Tema 4: Seguridad y confianza digital

Digital Security and Trust

Introduction to Digital Security

• The discussion begins with the introduction of Edson, a civil servant in human resources, who received a suspicious email from his bank requesting data updates.

• Edson's training in information security led him to recognize the email as a phishing attempt, prompting him to report it immediately.

Understanding Information Security

• Information security encompasses preventive and reactive measures to protect stored data, distinct from cybersecurity and digital security.

• Cybersecurity focuses on defending digital assets (computers, servers, networks), while digital security pertains to trust management in digital environments.

Legal Framework and Institutional Support

• Since 2018, Peru has implemented international regulations for information security management following the creation of the Digital Government Law.

• The National Center for Digital Security oversees public administration's information security in Peru, supporting both public and private entities.

Common Threats in Digital Environments

• Phishing is highlighted as a prevalent threat; Edson was prepared due to prior training which helped him avoid potential damage.

• Smishing (phishing via SMS), social engineering tactics aimed at manipulating individuals into compromising actions are also discussed.

Techniques Used by Attackers

• Various techniques include:

• Pretexting: Creating believable scenarios for unauthorized access.

• Tailgating: Exploiting trust or innocence to bypass physical access controls.

• Shoulder surfing: Observing users' passwords discreetly.

• Baiting: Leaving infected storage devices for victims to use unwittingly.

• Vishing: Using phone calls under false pretenses to extract sensitive information.

Emerging Threats and Malware Impact

• Shadow IT refers to unmonitored systems within an organization that pose risks. Identity theft through fake online profiles is another significant concern.

• Malware is defined as malicious software affecting devices; examples include incidents involving colleagues Maribel and Roberto who fell victim due to lack of awareness about safe practices.

Best Practices for Information Security

• Recommendations include:

• Use strong passwords changed biannually; avoid reusing them across platforms.

• Securely store sensitive documents and media containing classified information.

Cybersecurity Awareness and Best Practices

Importance of Computer Security

• Inactivity of computing devices can lead to session blocking; it's essential to periodically check that operating systems and antivirus software are updated.

• When teleworking, using a Virtual Private Network (VPN) is recommended as it creates secure communication networks between computers with restricted access.

• Users must ensure they have a reliable antivirus installed and monitor updates and new subscriptions for safe browsing. Always verify URLs for security indicators like HTTPS.

Recognizing Threats

• Understanding information security is crucial; users are the first line of defense against threats. Maribel and Roberto overlooked several security measures, leading to incidents.

• Maribel's malware incident originated from WhatsApp Web, which lacked adequate security features. The National Cybersecurity Center had to issue an alert due to this vulnerability.

Incident Response

• For Roberto, the IT team followed procedures advised by the National Cybersecurity Center to mitigate harassment issues. Fortunately, neither incident critically impacted the organization's reputation or digital assets.