cyber security firms Checkpoint y In there and the digital identification company Emptor agree that the software updates were the flaw in the Sedena processes that led to the hacking by the Guacamaya group.
For Miguel Hernández, leader of Checkpoint’s Security Engineering in Mexico, the attack against the Mexican army used a vulnerability whose update patch was published several months ago, so if said vulnerability had been repaired, the hack would not have been possible. .
Hernández recommends an awareness campaign so that the members of a government entity, such as the Sedena, or of the private initiative, have an action or mitigation plan that allows the necessary updates to be carried out and to respond to the commitment of the vulnerabilities.
For Julián Garrido, CEO of the cybersecurity firm In there In Mexico, the failure to update the Zimbra electronic service, through which the hackers extracted the information, reveals the lack of discipline in the secretariat’s tactical processes.
From the point of view of tactical operational processes, it is an indiscipline in the operation, it is something that should not happen,” Garrido said.
According to Gabriel Puliatti, director and founder of Emptor, an identity verification firm, the Sedena hack is due to an outdated hiring process. Many entities such as the secretariat have the idea that the information is better cared for within the institution, according to Puliatti, who believes that this can only be true in those cases in which the investment in cybersecurity is very strong.
“There are still many larger entities that do not understand the reason why they should hire a service,” said Puliatti, for whom the consequence of these policies is that monitoring is not applied to system maintenance.
According to Julián Garrido, although the cloud does not completely eliminate the chances of suffering a cybersecurity incident, it does in most cases automate the processes of patching and updating vulnerabilities.
“From our experience, using cloud technology will free you from basic operational processes that were not carried out in the case of Sedena, such as patching vulnerabilities,” he said.
Another problem of Latin American institutions ─the objective of the Guacamaya hacktivist group─, according to Puliatti, is that platforms are used that are not adequate in the protection of personal data, as is the case of the email service.
“Many of the most serious things that Sedena is seeing is private confidential information of people that at no time should have been shared by an email environment, but since the institutions assume that internal email environments are secure environments and private to each other, they have no problem sharing emails with private information,” he said.
rodrigo.riquelme@eleconomista.mx
hartford car insurance shop car insurance best car insurance quotes best online car insurance get auto insurance quotes auto insurance quotes most affordable car insurance car insurance providers car insurance best deals best insurance quotes get car insurance online best comprehensive car insurance best cheap auto insurance auto policy switching car insurance car insurance quotes auto insurance best affordable car insurance online auto insurance quotes az auto insurance commercial auto insurance instant car insurance buy car insurance online best auto insurance companies best car insurance policy best auto insurance vehicle insurance quotes aaa insurance quote auto and home insurance quotes car insurance search best and cheapest car insurance best price car insurance best vehicle insurance aaa car insurance quote find cheap car insurance new car insurance quote auto insurance companies get car insurance quotes best cheap car insurance car insurance policy online new car insurance policy get car insurance car insurance company best cheap insurance car insurance online quote car insurance finder comprehensive insurance quote car insurance quotes near me get insurance
