was one of the most common attack vectors in the last quarter of 2020. The popularity of this malware is due to its profitable nature. HOW TO PROTECT YOUR ORGANIZATION? Employee Awareness: The best way to protect your business from social engineering attacks is to train employees so they have the knowledge they need to not be tricked into reporting these scams. In addition, employees must be aware of the company's procedure in the face of attempted social engineering. Should they simply delete the email? Should they forward the email to the IT department? What should they do? Employees must always report these situations to ensure their protection and the protection of the organization. After several awareness actions, employees should have no doubts about what a suspicious email is, think before clicking, not provide personal and confidential information, analyse file extensions, be careful with email attachments, block suspicious emails, among other preventive measures. To ensure that employees are informed and prepared to defend themselves against a potential attack, the organization should test them by simulating suspicious messages and encourage them to report them. Asset Inventory: to ensure the protection of its network, the organization must carry out an inventory that contains all its assets (software and hardware). The inventory of devices and solutions connected to the network must always be updated as a preventive measure. Fix and update your software regularly: Bad actors are always looking for holes in your defences, and they are counting on your team not to patch your software and operating system in a timely fashion. The longer it takes to patch a vulnerability, the more of a chance a bad actor has of finding and exploiting one. Antivirus and Firewalls: Installing anti-virus and malware software on your email server can help to stop those viruses before they get started. The firewalls keep unauthorized users out of networks and devices and can protect your network from ransomware attempting to infect your machines. Blocking Plug-ins and Pop-ups: Cybercriminals often target plug-ins to infect devices. The solution is to update plugins regularly or block them. Pop-ups are also a common attack vector. Use a browser add-on to block pop-ups. Disable the web the instant you detect suspicious activity: If you detect that you are suffering from a ransomware attack, turn off the internet immediately. Most ransomware needs to establish a connection to their command and control (C&C) servers in the early stages of an attack so that they can complete their encryption routine. If the ransomware cannot contact the Internet, it will not be able to do that. Limit access to trusted apps: Create a list of trusted apps. Users can only use applications from this list. Applications that are not on this list should be blocked. Disable remote services and unused Bluetooth connections: To protect your machine from the control of a cybercriminal you should disable remote services to help keep them off your machine. When you are not using any Bluetooth connections, you should turn them off, to prevent malicious people from using these connections to infiltrate your device. Backup: Protecting your organization's data is essential, so having a backup of your system, both locally and externally, is imperative. The rule is to have three backups in different locations so that attackers cannot access at least one of them. Having the information secure in three different places allows you to not have to pay ransom to hackers to recover your data. Learn the best way to make a backup with the article: "The importance of Backup and the best way to do it". Third Parties: It is common for attackers to try to use a less protected third party to compromise your organization's data and network. From the moment that third parties gain access to your systems and networks, it will also be affected when they suffer a ransomware attack. Combat this by scrutinizing your vendors before integrating them and making sure they only have access to protected segments of your network. In conclusion, due to its profitable nature, ransomware malware is becoming popular. The best solution to ensure the protection of your organization is to prevent, make a copy to protect the data in different places (backup), and train your employees, since human error is one of the main causes that weakens an organization.

We know that there are several processes and procedures that can be used for your organization's security incident response plan. We also know that this topic is not always something that arouses a lot of interest across other departments in the company, making it challenging for the IT / Cybersecurity departments to transmit its real importance and impact to everyone else. Nowadays, thinking about information system security has become essential for organizations, regardless of their size, industry, or market. It is a vital component for all companies and one that should be taken seriously by everyone. Given this context, this article aims to summarize and simplify some important assumptions about the development of a security incident response process plan. So, what is an incident response process? Specifically, an incident response process is a set of procedures designed to identify, investigate, and respond to potential security incidents in a way that minimizes impact and supports rapid recovery. At the end of the day, it is a business process, as it allows your organization to maintain, as much as possible and with the least possible impact, its usual activities. What is the difference between incident response “process” and “procedure”? Although these terms are often used interchangeably, they have different meanings. An incident response process is the life cycle of an incident investigation, while the incident response procedure is the specific tactic that the team will be involved in during an incident response process. Assumptions and Preparation - What should we consider before starting the plan? Before thinking about specific incident response procedures, your organization needs to prepare, we suggest that you consider, among others, the following premises: 1.ASSET PRIORITIZATION List assets and impact: It is important to think about which servers, applications, users, networks, and systems are essential for maintaining daily work, that is, which assets could generate some type of damage/impact on the business if they suffer an attack or go offline for a certain time. In addition to the resources, the same analysis must be made, for the type of data available in these tools and what is the potential impact of this information is obtained by unauthorized third parties. Quantify asset values ​​as accurately as possible, as this will help justify the Security and IT budget. 2.TRAFFIC STANDARDS Capture traffic patterns and baselines to create an accurate picture of what is considered "normal". Your team will need this base to detect anomalies that may indicate a possible incident. 3.CONNECT, COMMUNICATE, AND COLLABORATE Meet with the executive leadership, share your analysis of the organization's current security posture, review industry trends, the main areas of concern, and your recommendations. Set expectations about what the team will do, along with what other organizations are doing, as well as what to expect in terms of communications, metrics, and contributions. Discover the best way to work with the legal, human, and commercial resources teams to accelerate requests during essential incident response procedures. In the coming months, we will continue with a series of articles on Communicating, Responding, and Preventing in the context of security of information systems and cybersecurity. Stay tuned to our main communication channels to learn more about trends and best practices in this segment.

Cybersecurity is an important issue for organizations, especially now since we are in remote work, servers are being migrated to the Cloud and most of the confidential data is in digital format. The technological acceleration, verified in the last years in a COVID-19 pandemic scenario, has meant that some steps to implement security measures were ignored. This lapse could bring serious impact to organizations, making them more vulnerable to cyber-attacks. Pentest emerged as a measure that helps organizations test their cybersecurity resilience and overcome their vulnerabilities, making them more protected and secure. Pentest can be carried out in different viewpoints, each of which will have different goals. Among them, we can highlight the White Box, Gray Box, and Black Box. Next, we show the differences between these three types of Pentest. WHITE BOX The White Box test is the most complete Pentest because it performs a complete analysis, which evaluates the entire network infrastructure. When Pentest starts, the Pentester has access to all essential organization information, such as topography, passwords, IPs, logins, among other data regarding the network, servers, structure, potential security measures, firewalls, etc. Access to information makes this a deeper attack. Access to preliminary information allows the Pentester to target the attack accurately and find out what needs to be improved and refocused. The White Box provides a comprehensive assessment of internal and external vulnerabilities. As the Pentesters have access to information, the approach is different from the Black Box and, therefore, some vulnerabilities may not be detected. This type of Pentest is usually carried out by the organization's IT team. GRAY BOX The Gray Box is a mix of White Box and Black Box instrumentality tests, since it has specific information, although it does not have full access to information like the White Box. The Pentester aims to explore the partial information to get more data and perform the attack. Generally, the organization that contracts this service provides a detailed purpose of the simulated attack, to ensure that Pentesters remain within the limits of what is to be tested. The purpose of the Gray Box is to provide a more focused and efficient assessment of the network’s security compared to a Black Box assessment. Given that Pentesters already have the necessary information, they have more time to determine which parts of the information are more critical and perform tests according to the different levels of risk. BLACK BOX The Black Box test does not have much information about the organization, sometimes it only has access to its name, so it resembles an external attack. Without a large mapping of information, the Black Box test acts similarly to a cyber-attack, acknowledging weaknesses in an organization's network structure. This test is used when we want to simulate a real attack by a hacker. The purpose is to test the existing security protocols and policies. The Black Box is the intrusion test that takes more time to prepare and plan, as it is at a bigger scale and meticulous. If not performed correctly, it can also impact the network. After analyzing the different types of Pentest, it may be concluded that there is no best intrusion test, it all depends on the purpose, context, and results we intend to obtain. The important thing is to know what the best approach is for a is given situation. There is no purpose in using a deeper test in an application that we know in advance that it is vulnerable, as well as there is no purpose in carrying out a more superficial test in a critical application that will be exposed to all external risks.

The Covid 19 situation accelerated the online presence of companies. In a pandemic, scenario companies had to adapt to survive and the main adaptation was to increase online presence, mainly through e-commerce, since in most businesses the physical store was not an option. The result is that more data (public and private) is now available in the cloud. As the number of data increases, so does the responsibility to protect it, so businesses must review their cybersecurity policies to ensure that the processes and technology they implement are effective. THE IMPORTANCE OF DATA The success of a business depends on knowing the needs of its customers now and in the future. By being able to profile its customers, a company can offer a personalized service, improving the customer experience, which translates into more sales and loyal customers. In addition to cross-referencing different information to create the customer profile, the difficulty increases when different types of data are located on different platforms and server locations. You should know the exact location of each type of data to protect it properly. TYPES OF DATA: 1- Account: personal and transactional data, such as name and address. 2- Location: physical location (cell phone location) and viral location (IP address). 3- Browsing: browsing habits (what? when? where?) 4- Profile: third-party data, such as demographics and social media. HOW TO PROTECT CUSTOMER DATA FROM CYBER-ATTACKS? 1- Budget for Cybersecurity Anticipating is better than reacting, so there should be a specific budget for cybersecurity measures. The budget should contemplate prioritization of threats, estimate their cost to the organization and identify the protections against the threats. This budget should remain intact and robust, since preventive measures are much more cost-effective than the costs that a cybersecurity attack could cause. 2- Encrypt confidential data The movement of data from one location to another, such as from server to mobile is exposed to various security threats. By encrypting the data, we give it extra protection during its circulation, which can only be unlocked on the terminal with the decryption key. Encrypting means carefully walking the line and between privacy and ease of use. 3- Assessing physical risks Usually, when we think about threats and security data, we only consider the risks after the data is collected. However, self-scanners and self-point of sale (POS) systems increase the risk of a surface attack. Although POS malware attacks are decreasing, they have still considered a risk that organizations must protect themselves against. In addition to directly scanning POS systems and using anti-malware on all terminals they should also employ network segmentation to limit any damage from a surface attack breach. If there is an attack on the POS system, it will be contained in a very small part of the network that does not intersect with sensitive data. Through cloud firewalls organizations gain more protection and control over their segmentation. Other protections for kiosks and POS systems include installing all patches immediately and changing default passwords. 4- Raise awareness among the organization's employees Most security incidents are the result of employee negligence. An organization's IT team should be responsible to raise awareness and training employees on how to protect themselves from cyber threats. Starting by explaining how an employee can check the veracity of an email (one of the main ways malware spreads). By including cybersecurity best practices in your organization, you can improve employee training and reduce the risk of cyberattacks. 5- Strengthen malware protection Make sure every device (desktop, mobile...) has a newer version of malware protection. Limit the use of devices external to your organization in your space, so you can maintain control. By making their data available, customers are putting their trust in a particular organization. It is up to organizations to protect their data and improve their experience based on the information provided. Remember that cybersecurity is a must for an organization from the moment it has an online presence.

Pentest came to help companies test their resilience towards the even more constant threats perpetrated by the cyber-criminals. The result of that was the improvement of their resilience and the optimization of the effort carried out by the understaffed teams of the Cybersecurity Departments. Even so, soon, all companies realized that the fast-pacing changes in the attack vectors and the building of newer and more dangerous threats made them feel the need for more continuous assessments, or in this case Pentest as a Service (PTaaS), providing them with the technical and human resources necessary to detect and tackle the fast-paced changes in the threat landscape. The main reasons that lead organizations around the world to use the Pentest as a Service where the ability to become more proactive towards the newest threats without having to grow their teams, better resources allocation, consequences of security audits in the information system, a better understanding of how they could live with risk. 7 BENEFITS OF PENTEST AS A SERVICE: 1- IDENTIFIES VULNERABILITIES Pentest exploits weaknesses in the system or application configurations and network infrastructure. It also analyses the behavior of employees to see which ones are vulnerable to data breaches and malicious infiltrations. In the end, a report is issued with the breakdown of the vulnerabilities identified in the Information System as well as a mitigation plan. The report obtained after the evaluation allows the organization to make all necessary adjustments to improve its operations and business to minimize the risk. 2- REVEAL REAL RISKS Pentesters exploit real vulnerabilities, just as a hacker would. Upon accessing confidential data and entering the operating system, Pentester can classify the risk of the threat. The risk of the threat can be classified according to the impact that it may have on the organization. 3- TEST CYBER DEFENCE CAPABILITIES After detecting and responding to attacks, you must proceed in the investigation, discover the attackers, and block them. After this procedure, Pentest will suggest some actions to improve the organization's defense. 4- ENSURING BUSINESS CONTINUITY In the event of an attack, every second counts to the organization that is under attack, especially if there was the need to shut down systems partially or totally and therefore minimize damage. The Pentest as a Service is performed remotely in a quality environment reducing the impact on the network performance. All information discovered and filtered from false positives can be logged in SIEM systems for quick mitigation or hardening measures. Pentest works almost like a business continuity audit. 5- OUTSOURCED EXPERT OPINION When the problem is mentioned by someone inside the organization, sometimes management may not react or act on the spot. However, when a report from a third-party specialist is sent, the impact of the information is greater and additional measures and funds may be channeled to solve the problems. 6- REGULATIONS AND CERTIFICATIONS Some regulations and certifications require a certain level of penetration testing (Ex: ISO 27001), in particular, that all managers and system owners conduct regular penetration tests and security analyses with qualified Pentesters. 7- ORGANIZATIONAL REPUTATION A computer attack can have serious consequences for an organization, both in functional and reputational terms. The loss of data or exposure to confidential information may affect the trust that customers, partners, and suppliers have in the organization. To convey confidence, the organization may have Pentest as a Service, to guarantee regular and rigorous penetration tests. By performing Pentest continuously and using different methodologies and attack vectors, the organization's IT teams can focus on the desired systems/applications and, at the same time, obtain information on the most likely types of attacks and their consequences, to eliminate or mitigate the risk. Pentest as a Service increases confidence in companies and improves the information protection system.

WHAT IS RISK MANAGEMENT? Risk management is the identification, analysis and response to risk factors that might affect an organization. Effective risk management means trying to control, as much as possible, future outcomes by acting proactively rather than reactively to avoid certain unnecessary risks. Risk management allows you to plan the course of action and risk prevention. Such planning makes it possible to reduce the likelihood of a risk occurring and to minimize its potential impact. WHAT DO RISK MANAGEMENT FRAMEWORKS CONSIST OF? Risk management frameworks allow you to identify existing risks, calculate the uncertainty and predict the impact they will have on your organization. Risk management should be viewed as a disciplined, continuous process of identifying, preventing, and resolving risks. This includes planning, organizing, controlling costs and budgeting. It is up to your organization to decide whether to accept or reject risks. This decision is directly related to the levels of risk tolerance that the organization has set for itself and willing to absorb. An organization that contemplates good risk management will generally not have many surprises, because the focus is on proactive risk management. 3 RISK RESPONSE Risk response generally takes one of the following three forms: 1.Prevention: the organization strives to eliminate a specific risk by suppressing its cause. 2.Mitigation: decreasing the projected financial value associated with risk by decreasing the possibility of the risk occurring. 3.Acceptance: the organization is forced to accept risk. This option is possible if a business entity develops contingencies to mitigate the impact of the risk, should it occur. To know what kind of risk response to be adopted, your organization needs to have a detailed plan, which foresees all possible risk scenarios, what are their impacts on the organization and what is the solution. This anticipatory plan allows it to be executed as soon as there is a need, avoiding barriers or roadblocks that may arise in a crisis. THE IMPORTANCE OF RISK MANAGEMENT Risk management is an important process because it allows your organization to anticipate and be prepared for potential risks. By identifying, classifying, and finding solutions to the impact of potential risks, the organization is mitigating the impact they could cause. Risk management provides certainty in making sound decisions. Risk assessment and management is the best way for an organization to prepare for eventualities that may arise in the path of progress and growth. When a company assesses its plan for dealing with potential risks, they develop structures to deal with them, increasing their chances of succeeding. Also, management will have the necessary information that they can use to make informed decisions and ensure the profitability of the organization. RISK ANALYSIS PROCESS: STEPS IN THE RISK ANALYSIS PROCESS 1.Identify the risks The identification of risks should not be up to a single person, because to contemplate several scenarios requires sharing of different thoughts and perspectives. Your organization should gather its employees so that everyone can contribute to the potential risk analysis. After the risks have been identified and described, it is necessary to rank them in order of priority, based on the impact they have your the company. Since it is not possible to mitigate all the risks at the same time, prioritizing allows to prioritize the risk mitigation according to the greatest consequences for the organization to be dealt with urgency. 2.Evaluate the risks Before identifying the problem and finding a solution, it is necessary to take a retrospective look at what caused a certain situation to happen. The first step should always be to locate the causes of risks and how they can be avoided. By locating the cause, we can understand how it impacts various areas of the organization. 3.Responding After identifying the risks and locating their causes, it is necessary to contemplate a few solutions to respond to the risk scenarios found. Besides responding immediately, these solutions should also contribute to the prevention of the risk's recurrence. 4.Implementing prevention After identifying ideas to prevent certain risks, a contingency plan should be developed. Each prevention measure is assigned a list of tasks so that it can be properly implemented. The contingency plan allows the necessary measures to be taken to combat the risk at the time. In sum, might as well anticipate rather than react. By contemplating a risk management plan in your organization, you will anticipate and prevent potential risks, mitigate their potential impact and the damage they can cause. Risk management helps you to make sound decisions, which positively impact the success of your organization. Hence it is the key element for the smooth running of your organization!

Today, organizations are exposed to several attacks (Zero-Day attacks, crypto viruses, botnets, exploits…) it’s common to come across concepts such as Cyber Threat Intelligence (CTI) and Cyber Intelligence (CI). This article will help you understand the difference between these two concepts that in practice seem very similar. According to Gartner, "Cyber Threat Intelligence is evidence-based knowledge, including context, mechanism, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard ". Cyber Threat Intelligence (CTI) delivers to the organizations, information about threats and threat actors that help mitigate harmful events in cyberspace. Cyber threat intelligence sources include open-source intelligence, social media intelligence, human intelligence, technical intelligence, or intelligence from the deep, surface & dark web/darknet, Tor, Freenet, I2P, Riffle, and others. CTI PROVIDES INFORMATION ABOUT: • Identifying types of attacks; • Defining, guiding, and prioritizing operational requirements; • Understanding threat actor capacity, tactics, techniques, and procedures; • Deploying detection systems; • Developing defense strategies. Cyber Intelligence (CI) is the mechanism of translating the data obtained from the attackers’ networks into an operative report through “standard intelligence approaches”. WHY CTI IS SO IMPORTANT? Cyber Threat Intelligence delivers transforming data, gathered by ‘traditional methods of intelligence’ from the platforms of the attackers, into an actionable report for the target customer. The traditional intelligence methods may include passive follow-ups or actively created ‘persona’ to find out what the attackers are talking about, their new methods, their stolen information, and all other operational details. Surely these methods require a high level of knowledge and experience where the customers can get to perform proactive decisions in their IT infrastructure. Threat actors operate in “wolf packs” spread in different locations being difficult to track them down in previous information regarding the gathering of the “wolf pack” is not collected and that is one of the added values of this service. CTI is an essential capability in an organization's security program. Used properly, CTI can enable better-informed security and business decisions and ultimately allow customers to take decisive action to protect their users, data, and reputation against unknown elements. CTI often includes signature, reputation, and threat data feeds but goes beyond them in almost every way. Our typical activities involve: • Constant human and technical information gathering on a global scale. • The provision of adversary-focused and forward-looking rich contextual data. • Customization for our customers' organizations. CTI BENEFITS Here are some of CTI benefits: • Valuable insight and context: Detailing information on what threats are most likely to affect an organization or industry, and indicators to help prevent and detect more attacks. • Improved incident response times: Prioritizing alerts, which enables an organization to respond faster to real threats and reduce the risk of serious breach consequences. • Improved communication, planning, and investment: Security teams can communicate real risks to the business and focus on protecting high-risk targets from actual threats via additional security investment and planning. In short, the skilled, well-funded, well-organized, and highly sophisticated cyber attackers use techniques that reveal security strategies to the technology alone. To develop a defense strategy against attackers, organizations need to know how hackers operate, how they function, and what techniques they use. Cyber-threat intelligence allows companies to identify the dynamics and consequences of risks, improve security plans, structures, and reduce their attack potential to minimize damage and defend their network.

We are constantly confronted with news of cyberattacks, which cause profound damage to organizations by making confidential information available on the web. The damage caused in an organization can be financial, such as the payment of a ransom; functional, when they directly affect the production and response capacity; or reputational, when it affects the organization's reputation and integrity. To prevent cyberattacks, organizations seek to identify their vulnerabilities, correct them, and become more secure. Vulnerability detection can be done through a Vulnerability Scan or Pentest. WHAT DOES VULNERABILITY SCAN CONSIST OF? Vulnerability Scan or Vulnerability Assessment uses tools that automate the search for known vulnerabilities in the configuration of a system. There is an Internal and External Vulnerability Scan. External Vulnerability Scan can be run by the organization outside the perimeter of its network, to determine exposure to attacks from servers and applications that can be accessed directly over the Internet. Internal Vulnerability Scan aims to identify flaws that hackers can exploit to move laterally to different systems and servers if they gain access to the local network. Any Vulnerability Scan program should begin with mapping and inventory of an organization's systems and classification of their importance based on the access they provide and the data they have. The Information System is scanned to determine whether security settings have been activated and applied properly and whether applicable patches have been installed. VULNERABILITY SCAN WEAKNESSES: Vulnerability Scan does not exploit the vulnerabilities, instead, it identifies them and does not simulate a real attack, creating false positives. The focus is on finding vulnerabilities other than understanding the true gravity of each one. WHAT DOES PENTEST CONSIST OF? Pentest is the short form of Penetration Testing, which can be performed externally or internally. External Pentest refers to any attack using procedures carried out outside the organization (Internet). The main objective is to find out if an external attacker can access the resources of the organization's Information System, how far it can go, and what damage it can cause. Internal Pentest is carried out through the organization, based on the simulation of attacks carried out by valid users with standard access privileges within the organization or by third parties. In both cases, Pentest is an attack simulation that aims to validate the effectiveness of security controls/mechanisms in each environment (scope). Pentest identifies the risks that may arise from exploiting the vulnerabilities found, through the injection of computer incidents. Unlike what happens in Vulnerability Scan, Pentest has a manual testing process component that allows you to go deeper and be more objective, concerning the consequences that the malicious exploitation of a particular finding can cause. Pentest's focus, when detecting vulnerability for specific purposes, is to know if a hacker has the potential to exploit the situation and take control over the system. PENTEST WEAKNESSES: The use of Pentest is not recommended in the case of organizations with no ISMS implementation or initial state. In this case, the cost is highly high concerning the benefits and the report will not introduce relevant information. It is important to remember that Vulnerability Scan and Pentest complement each other. Although they are different processes, they share the goal of identifying and assessing an organization's security vulnerabilities. The Vulnerability Scan is part of an automatic process, which is based on a database of known vulnerabilities, such as CVE / NVD, but does not normally include the exploitation of identified flaws. Pentest is a more complex process that includes manual probing and exploitation by security professionals, to simulate what a hacker would do. The addition of manual techniques to the automatic system makes it possible to reduce “false positives” and have a more accurate assessment of the risk represented by different vulnerabilities.

With an experience of more than two decades in the Angola market, Progroup is a company with extensive experience in project management, with a focus on high-quality integrated solutions for companies in various sectors. Among the solutions provided, the following stand out: Assets Management; Physical Security of people and property; Electronic Security and Maintenance; Integrated Project Management. To provide the best Security and Cybersecurity solutions to its customers, Hardsecure and Progroup have established a value-added partnership for the Angolan market, within the scope of solutions, services and training of specialized staff in the Data Protection areas, Auditing and Compliance, Security Incident Response, Awareness, Intrusion Tests / Vulnerability Assessment, Code Quality Control, among other aspects. From now on, the CyberTalks project, which aims to raise awareness and information in the areas of Security and Cybersecurity through free webinars, will go beyond borders. This initiative, in the Angolan market, will be organized by Hardsecure and Progroup. In the coming months we will talk about: Pentest - Information Security, Risk Management and Mitigation SOC and Security Incident Response Scorecard - Third-party Risk Management

On the 23rd and 24th of June Hardsecure organized and held the CyberSummit for the Chemical Industry. This event was to bring more information gathering around CyberSecurity issues relevant for the current times and to increase the fast paced networking amongs professionals. The Summit had eight speakers touching the most important fields of CyberSecurity and Chemical Industry. The topics covered were: "The Biggest Challenges Facing the Chemical Industry", by Patrick Hochfeld and Fabian Ruehrnschopf, from ACOPA GmbH. The focus of this presentation was the supply chain disruptions and Trending Challenges for the Chemical Industry. “Third Party Risk Management in Chemical" was presented by the President of International Sales at SecurityScorecard, Matthew McKenna. Mr. McKenna presented how low Security Ratings can be correlated to the major Databreaches occurred in the Chemical Industry by showing evidences of this correlation. Increasing concerns about Supply Chain disruptions and even more correlate with Cyber-Risk and this was one of the biggest concerns evident in this Summit. “Deep and Dark Web Trends for Chemical Industry" was presented by Mr. Reshid Ramadan, Global MSSP Account Manager at SOCRadar. Reshid raised awareness about the danger of data collection in chemical and how this collection and sale is done through the Deep and Dark Web. The importance of retrieving information from the Deep and Dark Web as a forma of protecting all your assets was another concerned raised in this Summit, being, the need to be more proactive rather than reactive since the challenges of this Corona brought us new cyber-threats like governmental spionage for example. "Compliance Cyber Risk and Digitization in Chemical" presented by Thorsten Breuer, Executive Director at Sonarlock, refers the importance of the 5 pillars model of compliance (Leadership, Risk Assessment, Satndards & Controls, Training & Communication and Monitoring, Audit & Response). "Incident Response in Chemical" by David Oliveira, International Sales Manager at Hardsecure spoke about Incident Response as a Service and Third Party Risk Management as a Service. These two components are absolutely critical in these dire times where both you and your supply chain are targets for disruption asnd need a more proactive towards CyberSecurity Issues. “Pentest as a service in Chemical" was presented by Rafael García, Quality, Information Security and Privacy Manager at Exevi. Rafael identified the importance of Pentest as a service as an answerfor a more proactive approach towards CyberSecurity Issues. If can´t measure you can´t improve therefore more companies are adopting the Pentest as a Service as a mean to keep improving the Security measures. With a panel of international speakers, the event had about 50 participants, from approximately 14 countries, whose profiles belong in the technology and cybersecurity areas, occupying leading positions. The next Cyber Summit will take place in October and will be about “What impact of Ransomware attack in a company?” and this raises the big controversial question: "Should you or should you not pay the Ransomware?"

SOC is a structure made of technological and human resources, processes, procedures and certifications, whose objective is to develop and guarantee a methodology for Security Incident Response. This methodology will manage, control, monitor and report the Security Incidents that an organization may have. From the description, we immediately realize that the need for a SOC is real and must be adressed, but let's understand why is it so necessary: Continuous Monitoring: Cyberattacks have no breaks or pauses and can happen at any time, without any regard for the operation of an organization. Usually, they happen during after-work hours or weekends, to increase the odds of success.The continuous, round-the-clock monitoring that a SOC provides is a key defense in these situations. Centralized Management and Visibility: Organizations' networks are increasing their level of complexity, both through the acceleration of digital transformation that has happened in recent years and through the recent adoption to remote work. In order to protect a network that is becoming increasingly diverse, organizations must have an integrated solution that enables network visibility. Through the set of tools it integrates, SOC is an effective answer, and allows organizations to have a visibility of their infrastructure, so they can manage it in a more efficient and defensive when attacks take place. Reduced Cybersecurity Costs: Maintaining strong and effective cybersecurity is a high expense, both in terms of human and technology resources. An external SOC reduces these costs, because they aren’t the responsibility of a single department and are inherent to the organization, eliminating expenses that are usually associated to duplication and redundancy. In addition, an effective SOC promotes long-term savings because it prevents attacks that can financially harm the organization - a successful ransomware attack will generate high costs in terms of system downtime and recovery. A robust and efficient SOC blocks the cyberattack before the damage occurs, which in itself is a return on investment. Increased level of collaboration within the organization: Collaboration between teams is essential to effectively detect and respond to security incidents. When an organization doesn’t develop or communicate which are the processes to identify, notify and respond to a cybersecurity incident, there will occur delays and behaviors that will increase the odds of the attack’s success, making its eradication more difficult. With an external SOC, all the resources will be centralized into a single team that will support the organization as a whole. The SOC will support collaboration between employees and will make it easier to respond to the organization's cybersecurity needs (such as 24/7 network monitoring and immediate response to potential security incidents). The hiring of a SOC will enable a dynamic and permanent security that acts as a true center for analysis, monitoring, prevention and immediate correction of any incident that may be directed at the organization.

Last Tuesday, 23 March 2021, between 1:45pm and 5:30pm, the first conference of the Cyber Summit cycle was held, organized by Hardsecure. This initiative aims to promote the sharing of knowledge in cybersecurity and foster networking, customizing its contents to specific sectors. The first edition was focused on the healthcare sector and was attended by eight speakers, references in the sectors of cybersecurity and healthcare. The topics covered during approximately 3.5 hours were: "Main Cybersecurity Threats", by David Oliveira, International Sales Manager at Hardsecure. The focus of this presentation was to raise awareness regarding the organization and exponential growth of cybercrimes. “Third-Party Risk Management in Healthcare" was presented by the President of International Sales at SecurityScorecard, Matthew McKenna. Mr. McKenna presented a rating that analyzes the security level of an organization when compared to its market. With this rating, organizations can understand which are the weakest points that they should improve. “Cyber-intel in Healthcare" was presented by Rui Almeida, Incident Response & Cyber Intel Manager at Hardsecure. Rui Almeida raised awareness about the danger of data collection in healthcare and how this collection and sale is done through the Deep and Dark Web. "The Importance of GDRP in Healthcare" presented by Lara Silva, Legal & Compliance Security Auditor at Hardsecure, refers the importance of data protection to focus on four main aspects, namely: procedural, legal, technological, and behavioral of the organization. "Healthcare and the German regulations" by Moritz Brake, Co-founder at Sonarlock spoke about the new European regulations in the Healthcare field and how the associated funds could contribute to improve the implementation of cybersecurity in organizations. “Pentest as a service in Healthcare" was presented by Thorsten Breuer, Executive Director at Sonarlock. Thorsten identified the importance of Pentest as a service in the identification of vulnerabilities and which are the main differences between the various pentest services, which allow contributing to the protection of the organizations. With a panel of international speakers, the event had about 50 participants, from approximately 20 countries, whose profiles belong in the technology and cybersecurity areas, occupying leading positions. The next Cyber Summit will take place in June and will be is customized for the Chemical Industry sector.

During this month, the CyberTalks project, which aims to share knowledge about cybersecurity, started the second webinars cycle for the international market. The webinars were conducted with their segmentation oriented according to the following geographies: Europe, Angola, and Cape Verde. The webinar Pentest: Information Security, Risk Management, and Mitigation - for the Angolan market was done in partnership with Progroup and featured a demonstration of a Black Box attack in addition to the summary on Pentest types, evaluation steps, frameworks, methodologies, and more information about our Pentest as a Service. The webinar sessions about SOC and Security Incident Response, presented in English for the European market, and in Portuguese for the Cape Verde market, focused on key concepts, types of teams and tiers for setting up a SOC, as well as demonstrating the anatomy of a cyber-attack and the response to security incidents. In the coming months, we will continue this project for the Portuguese and international markets.

“Typosquatting” is a scheme that hackers use to take advantage of typos, specifically the spelling errors made when typing a web address into a browser. Normally when an address is spelled incorrectly, our browser lets us know that there was an error. However, with typosquatting, hackers will buy a domain name and create an address that intentionally includes common typos and will build the website to look exactly like the one a user meant to visit. For example, a hacker might purchase www.example.cm and build the site to look like www.example.com and then include malware that infects your device or code that strips personal information. Many Security tools don't have the capability to detect this kind of scheme since it would have to navigate into the field of Cyber-intelligence. The main concern about this kind of scheme is both the reputational hazard to some of your critical assets such as Domains, and another is the increase of successful attempts of phishing and ransomware schemes using similar domain names to lure employees into opening “important messages” in their mailbox. With the pandemic forcing us to go even more digital these kinds of schemes are increasing more and more, and your Web Assets need to have a clean reputation, and this is why getting more information coming from cyber-intelligence sources is becoming more required. Hardsecure is on the edge of that new demand by providing its customers with a Cyber-intelligence team that can retrieve important information in the Dark and deep Web related to them and even being able to predict potential attacks and either stopping them or creating strategies to reduce the likelihood of them happening.

There is a clear trend and an increasing demand for Cloud Security services, common to all Industries and countries. According to Forbes, 73% of organizations have at least one application or part of their computing infrastructure stored in the cloud. Talking about Cloud Security makes us think about some questions, namely: To what extent is data stored in the cloud more advantageous compared to traditional storage on local physical systems? What are the advantages of purchasing a cloud security service? These are some questions you will see answered throughout the article “10 things to know about cloud security”. When talking about Cloud Security services it is impossible not to talk about cybersecurity measures. Cloud Security is a system of policies, procedures, technologies, and control techniques that help protect systems, infrastructures, and data stored in the cloud against unauthorized access, theft, leakage, and deletion. In addition to protecting data, the Cloud Security service provides authentication rules for users and devices. However, there are still some reticence’s regarding cloud data storage due to the system being vulnerable to breaches. This vulnerability can be easily addressed through the Cloud Security service, which allows guaranteeing the security of all applications in the cloud via a unique proxy analysis mechanism, which gathers information from a wide range of activities to create mapping files for applications in the cloud. In addition to collecting information, the cloud security service allows: to analyse advanced and customized risk metrics; assign an application risk score; automated application update (maintains security compliance); data classification; identify inactive accounts and external users (User Governance); identifies security gaps and lack of compliance (Application Governance); built-in correlation workflow; activity monitoring/analysis in the shortest possible time; automatic anomaly detection; Data Loss Prevention (DLP); location-based and device-based access control; and integration with third-party solutions. 10 reasons why organizations are opting for the Cloud Security services 1- Saves space and time By storing your data on an external cloud account, you don't need to purchase an external hard drive and you can access your data anytime, anywhere. 2- Cheap and affordable service Cloud security is a cheap and accessible service, regardless of the data that is stored. 3- Control over data All clouds are associated with a physical location. Make sure your cloud provider uses the right hardware and ensures a physical location is secure. 4- Increased useful life of computers Computers are often replaced regularly due to software updates. With cloud storage, it will not be necessary to change computers with the same frequency, because the software will be in the cloud. 5- Cloud Customization There are different types of cloud, the three main ones being: the private cloud, the public cloud, and the hybrid cloud. Each type of cloud has its advantages and limitations. It is up to the organization to match its software, security and storage need to the most appropriate type of cloud. 6- Backups are always needed There are not completely fool proof security systems, so prevention is always a must-have. Protect your data with a backup. Find out how best to do it through the article: “The importance of backup and the best way to do it”. 7- The Cloud is the most secure and protected system The building blocks of cloud security architecture include enterprise-class hardware, such as servers protected by enterprise-class security systems. 8- Payment flexibility Regardless of the size of your organization, you can protect your data and reduce the costs associated with physical infrastructure. Unlike physical on-premises systems, which require payment upfront before installation, cloud storage has minimal setup costs. 9- Use of Pentest Being present in the cloud means overcoming new challenges, namely related to access security, data theft, ransomware... Access management services to the cloud infrastructure can be compromised and it is necessary to carry out periodic assessments such as Pentest, to ensure that your data is secure. To strengthen your organization's security, we suggest adding the Pentest service to the Cloud Security service, which allows you to detect and combat vulnerabilities. Learn more about the benefits of the Pentest service through the article: “7 main benefits of Pentest as a Service”. 10- Analyse security and cybersecurity service providers When purchasing a Cloud Security service, review different security and cybersecurity service providers so you can make an informed decision. Make sure that the security and cybersecurity service provider offers you a personalized service that is tailored to your needs and that it guarantees you access to all the additional protection measures that your organization may need. In short, the Cloud Security service has brought several benefits, in terms of data protection, to organizations, regardless of their sector, location, or size. The most important thing in the cloud data storage process is to ensure that your security and cybersecurity service provider guarantees a personalized service that is tailored to you and that all security standards are met, managing the detection and correction of vulnerabilities between other measures.

If it is true that Artificial Intelligence (AI) is not a new concept, nor a recent one, it is also a fact that this branch of Information Technology assumes greater relevance as it impacts our daily lives and society, in an increasingly complex way and controversial, as its main objective is the execution of tasks that would be considered intelligent if performed by a Human. At the same time, respect for the Fundamental Rights of Human Beings, such as Privacy and Personal Data Protection, is also a non-recent issue and with growing importance, which acquire legal contours and impose technical requirements for their compliance, which are increasingly defined and unavoidable. The dichotomy between the development of AI systems and ethical values is a constant nowadays and the search for balance is a theme to which, naturally and progressively, we dedicate more time, as the perception that it is vital for our survival imposes it. Going through the Fourth Industrial Revolution (Industry 4.0), the pace at which Society evolves, along with the emerging possibilities and technological and IT solutions, the collection of large-scale data (Big Data), namely through devices connected to the Internet ( IoT), the need for these to resort to AI to interpret the information they collect and generate responses, creating intelligent networks, is no longer compatible with the inertia regarding the requirements of privacy and information security, nor with the exemption from liability, whether individual or collective, regarding our actions and regarding the information that we are or have become responsible. Indeed, our critical sense and the way we act and react, determine our choices and our path and evolution as individuals. Allowing us to assume parallelism at this level, we could say that artificial AI makes “choices” based on algorithms, while human intelligence, with all its complexity, allows us to consciously assume our choices, our decisions, and our behaviors, through the context and our values. Being ethically correct is one of those choices and is, without a doubt, in its genesis, a human characteristic. We often assume, and the fruit of some speculation, that AI systems are closer to the reasoning of a Human and the fullness of the human brain than they are. Proof of this fear is the constant need to delimit the limits of action and of the development itself / its repercussions, to prevent roles from inverting. Algorithms effectively allow problem-solving, based on reading and language comprehension and learning, using logical reasoning. But, what is the way to go until obtaining information that allows the generation of algorithms to the point of reaching this level? The Human Being Himself, the way thoughts and decisions are organically generated, will it ever be possible to “replicate” or mechanize? And if so, aren't we distorting the principles of Individuality, respect for the rights and freedoms of Human Beings, and subverting the ethical principles that must precede and accompany any (technological) development process? On the other hand, could an algorithm someday define what precedes individual decision-making and all the experiences and variables, whether environmental or individual, that determines it? When software developed based on AI, for example, “machine learning”, “makes decisions” using an algorithm, it will not be considering the Human Being just an “artificially intelligent robot” and reducing it to a set of information and logical reasoning, underestimating its genesis? When we define a profile, based on inputs and information collected from an individual, as in the case of what is obtained from the personal data that we have access to and can process, we are also not assuming exactly this assumption, like that or those guys? It won't be entirely unrealistic to consider the hypothesis that AI might resemble “Human Consciousness” in decision-making. But this similarity presupposes human action and programming and, in the case of “machine learning”, for example, is limited to thelearning information that has been collected and processed so far and that allows inferring results. Although there are already controversial examples that lead us to question the ability of AI systems to communicate in their language and learn to be creative, so far, we can consider that recreating the human brain in all its valences and being able to recreate one of its greatest potential, the one that allows the development of creativity, while, will still be a complete utopia, and each AI system is limited to a set of actions for each purpose, within the scope in which it is created. Thus, we would have to rethink the very concept of creativity and the act of creating, which presupposes creating something new without starting from any pre-existing information or if learning by repetition a creative process can be considered a new approach to the definition of creativity. From either perspective, CREATE implies BEING and FEELING… Andreas Kaplan and Michael Haenlein define artificial intelligence as “a system's ability to correctly interpret external data, learn from that data, and use that learning to achieve specific goals and tasks through flexible adaptation”. However, and if it is not possible to predict how science and neuroscience will evolve, and how this “integration” may become possible, it is necessary to be aware of the risks associated with the benefits, when we talk about progress and development. Ideally, we should try to anticipate harmful and harmful consequences that detract from the benefit that should be the primary focus of development. The ability to collect, process, interpret all the information, coming from all our senses, allowing us to have emotions, memories, and BEING, is what defines us as Individuals and distinguishes us from a "machine or system", but also what defines us as individuals. makes it permeable to influences and to be “partially programmable”. The balance between the development of AI systems, their influence on human behavior, and the collection and processing of information about that same human behavior defining profiles, to allow this "cycle of influence" and results through programming and learning by logical reasoning, must be a constant when we talk about AI and development. How can we ensure respect for Human Beings' fundamental rights, such as their privacy, if we assume that Human Beings are at the service of technology and development and not the other way around? In addition to the basic questions of legality and legitimacy in the processing of personal data, is it possible for us to recognize the limits inherent to a purpose when we talk about the development of AI systems? Data protection regulations, such as the RGPD… have also emerged to impose these limits, to sandardize procedures, to promote the implementation of control measures, and to promote the development of ethical standards, appealing to a sense of personal responsibility, corporate and collective. The reflection that is needed: will the current measures, existing mechanisms, and legislative frameworks in force be sufficient so that, in the race for development based on AI, where we seek to reproduce and improve human behavior/actions, we safeguard respect for Individuality, for the privacy and the rights and freedoms of the Human Being? Inevitably, the motivations that drive development, namely that based on AI, reflect how the markets condition organizations to disregard ethical principles in favor of financial return. It is urgent to achieve this balance, imposing and adjusting the limits and legal requirements, but also promoting and assuming increasingly humanistic, more conscious, responsible, and ethically correct visions and postures, which aim at the development of technology and AI as a lever for growth and evolution of Societies and the Individual. “a system's ability to correctly interpret external data, learn from that data, and use that learning to achieve specific goals and tasks through flexible adaptation”.

The increase in security incidents has shown that one SOC team is not enough and that organizations need a proactive response to threats, hence the Incident Response Teams. This article will reveal to you the main differences between the main security teams: Security Operations Center (SOC) and the Incident Response Team. WHAT IS INCIDENT RESPONSE? Incident response is a methodology for organizing the process of responding to security events. Organizations usually create a team or department to carry out their incident response practices. An incident response team consists of security analysts as well as human resources and management professionals. A cross-functional incident response team ensures that the organization has the right mix of talent needed to effectively respond to security threats. The team usually has a leader (usually the CISO) and a technical team. HOW DOES THE SOC TEAM? SOC (Security Operations Center) refers to the facility where a team performs security tasks and the team responsible for the organization’s overall cybersecurity. The SOC is responsible for the prevention, incident response, and risk management. The main functions of the SOC team are: 1. Real-time analysis: real-time monitoring and Screening 2. Trends and Intel: Cyber Intel Collection and Analysis 3. Incident Analysis and Response: Incident Analysis and Remote Incident Response 4. Analysis and Evaluation: Network Mapping and Vulnerability Scanning. HOW DOES THE INCIDENT RESPONSE TEAM? The focus of the incident response team is incident management, based on reporting, analysis, and response. The effectiveness of their work is the rapid response to an incident, which can minimize the damage through containment and recovery solutions. THE MAIN FUNCTIONS OF THE INCIDENT RESPONSE TEAM ARE: 1. Real-time analysis: real-time monitoring and Screening; and SPOC- Single Point Of Contact (Incident Response Center). 2. Trens and Intel: Cyber Intel Collection and Analysis; Cyber Intel Distribution; Cyber Intel Creation; Cyber Intel Fusion; Major Incidents and Threat Trends (permanent update against new threats); Threat Assessment. 3. Incident Analysis and Response: Incident Analysis; Tradecraft Analysis; Incident Response Coordination; Implementing Countermeasures; Local Incident Response; and Remote Incident Response. 4. Artifacts Analysis: Forensic manipulation of artefacts; malware analysis; Forensic analysis of artefacts 5. Auditing and Internal Threats: Collect and store audit data; Audit Content Creation and Management; Support for Internal Threats; and Investigation for Internal Threats. 6. Analysis and Evaluation: Network Mapping; Vulnerability Scanning; Vulnerability Assessment; Penetration Testing; and OWASP. 7. Divulgation: Application evaluation; Security Consulting; and Training and Awareness. WHAT ARE THE MAIN DIFFERENCES BETWEEN THE SOC TEAM AND THE INCIDENT RESPONSE TEAM? Both teams have similarities in the tasks they perform and complement each other. The incident response team takes a more hands-on perspective, acting immediately to stop the threat and prevent damage. The SOC team takes a broader approach, intervening only in incident resolution when there is no incident response team. SOC TEAM Threat detection: monitors and detects threats. Alert triage: analyses and prioritizes alerts. Structure: usually operates alone, without sharing information with other SOCs. Incident management: when there is no incident response team it is the SOC team that takes responsibility. In the case of organizations that have both teams, the SOC team assists the incident response team with threat intelligence. INCIDENT RESPONSE TEAM Incident Management: fast and effective response to security incidents. Develops and refines the incident response plan. Structure: the team is usually structured with other incident response teams or SOCs. It may be organized regionally or nationally. Threat detection: the incident response team usually receives threat intelligence solutions through the SOC team, leveraging that information to detect threats. Both teams are complementary and necessary to get the most out of a cybersecurity department. A SOC team will always be needed to upgrade the cybersecurity department, complete with the incident response team.

In this article, we present the TOP 4 truths of Security Environmental Awareness because we believe that to ensure the cybersecurity best practices is very important to go beyond the technologies. In sum, almost always, it is not about the "tool". It is about how, when, and why to use it. TOP 4 SECURITY ENVIRONMENTAL AWARENESS 1.YOUR TECHNOLOGICAL ENVIRONMENT IS CONSTANTLY CHANGING This can´t be truer, if your infrastructure is completely static and immutable, which is practically impossible, given the fact that there are always new vulnerabilities being identified and ways to exploit them and change them. It is important to be aware that, regardless of their importance, some services, such as an audit, vulnerability scans, and pentest, take a snapshot at a certain time. Your organization may have a positive picture at that moment, but do not forget that new vulnerabilities may arise at any time. Therefore, we must address the security of information systems on an ongoing basis. 2.REPORTS AND ALARMISTICS ARE FUNDAMENTAL Good IT and Security management processes are essential to minimize vulnerabilities, but the security analyst needs to be aware of them, to contextualize each one in order to be able to make the best decisions. Many configuration options relate to certain compliance standards - alerting (or reporting) on these will be a good way to manage, rather than waiting for them to be discovered during the next audit. Your organization may have an excellent IT and Security team, and their plan and definition of incident response processes can be consistent and very well structured, however if the potential vulnerabilities are not well identified and in time for action, your organization will be subject to attacks that can have a significant impact on your business. 3.THE THREATS ARE NOT ONLY EXTERNAL Unexpected changes in the configuration of systems can indicate the attempt, by someone hostile, to control a system through credentials and other methods, so it is necessary to be aware. In addition, it is important to consider social engineering, which consists of a non-technical strategy used by hackers and that, to a large extent, depends on human interaction and that induces users to behave in a way that disrespects the best security practices, such as opening malicious links, downloading files or sharing confidential information that allows the hacker to perform a set of actions for criminal purposes. Awareness and incident injection actions are good practices that should be adopted by your organization. 4.UNDERSTANDING YOUR ENVIRONMENT, OPERATIONS AND STAKEHOLDERS MUST BE A PRIORITY IN STRATEGIC PLANNING It is not possible to secure information systems looking for attacks and vulnerabilities only. There must be a global view of what is happening at each moment in the network and the systems in use in the organization and must be able to detect behavioral patterns that do not fit the normal pattern of functioning. CONCLUSIONS: By understanding what is happening in your infrastructure (Security Environmental Awareness) and associating it with information about known sources of malicious activity (Global Threat Intelligence), it becomes possible to consistently obtain information about active threats in your infrastructure. Currently, attacks can come from anywhere, especially from systems compromised on legitimate remote networks. Hackers make it difficult to identify the systems they control with their malware while keeping the malware active and waiting for instructions to perform tasks. At Hardsecure we understand the importance of continuous monitoring of the security status of our customers and partners' information systems. You can purchase our services one-shot or “as a service”, to ensure constant analysis, prevention, mitigation, and response to security incidents.

In this article, we will cover Security Incident Triage, how to combine local and global threat intelligence for effective triage. When analyzing and categorizing information security incidents it is important to think about how the hacker. With regard to prevention, we cannot assume exactly which path a hacker will take to access the data network, however, each attack works through a certain standard, which according to Lockheed Martim is called a "cyber kill chain." The "cyber kill chain" is a sequence of stages necessary for a hacker to enter and obtain data from a network, and each stage reveals a specific goal along the way. Designing the monitoring and response plan around the cyber destruction chain model is an effective method as it focuses on current scenarios and attack vectors. This approach of thinking like the potential Hacker can be summarized in 4 steps: 1 - Attacker’s Goal - Reconnaissance and Scan: Find the target and develop an attack plan based on opportunities for exploration. 2 - Delivery & Attack - Bring the delivery engine online and use social engineering to induce the target to access malware or other exploitation. 3 - Exploitation & Installation - Exploit vulnerabilities on target systems to acquire access, escalate user privileges, and install the payload. 4 - System Compromise – Ex-filter data of high value without noise and as soon as possible. Use the compromised system to gain additional access, "steal" computing resources, and/or use it as an attack against other assets. WHAT SECURITY EVENTS SHOULD YOUR ORGANIZATION BE CONCERNED ABOUT? To help categorize each type of incident, you can align the types of events into the Cyber Kill Chain to determine the appropriate priority and incident response strategy. The table below shows how it can be done: table { font-family: Kumbh Sans, Lato; border-collapse: collapse; width: 100%; } td, th { border: 1px solid #0F0F0F; text-align: justified; padding: 8px; } tr:nth-child(even) { background-color: #ECF5E8; } Incident Type Cyber Kill Chain Stage Priority Level Recommendations Port Scanning Activity (pre‑incident) Reconnaissance & Probing Low Ignore most events, except when the source IP has a malicious reputation and that there are multiple events of that same IP a short time interval. Malware Infection Delivery & Attack Low-Medium Fix any malware infection as soon as possible before they progress. Scan the network to look for indicators of compromise associated with stand event (e.g. MD5 hashes). Distributed Denial of Service Exploitation & Installation High Configure servers exposed on the web to protect against requests of extreme requests by HTTP and SYN. Coordinate with your ISP during an attack to block the source IPs. Unauthorized Access Exploitation & Installation Medium Detect, monitor, and investigate how non-authorized access attempts are prioritized for that they are essential and/or contain sensitive data.. Insider Breach System Compromise High Identify privileged users for all domains, servers, applications, and critical devices. Make sure that monitoring is enabled for all systems and for all system events, and make sure that you are feeding your monitoring infrastructure (SIEM). COMBINE LOCAL AND GLOBAL THREAT INTELLIGENCE FOR EFFECTIVE SECURITY INCIDENT TRIAGE We often think of the incident response as detailed and meticulous forensic work, closely observing one system at a time. However, the vast majority of security monitoring work can be addressed through a larger, more holistic view of the state and activity in your infrastructure. Cyber Threat Intelligence allows you to move away from the focus on vulnerabilities, exploits, and patches and focus on elements that are actively damaging the confidentiality, integrity, and availability of your organization's data. The first step is to understand as much as possible about your current environment. Some experts refer to this as environmental, situational, or contextual awareness. *At Hardsecure the approach refers to threat intelligence against the scenario under analysis. After combining valuable information about your own network with the latest global threat intelligence (details about hacker tools, techniques, and trends), your organization can achieve predictive screening effectively. To meet this approach Hardsecure has a dedicated team - Intelligence and Security Analysis Team (ISAT). To learn more about Hardsecure's Cyber Threat Intelligence services please contact us.

Every day we evolve our capabilities to respond to security incidents, however, it is necessary to highlight that hacker tools and techniques are also constantly evolving: They are increasingly stealthy and camouflaged. Cybersecurity experts indicate that in the current scenario the best practice is to use ethical hacking by analyzing your networks and operations always from the perspective of the attacker, looking for the main indicators and areas of exposure before they are explored. It all comes down to how skillful your team can screen for security incidents. This article aims to continue our series Communicate, Respond, and Prevent (you can access the first article by clicking here). Today we are going to talk about how to identify types of security incidents. The best way to determine the appropriate incident response in any situation is to understand what types of attacks can be used against your organization. Check below the attack vectors NIST list: External/Removable Media» An attack performed from removable media (for example, flash drive, CD) or a peripheral device. Email» An attack carried out via an email message or attachment (for example, malware infection). Attrition» An attack that employs brute force methods to compromise, degrade or destroy systems, networks or services. Improper Usage» Any incident resulting from the violation of an organization's acceptable use policies by an authorized user, excluding the categories above. Web» An attack performed from a website or application on the web (for example, download drive-by). Loss or theft of equipment» The loss or theft of a computing device or media used by the organization, such as a laptop or smartphone. Others» An attack that does not fall into any of the other categories. Now that you are familiar with NIST's list of attack categories, it is important to review your security, control, and mitigation policies to ensure that these attack vectors are covered. Use this list to guide your team through the classification process for various types of security incidents. It is also important to identify what types of equipment that may cause the greatest risk in the event of loss or theft, this includes CFO laptops, as well as any HDD Server that contains IP or sensitive data. In our next article, we will talk about Security Triage Options, highlighting how to combine local and global threat intelligence for more effective screening, and how to categorize and mitigate incidents from an attacker's perspective.

With the digital evolution, the number of attacks and threats to organizations has increased exponentially. As a response, these have decided to take appropriate measures to protect their data and security systems, thus avoiding losses and damages. This is how SOC as a Service emerged, consisting of continuous monitoring, detection, analysis, and reporting service, responding to incidents, and managing vulnerabilities, thus enabling innovative behaviour, and bringing various advantages to the Information Security area. How does SOC as a service work? SOC as a service is a service based on monitoring, executed remotely on networks, applied to all equipment and other assets connected to the organization being monitored (within a pre-established scope). In other words, the SOC collects events from different sources, analyses, identifies anomalies, and filters this process to generate alerts. Whenever the equipment produces logs and events, these are collected and correlated through security rules allowing a quick assessment of millions of events, to identify irregularities and later being analysed by the SOC operators. The added value of the SOC as a service is due to the constant monitoring of the events together with the security resources used in the organizations, resources that can be diverse, among them Firewalls, Antivirus, network assets, servers, applications, among others. Through correlation mechanisms, this analyses the data on events, sending these results to a platform called Security Information and Event Management (SIEM), to transmit all the attacks to a system or network. Advantages of SOC as a service Nowadays, where there are more and more attacks on infrastructures or even information theft, it is necessary to have constant visibility of the environment to protect and reduce the exposure of information and mitigate risks. Thus, through the SOC as a service, all these components are covered, as the SOC provides a generalized view of the entire environment safely and robustly, through a 24x7 operation, thus protecting against criminals that may remain hidden within our corporate environment. Therefore, we can determine several benefits with the acquisition of SOC as a service, such as: • Constant Surveillance - 24x7 systems monitoring. • Security - analysis, and identification of offenses originated by third parties. • Guaranteed Integrity, Availability, and Confidentiality. • Flexibility in service management model - 100% outsourced, hybrid or in-house team. • Evaluation and continuous improvement as a preventive component. • Access to highly qualified Cybersecurity professionals. • Access to monitoring and intelligence technologies. • Strategic reports to share with C-levels. • More qualified information to support decision-making. SOC as a Service assumes continuous detection, containment, visibility, correction, and aggregation of intelligence. It can therefore be concluded that organizations with this service are much more efficient when it comes to identifying attacks and responding to incidents, having a preventative capacity in the face of new attack vectors. By: Renato Rodrigues, Incident Response Analyst at Hardsecure

SIEM (Security Incident and Event Management) uses the core technology of a Security Operations Center (SOC) and consists of identifying, monitoring, recording, and analyzing security-related events in an organization, in real time and through IT. The acquisition of a SIEM has several benefits, such as the integration of various data collection points, customization of control processes and alert workflow management, and integration with other technologies that are already being used by the organization. In addition to its benefits, it’s fundamental to analyze some features that will allow an evaluation for hiring the service: Compatibility with software and other tools: Before implementing a SIEM system, it’s fundamental to evaluate its compatibility with the software and equipment that the organization already uses, such as VPN, servers, antivirus, routers, gateways and firewalls. Compatibility is an essential condition because SIEM will work on logs generated by these tools. If there is no compatibility, SIEM will not be able to analyze the recorded data and, consequently, will not be useful to the organization. Integration capability: As in the previous point, the integration capability of SIEM is also essential to have a full integration between the selected SIEM and the already existing tools and software. The SIEM should integrate tools such as an active directory, an SMS or mail alert system, a vulnerability scanner, and threat information feeds. Integration Support: An effective SIEM technology could also manage different groups. Accesses to certain features will be managed according to each group's need for knowledge. When there’s this distinction between each group's accesses, there is increased efficiency in incident management. Therefore, SIEM's access management and integration function is very relevant so that all groups in the organization are integrated into the security management process in a way that optimizes their work. Reporting: The reports will enable risk analysis and understanding, because they evaluate performance, streamline processes, reduce costs and increase efficiency. In addition, they also help identify security gaps and prevent the repetition of the incidents. For these reasons, it’s critical to evaluate the SIEM's ability to generate different reports (such as technical reports and reports for the organization's management). Compliance: Compliance is one of the most important criteria for any organization that stores data, especially after the General Data Protection Regulation (GDPR). Therefore, SIEM should meet the criteria of all regulatory certifications and standards. When it comes to collecting, processing, storing data, analyzing incidents to detect anomalies, identifying suspicious behavior, or forensic investigation, the need for a SIEM is guaranteed.

We all have heard about the Symrise ransomware attack, but we need to think that this might be, in my opinion, just the beginning of a full scale directed attack towards a specific Industry. Looking into a battery of some of the major players in the same Industry as Symrise we could miss noticing that there are dangerous patterns of Behavior observed in that Industry that makes it a likely target for the Cyber-criminals. Fig 1. - Behavior seen on 12 major companies within the same Industry and Region of Symrise at the SSC Looking into the external view of this Industry Score we can see that, in average, the companies aren't top performers and they all share common problems. The site Data Breaches refers to this incident the following way: “ According to Symrise, the perpetrators smuggled a virus into the company's network. Symrise does not provide any information on whether the data was encrypted as a result, as is customary in such attacks. "As far as we know, it is a criminal act with the intention of extortion," said a spokeswoman. Symrise works in conjunction with the State Criminal Police. It is not known what demands the hackers make. So far, it is also unclear what consequences the attack will have outside the company. Symrise produces fragrances and aromas. Almost no consumer goods company, food producer, or cosmetics manufacturer can live without Symrise supplies. Customers include Danone, Coca-Cola, Henkel, Unilever, L’Oréal, and Nestlé. In addition to supplies for these companies, your data can also be affected by the attack.” Once more the need to understand that your surface of attack stretches beyond your perimeter is clearly highlighted in this case. No company is an isolated island unaffected by someone else’s Cyber-Security performance, we are all connected. At last, but not least we would like the emphasize the ultimate need for companies like Symrise to have a coherent capability of Incident Response to control de damage and have their systems up and running the fastest possible. These attacks are massive, and a lot of data can be lost but the business needs to keep on going so being able to quickly respond to the incidents 24/7 is vital to these companies and their Supply Chain.

Listen to this article at the Podcast "CyberCast" (Spanish Version). We all know how important backups are for organizations. Cybersecurity threats are becoming more frequent and the damage caused by attacks can be severe and cause irreparable damage, so the importance of backups is increasing. Therefore, backing up the organization's most important data and information may be the only way to save it in case of attacks or security incidents. There are several reasons why backup copies are so important: Data and information protection: Backups protect the organization from different threats (cyber-attacks, human error, power failures, accident). It is the existence of backups that can make the difference between quickly restoring the organization's operation after an incident or having to pause activity. Increasing operationality and competitiveness: An organization that can guarantee a fast and efficient recovery after an attack or security incident has more credibility in the market. This guarantee is the confirmation that there is no drop in productivity and, consequently, in revenue. The business becomes more efficient: Performing regular backups forces the organization to restructure and reorganize, which makes it more organized and efficient. Ensure compliance with the Data Protection law: In an age when data protection laws are increasingly tightened and whose infractions are punishable by huge fines, having backups ensures that all information is properly controlled and compliant with the law. If the importance of making backups is a certain, it is equally relevant to select the type of files that will be included in the backups. This is specific to each industry and each organization, but usually the backup should include everything that cannot be easily replaced. It’s because of the importance of backups that it’s crucial to understand the best way to execute them: in a general perspective, the 3 - 2 - 1 rule can secure this procedure. This rule recommends three backups of data, stored in two places (and on different equipment) and one external copy (for example, in a Cloud service). But there are some aspects for a better backup execution that should also be considered: Review the backups’ reports on a daily basis: Backup reports should be reviewed daily, either manually, or through a monitoring and alerting system. Daily analysis is very important because it will allow to detect any problems that arise, preventing them from escalating into a scenario that causes serious damage. Verify backups: Most backup systems verify the copies after the backup is complete, but regular testing should be executed to ensure file recovery, should it be necessary. Have an incident recovery plan: Running backups does not constitute an incident recovery plan. The organization should identify and assess the risks to its operation, document what’s being done, and communicate what should be done if there’s a need to execute a recovery. This plan should allow you to assess all risks, accept those risks, or activate appropriate controls to mitigate them. Storing backups: Backups are usually done on disks or remote sites (in the cloud), but it is important to understand how long it will take to recover the data when it’s time to recover it. The recommendation is to duplicate a certain amount of recent backup data locally to allow a quick recovery, and to have it hosted in the cloud. This allows this data to be available in seconds or minutes, rather than days. Encrypt backups: As backups go outside the organization's systems and network, they should be encrypted to ensure that no one outside the organization has access to this data.

After the end of Emotet's reign, which saw its infrastructure taken down by Europol in late January 2021, Trickbot has arrived, which has come to give a lot of headaches, especially to the legal and insurance industries. Like Emotet, Trickbot is not a "final" malware, it acts as a channel for cybercriminals to deliver the final malicious payload, which can be any other virus. Since February 2021, Trickbot has been used as a replacement for Emotet. The main form of dissemination was through spam campaigns, which contained a compressed (.zip) file with malicious JavaScript. Upon opening the file, Trickbot attempts to download another malicious payload from a remote server. Trickbot is popular due to its versatility, flexibility, customization, and its successful track record in previous attacks. In 2020, it was the fourth most prevalent malware globally, affecting 8% of organizations. In 2020, Trickbot played a key role in one of the most costly and high-profile cyberattacks: The Universal Health Services (UHS) case, a leading healthcare provider in the US. UHS was hit by the Ryuk ransomware and the institution claimed that the attack cost it $67 million in lost revenue and costs. Trickbot was used by the attackers to detect and harvest data from UHS systems and deliver the ransomware payload. WHAT CAN TRICKBOT DO? Credential theft; Spy on targets to gain access to the system and network information; Install backdoors into systems, which allow access to the system remotely as part of a botnet. Be downloaded by other malware. Modify itself to avoid detection. HOW DO I PROTECT MYSELF AGAINST TRICKBOT? The main defence tactic is to make users aware of how they should verify the veracity of a linked email. If a user can correctly identify a malicious or suspicious email and the attachment to follow, the malware will not have a chance to be opened. IT departments in organizations must make employees aware of how to identify potentially malicious emails. The use of antivirus software can also help in detecting potential attacks on a system. If the attack is successful, the software can also help remove it. Enabling multi-factor authentication (MFA) can help prevent TrickBot malware from obtaining all users credentials. Even if an attack is successful, attackers will not have all the pieces needed to be fully authenticated by a system. In short, even when one major threat is eliminated, others emerge that continue to pose a high risk on networks worldwide.

What is the Cyber Summit: Healthcare? The Cyber Summit: Healthcare is the 1st International Conference on Security and Healthcare focusing on how to approach, in an integrated way, security and protection aspects. This conference was created to respond to the need for information and clarification on the new European rules and legislation in the scope of the Healthcare sector. Who can enroll in this event? The Cyber Summit: Healthcare seeks to bring together healthcare professionals, heads of the security and information systems, and people interested in cyber security. Why should I attend this conference? Don't miss the opportunity to have access to personalized information for the healthcare sector with practical examples. Take the opportunity to resolve your doubts and enjoy networking.

The Cyber Summit: Chemical is the 1st International Conference on Cyber Security and Chemical focusing on how to approach, in an integrated way, security and protection aspects. This conference was created to respond to the need for information and clarification in the scope of the Chemical sector. Addressing issues such as security, deep and dark web trends, action in the face of a hacking attack (before, during, and after), among others. Agenda: I Part: 23rd of June • 2:00 p.m | "The Biggest Challenges Facing the Chemical Industry" | Patrick Hochfeld | Managing Partner | ACOPA GmbH • 2:30 p.m | "Third Party Risk Management in Chemical" | Matthew McKenna | President International Sales | SecurityScorecard • 3:00 p.m | "Deep and Dark Web Trends for Chemical Industry" | Reshid Ramadan | Global MSSP Account Manager | SOCRadar • 3:30 p.m | Questions (15 minutes) II Part: 24th of June • 2:00 p.m | "Compliance, Cyber Risk and Digitization in Chemical" | Thorsten Breuer | Executive Director | SonarLock • 2:30 p.m | "Incident Response in Chemical" | David Oliveira | International Sales Manager | Hardsecure • 3:00 p.m | "Pentest as a Service in Chemical" | Rafael García | Quality, Information Security and Privacy Manager | Exevi • 3:30 p.m | Questions (15 minutes)

What We'll Discuss Hardsecure's first Virtual Round Table has arrived. We gathered decision-makers and technicians at the table to talk about Ransomware, in a relaxed and informal conversation. For 45 minutes, watch different points of view and interact during the debate. November 18th at 1 p.m (Lisbon/London hour). Free registration. Agenda - How does a Ransomware Attack work? - How to Prevent a Ransomware Attack? - In what situations should we pay for the Ransomware? - What are the risks to consider before paying the ransom? - What to do in case you have been hacked? - What are the industries most susceptible to Ransomware Attacks?

CyberTalks is a Hardsecure initiative that aims to raise awareness and relevant information in the areas of Information Systems Security & Cybersecurity through free webinars. Join in our webinar about Pentest - Information Security, Risk Management, and Mitigation, to find out how Pentest can help your organization. Agenda What is Pentest Vulnerability Scans Vs. Pentesting Pentest types and Main Steps How to choose the proper pentest method and service Main benefits,

CyberTalks is a Hardsecure initiative that aims to raise awareness and relevant information in the areas of Information Systems Security & Cybersecurity through free webinars. Attend our SOC and Security Incident Response Webinar to learn more about: Managed Security Services, Security Incident Response Methodologies, How to boost your SIEM engine, and our h-SOC solution. Agenda What is SOC Main purpose SOC types (Tiers) & Models Process workflow (SOC Tier 3) Incident Response Methodologies How to implement SOC as a Service in your organization H-SOC Main benefits

Function Description: Survey of technical requirements and advice on security and cybersecurity solutions and services (preferred) better suited to customer needs; . Support to the sales team in the presentation and development of solutions; Presentation of our solutions to customers and at promotional events, providing technical support when necessary; Identification of new solutions and services that may be relevant to keep up with market needs/requirements. Requirements: Degree in computer engineering (or similar); Strong knowledge in security technologies (palo alto networks, Fortinet, bitdefender, cisco are the preferred technologies); Strong knowledge in networking (routing, switching, VoIP, wifi and security protocols) and System Admin; CCNP and CCNP Security certifications; Knowledge in TSHOOT – Troubleshooting and Maintaining Cisco IP Networks; Strong capacity in the execution and management of projects in the scope of networking and perimeter and endpoint security; Minimum experience in functions: 3 years Behavioral Profile: Sense of responsibility; Dynamic and proactive; Ability to work under pressure; Good interpersonal skills and teamwork What We Offer: Participation in important projects in the national and international scene. Integration in a dynamic and experienced team. Integration with transversal participation in projects where the company is involved. Attractive salary package adapted to the knowledge and experience shown by the candidate. The answers must be sent by email with the reference in the subject net.20.hs, sent to the email: geral@hardsecure.com

Requirements: Degree in computer engineering (or similar); Knowledge about the technological evolutions of security present in the sector; Strong knowledge in security technologies (preferably firewalls, antivirus, SIEM, DLPs, WAF,…); Strong knowledge in networking (routing, switching, VoIP, wifi, and security protocols) in areas such as Radius, 802.1x protocol, and similar; Strong knowledge of security frameworks and standards such as ISO27001:2013, ISO27005, ISO22301, PTES, OWASP, and similar; Mandatory one of the following certifications: ITIL, PMP, or PRINCE2. Strong capacity in the execution and management of projects in the field of security and cybersecurity; Knowledge at other levels is valued (systems, databases, frameworks,…); Minimum experience in functions: 7 years Behavioral Profile: Sense of responsibility; Dynamic and proactive; Ability to work under pressure; Good interpersonal skills and teamwork What We Offer: Participation in important projects in the national and international scene. Integration in a dynamic and experienced team. Integration with transversal participation in projects where the company is involved. Attractive salary package adapted to the knowledge and experience shown by the candidate. The answers must be sent by email with the reference in the subject GP.20.hs, sent to the email: geral@hardsecure.com