Cyber Threat Intelligence

Cyber Threat Intelligence: 6 Key Concepts to Understand it

Over the past decade, we have seen a significant increase in cyberattacks. Criminals use an ever-growing set of techniques, tactics, and tools to compromise their victims’ systems. To address this problem, every defender must know about Cyber Threat Intelligence (CTI).

In this series of articles, our goal is to share the foundations of Cyber Threat Intelligence effective management and then guide you to convert threat information into threat intelligence – actionable information to improve your organization’s security posture significantly.

Understanding the adversaries’ motivation, tactics, and techniques have become a fundamental strategy of many organizations, especially for the teams entrusted with their defense, better known as blue teams. So, in this first article, we will talk about fundamental concepts. We will define a threat, threat actors, threat information, deep dive into intelligence, and clarify the difference between threat intelligence and cyber threat intelligence.


In terms of information security, a threat is a possible adverse action or event facilitated due to a vulnerability that can rise to an unwanted impact on a computer system or application.

A threat can be an “intentional” adverse event (for example, hacking: an individual cracker or a criminal organization) or an “accidental” adverse event (for example, the possibility of a computer malfunction.

Threat actor

An individual or group can take the action of the threat, such as exploiting a vulnerability to make a negative impact. Examples of actors are cyberterrorists, government/state-sponsored actors, organized crime/cybercrime, hacktivists, script kiddies, or “insiders.” In one of our following articles, we will define each actor, their motivations.

Information threats

Threat information from external sources, AKA “Threat Feeds,” often consist of curated lists of URLs, IP addresses, and domains known to be suspicious. These lists typically have known compromised hosts/applications or used by the actors of the threat. They have almost no derived context. To go deeper into this topic, we recommend reading about the pyramid of pain by David Bianco. In one of our following articles, we will detail the sources to learn more about this topic.


When we speak of intelligence, we generally refer to information enriched with data from other sources which is actionable and a cybersecurity professional can analyze. Our future articles will detail the following types of intelligence: HUMINT, SIGINT, FININT, GEOINT, CYBINT, and OSINT.

Threat intelligence vs Cyber Threat Intelligence

Threat intelligence analyzes adversaries, their motivations, tactics, and techniques, and how they carry out crimes that could be replicated in your organization. This intelligence becomes valuable when it can inform and assist defenders in taking actions to defend against these threats.

Cyber Threat intelligence is the analysis of how adversaries or cybercriminals use their strategies to perpetrate their attacks on vulnerable information assets. Like threat intelligence, whose value is to convert information about threats into actions to strengthen the security posture, CTI includes a set of atomic compromise indicators and learns from external and internal information sources and strategies to on implementing effective controls.

Organizations increasingly recognize the value of threat intelligence. However, there is a difference between acknowledging the value and receiving the value. Today, most organizations focus their efforts on the most basic use cases, such as integrating threat data with the existing network at the firewall level without taking full advantage of the insights that intelligence can provide.

This first article covered the fundamentals to start our journey on this exciting and fascinating topic. In the next installment, we will talk about the benefits that a company obtains when it adopts a threat intelligence process, suggestions about where the function of threat intelligence should sit within organizations, and the type of companies that are rapidly moving to this model, which is gaining greater relevance as cyber-attacks grow in sophistication.

Ransomware Attack

Are Ransomware Attacks Becoming Uninsurable?

When you read about how many ransomware attacks have happened over the last months, you start to wonder: are cyber insurances making things even worse? The situation appears to be a never-ending cycle in which an organization hires a cyber insurance company. Cyber-criminals perform their attack, the insurance pays the ransom, the organizations renew their service with an increase in the fee, and so on. But what is really happening? What is exactly the role of cyber insurance? Is it really making things worse? 

What is a Ransomware Attack?  

Before we start answering those questions, we believe it is appropriate for us to share an explanation of ransomware attacks. These are types of malware that encrypt your information, databases, and/or applications in exchange for a ransom. It is an illegal procedure that can quickly stop your organization, causing extreme damage to your operations, reputation, and finances.  

Although the perpetrators always ask for a high amount of money so you can gain access back and give a certain amount of time to pay them, almost no one wants to pay them and work with their cybersecurity partners to look for ways to gain back access to their systems and files. There are times when there are no other options. We have seen organizations with no way of recovering the data lost or getting the systems back and running. Also, some have been threatened with making sensitive information public,  so they had to sit down and negotiate with the criminals.  

Just this year, we have seen how many large organizations have fallen victim, putting the people of our country at risk,  giving millions of dollars to the criminals.  

What Is The Role of Cyber Insurance?  

While the attacks are getting more targeted and more serious (just last year, there were over 65,000 attacks in the US), more organizations are looking to upskill their cybersecurity defenses. One way is to hire more talented and specialized personnel and add an extra layer of security by getting a cybersecurity insurance policy.  

Cyber insurance is no other than a contract that you, as an organization, can purchase to help reduce the risks associated with the online world. It usually covers your business’ liability for a data breach, including legal counseling and defense, a digital forensics team, incident response costs, costs to restore operations and recover lost assets, crisis communications, and even ransom amounts.  

In other words, in case your organization suffers a ransomware attack, with a cyber insurance, you will be able to pay the criminals and gain access back to your systems while also getting an amount for the costs associated with this situation.  

This has generated a discussion about the responsibility of cyber insurance. Is it an incentive for more ransomware attacks? Or is it a great way of protecting an organization?  

Cyber Insurance: What Should Happen Now? 

You need to understand that when cyber criminals gain access to your systems, they will know if you have an insurance policy and how much it will cover in terms of ransom. They are not going to ask anything below what you can pay them. That is why these policies are getting that much negative criticism.  

While some people believe that there should be no ransomware insurance at all, we believe that not everything is black or white. Recently, French authorities started questioning the role of cyber insurance in the sudden growth of these attacks, a comment that was followed by the decision of AXA, a global insurer, that they would not continue reimbursing companies for ransomware payments to criminals.  

But is this really the solution? By eliminating this coverage, you are putting at risk every organization, especially the smaller ones. Anyone can fall victim, but not everyone has the means to recover from it. 

We believe that every insurance policy should come with a list of security best practices that organizations need to implement (such as using Multi-Factor Authentication, security controls, identity and access management, employee training) to improve their security posture avoid the risks. Insurance companies should also share the lessons learned from other experiences as a way of helping their clients easily identify risks and better protect themselves.  

It is a matter of working as teams, where clients and insurance firms have the same goal: fighting cyber-crime.


SDG: Businesses For a Better Future

Our planet deserves a better future, and the 17 Sustainable Development Goals (SDG) or “Global Goals” are carefully designed to give all people opportunities to start building that future today.

With hundreds of indicators geared towards 2030, the international community established this new roadmap at the end of September 2015. The United Nations member countries designed these goals to cover social, environmental, and economic aspects with a business mindset.

These goals provide a path for any business to direct its efforts toward specific global objectives.

Businesses’ Role

Companies can contribute to the SDGs from three different perspectives, with different returns.

First, there is the development of philanthropic actions not related to the company’s activities. It seeks to improve the social and environmental conditions of the company’s environments, and it primarily has a reputational benefit.

On the other hand, it is possible to implement initiatives related to the organization’s operations to reduce and eliminate negative impacts and enhance positive ones for stakeholders. In this case, the returns for the company are diverse as they include operational efficiency, cost reduction, customer loyalty, among others.

The third approach is to develop innovative products and services within the company’s activity sector. This contributes to the goals established for the SDGs while generating new business opportunities.

The second and third approaches were proposed around operational impacts and are the subjects of the SDG Compass protocol. What does that mean exactly?

SDG Compass: A Guide for Businesses

To help companies contribute to the SDGs, the Global Reporting Initiative (GRI), The United Nations Global Compact (Global Compact), and the World Business Council for Sustainable Development (WBCSD)  created the SDG Compass. It is an action protocol structured in five stages that seek to facilitate companies’ understanding of how they can contribute to the SDGs, encourage their public commitments, and communicate their progress.

Source: SDG Compass (2015)

The SDG Compass starts from a first stage that suggests promoting knowledge about the SDGs and the benefits that the company gets by supporting these goals.

Once the possibility of contributing to the SDGs is on the table, the next step is to design an strategy. To this end, the second stage begins with identifying the impacts that the company could generate with these iniciatives.

The third stage focuses on the action by establishing objectives, work programs, and activities that allow the company to put the goals into practice within the established time frame.

The fourth stage is how to implement the action plan. It suggests assigning responsibilities throughout the company so that all employees participate. Likewise, it recommends associating the indicators established for the SDGs with the performance metrics of the operations. In addition, to evaluate the progress of the action plan, it proposes to create a monitoring body.

Once the action plan is already for execution, it is possible to approach the fifth stage. At this moment, the company publicly reports its performance and the progress achieved, using a language that the authorities and civil society can understand:

  1. Why SDGs are relevant and the associated impacts generated by the company.
  2. The objectives and actions designed to contribute to their achievement.
  3. The management and monitoring systems established to evaluate the progress that the company has achieved.

Advantages of contributing to the SDGs.

Making sure that our society achieves these 17 Sustainable Development Goals has many benefits, such as:

  • Identify business opportunities and attract capital.
  • Enhance the value of corporate sustainability, including attracting talent and customer preference.
  • Strengthen relationships with stakeholders, be aligned with legislative advances, and strengthen risk prevention.
  • Stabilize societies and markets by contributing to their development and access to products and services.

Ideas for businesses to support SDG

Here are 4 ways businesses can support SDG through empowering and inspiring activities. This could be a part of the businesses’ practices or projects.


It is essential to ensure that people collaborate in a secure and healthy workplace. If you think about it, most people spend about one-third of their adult lives in a workplace environment.

Consequently, businesses are key drivers for SDG 3 and SDG 8 – “Good Health and Well-being” and “Decent Work and Economic Growth.” Emphasize safe habits at work through frequent training and refreshers, and implement health and fitness programs for your team.


Such as “Employee of the Month,” usually reserved for employees with the best productivity, businesses can also reward workers for incentivizing better environmental practices.

In this case, you’d be supporting SDG 12 – “Responsible Consumption and Production.” Consider offering bonuses or awards for the most environmentally conscious team members – especially those who put your business closer to those responsible practices.


Diversity strengthens human relationships and encourages creativity in the workplace.

Organizations are ecosystems that thrive on variety. Diversity at work includes people from different cultures, genders, races, and opinions that add different perspectives to the work dynamics.

With these actions, businesses would support SDGs 5 and 10 – “Gender equality” and “Reduced inequalities.” In this sense, workspaces are not alien to the changes that are taking place in society. Diversity at work is a way of integrating those sectors of society that do not usually have many job opportunities.

A happier future

The international community is facing an exceptional moment, with a challenging roadmap and objectives established through the collaboration of governments, companies, and civil society. From your company, you can contribute to their achievement and develop new business opportunities that combine social and environmental impact with an economic return.

Businesses, regardless of their size, have the power to forge change and harness innovation, involving their employees, clients, partners, and communities – ensuring that no one is left behind in a safer, happier future.


Sustainable development goals: Creating our future today

We live in a world surrounded by technology. Just look around, how many devices do you see? Have you ever stopped to think about that?

Every year new things are invented, or those we already know are tweaked to make them more efficient and accessible to everyone. Fortunately, technology has always been in our lives, but unfortunately, we have also heard about climate change, global warming, pollution, global food and water shortages, endangered animals! AND the end of the world!

How is it possible that if we are so creative in developing technology that makes our lives easier, we have not been able to remedy these situations? Could we change and improve the world? Fortunately, there is already a plan that can only be successful if we all work together: the Sustainable Development Goals (SDG).

What are the Sustainable Development Goals?

In 2015, the UN, representing the population of 193 countries, announced the 17 global goals of sustainable development that focused on people, the planet, peace, and prosperity to eradicate extreme poverty, fight against inequality and injustice, and mitigate the effects of climate change.

The 17 SDGs are a collection of independent but interconnected goals carefully designed to give all of us a better future, with hundreds of targets and indicators geared towards 2030.

We must achieve these goals by 2030 to protect the planet and make this world a safer and more equitable place.

What can I do as an Individual?

Although it may not seem like it, reading about the SDGs, knowing their lines of action at a general level, and raising awareness among your family, friends, and colleagues is extremely important and the first step you must take.

That being said, here are 3 actions to help you contribute to the achievement of the SDGs. These activities can be part of your lifestyle or projects. Feel free to share them!


Recycling is more important than ever. The use of single-use containers, such as plastic bags or bottles puts tremendous pressure on our Earth. To reduce waste in our waters and landfills, people must follow the three Rs. You would be supporting SDGs 13 and 14 – “Life on Land” and “Life below Water” by doing your part to reduce the waste produced by your daily activities.


Education is the basis of a better future and a pathway out of poverty. There is no dispute on that.

Donate to causes that supply books, build schools, and train teachers everywhere in the world – especially in remote areas. By helping to remove barriers to education, you’re enriching many people’s individual lives and adding talent to the workforce, thus creating the opportunity to have a better life.


Expand the reach of your impact by engaging in projects that support the SDGs. You can choose multiple projects or just one – that’s up to you. Even some projects may support several SDGs at the same time.

When it comes to giving, engage with causes that are close to your heart. It could be related to education, environment, health, or human rights. In any case, start with the SDG that you feel most strongly about and donate towards causes that support it.

Commiting to Change

It is not long until 2030 comes around. We need to support each other, use our imagination and creativity, but above all, commit to change. If we make these goals known massively, other people might take an interest and cooperate. This is linked to CyberWarrior’s purpose, as it is core to our mission to help people grow personally and professionally – and make sure our planet keeps on turning.

2021 So Far: The Biggest Cyber-Attacks

2021 So Far: The Biggest Cyber-Attacks

For the past few years, we have seen an uptick in cyber-attacks around the world. The pandemic made things even worse, and now we see its consequences. Government agencies, schools, cities, gas pipelines, and major organizations have fallen victim during the first quarter of 2021. Understanding what has happened will allow us to prepare for the coming months.  

In this article, we want to guide you through the worst cyber-attacks we’ve seen this year. What happened, how did the organization reacted and responded, and how they recovered from it.  

1- Florida Water System 

The date was February 5th. A plant operator noticed how the cursor of his computer started moving across the screen and opened software functions that controlled the water treatment for the Florida west coast. The hacker was able to boost the level of sodium hydroxide in the water by 100.  

It is important to note here that poisoning from sodium hydroxide can cause burns, vomiting, severe pain, and bleeding. Fortunately, the operator quickly responded, reverted the levels to normal, and reported the situation to his superiors. Although the sheriff explained that the system has safeguards that prevented the contaminated water from being released to the public, this episode shows the lack of controls and training in the water systems around the country. Cyber-attacks could have put public health at risk. 

2- CNA Financial 

One of the largest insurance companies in the country fell victim to a ransomware attack earlier this year. It all happened when employees got locked out of the company’s systems due to a network disruption caused by a sophisticated cyber-attack on certain CNA systems.  

People familiar with the attack explained that CNA first attempted to resolve the matter without engaging with the hackers’ organization. One week later, they started negotiating and then agreed to pay $40 million to restore access to its systems. This amount is 10 million higher than the biggest ransom reported last year.  

According to a spokesperson, the insurance firm followed all the laws, regulations, published guidance, and worked closely with the FBI and the Office of Foreign Assets Control.  

3- Acer 

In March, the Taiwanese computer and electronics brand reported “abnormal situations” in their IT security controls. It was revealed that they were hit by a REvil ransomware attack that demanded the largest ransom to date, $50 million, and they stipulated that if they did not pay by a certain date, the price would double.  

While Acer tried to keep the situation off from the press, the threat actors revealed documents such as bank balances and spreadsheets that made clear that they had gained access to the company’s financial information, clients’ lists and that a ransom attack was going on. 

Allegedly, this all happened because of a vulnerability in a Microsoft Exchange server that was exploited, giving the hackers access to Acer’s files and sensitive information.  

4- Colonial Pipeline 

One of the cyber-attacks with the most news coverage this year, as it directly impacted the gas supply for the East Coast of the United States while causing panic and chaos.  

The DarkSide, a criminal hacker group, based in Eastern Europe, was responsible for shutting down the pipeline for several days in what appears to be the largest attack on an American energy system. Operations were restored after Colonial paid a ransom of 4,4 million dollars worth of bitcoin.  

All the chaos, gas shortages, and price spikes were a consequence of a leaked password to an old account with access to the VPN used to access the company’s server. This puts in evidence the urge to implement cybersecurity training for all employees, reviewing the organization’s identity, access management policies, and security controls.  

5- NBA 

Earlier in April, the USA National Basketball Association was hit with a cyber-attack that mainly affected the Houston Rockets. The team claims that they could quickly detect the intrusion and respond, reducing the damage to its operation. But, according to Bloomberg, the hacker group Babuk was able to get ahold of at least 500 gigabytes of information, including financial data, non-disclosure agreements, and contracts. 

The criminals posted a message on the dark web claiming for a ransom to return the stolen data, or they would post all the information online. As we write this, there is no proof that a ransom has been paid.  

6- Microsoft Exchange 

A Chinese cyberespionage group uncovered and exploited four newly discovered vulnerabilities in the email software, putting at risk over 30,000 organizations and government agencies in our country.  

Microsoft explained that the hackers were taking advantage of these flaws to conduct targeted cyber-attacks on email systems used by different industries, especially on organizations related to infectious disease researchers, law firms, and higher education institutes. And they stated that the criminals were putting at risk any unpatched Exchange server worldwide.  

Basically, in each unpatched server, the attackers left a “web shell,” a hacking tool that grants them administrative access to the computer and servers. Along with the US Cybersecurity & Infrastructure Security Agency (CISA) and security companies, Microsoft worked quickly to revert the damages caused by releasing an update to the system and providing mitigation guidance.  

7- Accellion 

Accellion, an IT security firm owner of a secure file sharing and collaboration software, was the victim of a cyber-attack related to a security flaw in their software that put at risk over 30,000 organizations, including companies, government agencies, hospitals, and universities.  

A report stated that it all happened in December when a vulnerability in the file transfer software was first exploited and then again in January. Six months have gone by since then, and the attack continues to leave a mess behind. Morgan Stanley, NSW Health, University of Colorado, Grocery Giant Kroger, and many others have released information about stolen or missing data.  

The Cost of Cybercrime Is On The Rise

The cost of cybercrime goes far beyond the actual money invested in detecting, responding, and recovering an organization from an attack. It includes the loss of data, productivity, money, and even reputation. It can even strike so hard that it forces an organization to close its doors. 

The situation has been getting worse year after year. In fact, when you go back in time, you can see that in 2015 the World Economic Forum estimated the cost of cybercrime to be $3 trillion worldwide. Today, Cybersecurity Ventures predicts that it will grow by 15 percent every year for the next five years, reaching 10.5 trillion dollars by 2025. A rise of almost 7 trillion dollars in just 10 years. 

Not only are hackers running one of the most lucrative “businesses,” but they are close to having zero chances of being discovered and prosecuted, according to the World Economic Forum. 

These numbers only mean that organizations (private or public, small or large) are not taking action to prepare themselves for a cyber-attack. During the first six months of 2021, it became more evident than ever before.  We have seen how the Colonial Pipeline suffered a major attack that shut down the gas supply for the East Coast of our country, how the NBA lost over 500GB of confidential data on the Houston Rockets, and how The Steamship Authority of Massachusetts ferry fell victim of a ransomware attack that affected its logistics and services. 

How Can Organizations Mitigate the Risks

The solution here is not to fear cyber-attacks but to make your organization cyber-resilient. Anyone who works in cybersecurity must acknowledge and help their management team understand that the risk of falling victim to hackers is always there. You need to have a plan in place that will enable business continuity while responding and recovering from the attack, lowering the actual impact and cost of cybercrime in your organization.

Also, there are a few industry best practices that every organization should apply to help minimize the risks of attacks: 

The first thing you need to do is provide security training for your workforce regularly. They need to spot a suspicious website or email and even identify a device that might be compromised. They need to know what to do, who to call, and how to react to an attempt against their data security.  

You also need to encrypt as much data as possible, creating an identity and access policy that restricts users who have access to sensitive data, updating and patching software regularly. Most importantly, you have to be proactive and constantly strengthen your security measures. 

These practices can help save your organization. 


Top Cybersecurity Influencers You Should Start Following

Staying on top of this ever changing industry can be a daunting task. We have found that one of the best ways to do it is by gaining insight from top cybersecurity influencers, men and women who are constantly sharing information, trends, news, latest attacks, and best practices in their social networks or websites.  

1-Troy Hunt 

Renowned Australian author of different courses of web security. He runs the free service Have I Been Pwned (HIBP), that helps people figure out if their email address or passwords are compromised in a data breach. He is constantly speaking in security workshops around the world, and he has even testified in the US Congress on the impact of data breaches. Troy publishes weekly updates that cover various topics of what is happening in cybersecurity and related fields.  

Twitter: 190.4K @TroyHunt 


2- Kevin Mitnick 

Once the most elusive computer hacker in history, he joined the FBI’s most wanted list for hacking into more than 40 major corporations worldwide, not with malicious intent, rather than for the fun and challenge it represented. After running from the feds for three years, he is now a trusted security consultant to the Fortune 500 and different governments.  

Twitter: 260.4K  @kevinmitnick 


3- Mikko Hypponen 

A Finnish security expert that has worked since 1991 in F-Secure, a global security and privacy company with offices in more than 30 countries around the world. Mikko has been published by The New York Times, Wired, and Scientific American. He is also a frequent lecturer in the Universities of Stanford, Oxford, and Cambridge. It is very interesting to read a man that has more than 20 years of experience tracking, disabling, and dissecting malware.  

Twitter: 211.9K  @mikko 


4- Katie Moussouris 

American computer security researcher and writer who is most known for her campaigns on responsible security research. She was part of the creators of a bug bounty program for the US Department of Defense called “Hack the Pentagon” and also for Microsoft. She is the founder of Luta Security, an organization that aims to transform the way governments and companies are using people, processes, and tools to improve vulnerability coordination and their overall security. In 2014, Katie was named by SC Magazine as one of the “10 Women in Information Security That Everyone Should Know”.  

Twitter: 105.3K  @k8em0 


5- Bruce Schneier 

Described by The Economist as a “Security Guru”, Bruce Schneier is a famous security technologist that has written numerous books in application security and cryptography. His newsletter has been running since 1998 and his blog since 2004, he now has over 250,000 readers around the globe. He has served on different government committees, testified before the Congress of the United States and he is the Chief Security Architecture at Inrupt, Inc.  

Twitter: 135.6K  @schneierblog 


6- Brian Krebs 

Before creating his own cybercrime blog, KrebsOnSecurity, he worked as a reporter for the Washington Post interviewing hackers for the computer security section. Since then, he is known  for his coverage of cybercriminals and their acts around the world. Several times he has fallen victim, yet this has only made him more interested in the field. 

Brian is the author of an award-winning book called “Spam Nation: The Inside Story of Organized Cybercrime – From Global Epidemic to Your Front Door”, he is also responsible for breaking the story of the Target Corporation breach in 2013 and figuring out who was the man behind the scam. 

Twitter: 314.8K @briankrebs 


7- Eugene Kaspersky 

Russian cybersecurity expert and CEO of Kaspersky Lab, an IT company with over 4,000 employees, well known for their antivirus products. In his blog, he shares personal opinions on current cybersecurity and IT topics, news, and industry developments.  

Twitter: 183.4K 



8- Graham Cluley 

After creating the first version of Dr. Solomon’s Anti-Virus toolkit for Windows, Graham Cluley worked for Sophos and McAfee. He then decided to become an independent cybersecurity analyst. He can be frequently found as a speaker in security events around the world talking about cybercrime.  

Twitter: 103.5K  @gcluley 


9- Shira Rubinoff 

An IT security expert, founder of two cybersecurity companies, and one of the most influential women in the field, she usually talks and writes about the connection between technology, psychology and cybersecurity.  

Twitter: 55.9K  @shirastweet 

10- Jayson Street 

Jayson Street is VP of InfoSec at SphereNY. He is best known for breaking into supposedly unbreakable sites to teach companies, governments, and end users why and how to protect their cybersecurity posture. 

Twitter: 57.6K  @jaysonstreet 


11- Zack Whittaker 

If you read websites such as TechCrunch and, you probably have read a piece by Zack Whittaker. He is the security editor for TechCrunch covering mainly news and topics related to cybersecurity and tech.  

Twitter: 68.5K  @zackwhittaker 


12- Larry Dignan 

Larry is the Editor in Chief of ZDNet and Editorial Director of TechRepublic. He has covered the technology and financial industry since 1995, and has published articles in different news sites such as, [email protected] Week, The New York Times.  

Twitter: 31.4K  @ldignan 


These 12 cybersecurity influencers will help you stay on top of the latest trends and news in the field. Start following them, reading their content, and of course, don’t forget to follow CyberWarrior in all of our social media channels to get familiarized with the industry and what our academy has to offer.  



4 Security Recommendations For You and Your Family

We are living in a world where technology is taking place in our everyday tasks. We have speakers, computers, TVs, printers, phones, and even vacuums interconnected to one another, always leaving a place for bad guys to grab control of our systems, and even worse, our personal information.  

If you are one of those who believe that you do not have an “interesting” life for hackers, my friend, you are wrong. They are looking to get ahold of social security numbers, credit card information, data related to your work or your child’s school, anything that can open the doors for information they can use to perpetuate a profitable action.  

It is time that we internalize that if we want to live with the technological advances of the 21st century, we need to start taking action to protect ourselves and our families from becoming another number in the hacking statistics. 

CyberWarrior’s Tips for Your Security at Home 

To make this article valuable for anyone out there, we asked our CEO, Reinier Moquete, what his top security recommendations are. Here are the four actions he suggests you start implementing at home as soon as possible: 

1- Setting Up 2 Factor Authentication 

How many passwords do you have? At least one for your Wi-Fi, your personal email, school/work email, each one of your social media accounts, banks, and others. It is pretty hard to create and remember a different password for every account. To better protect your data, it is important to add an extra layer of security.  

The best way to do so is by setting up 2-factor authentication. With it in place, instead of gaining access to your account once you add your login information, you will need to complete a second step. It can be a PIN, answers to secret questions, an OTP (one-time password sent by SMS or email), a keystroke pattern, or more sophisticated options such as your fingerprint scan or iris scan.  

The correct use of 2-factor authentication prevents anyone from accessing your accounts, even if they have one of the security parts of your login.  

There are different options out there for you. Some of them are Google Authenticator, Duo Mobile, Microsoft Authenticator, FreeOTP, LastPass Authenticator, Authy.  

2- Using a Password Manager 

We highly recommend having a unique password for every account you own. Please do not use it more than once, as it increases the chances of losing more personal information. Also, it is not smart to write down your login information, as it can get to the wrong hands. 

To ease this password handling issue, we suggest you get a password manager.  It will encrypt and store your login information for every website you use and help you log in automatically. You will only need to remember the master password.  

There are many options in the market, but at CyberWarrior, we believe that the best options are Dashlane, LastPass, and KeePass. 

3- Connecting Through a VPN 

Have you ever thought about what happens with your personal information online? Have you ever connected using public Wi-Fi? Or have you thought of who knows what your online activity is? If any of these questions made you nod, it is probably time for you to get a Virtual Private Network or VPN.  

This is an encrypted connection between the device you are using (phone, tablet, computer, others) and the internet. Meaning that no one can see what you are up to.  

There are a lot of good, free VPNs out there, but they have a limited selection of servers and only allow you to use small data to navigate the internet. That is why we suggest you invest in a trusty service such as ExpressVPN, NordVPN, Hotspot Shield, PureVPN, or IPVanish.    

4- Turning On HD Encryption 

One of the most powerful tools to protect the data in your computer is full disk encryption. It basically transforms the information stored there into an unreadable format that can only be decrypted by those allowed to access it with a secret key or password.  

To do this on your computer, you will need to get an encryption tool and a storage backup drive. Among the best tools in the market are: BitLocker, Guardium, Boxcryptor, DiskCryptor, and VeraCrypt. 

There is no 100% guarantee when it comes to security, but having in place all these four actions will help scare the hackers away from your home and family. And also, keep in mind that you should all read the basics of online security so you can prevent clicking on a phishing email, on social media cyber-crimes, or any other hacking technique.  



A Look Back at Alan Turing’s Life

As cybersecurity experts, we owe a lot of what we know today to the great mind and life of Alan Turing. This blog is a way to remember his work, innovations, and contribution to modern computing.  

Early Years 

He was an English mathematician,  logician, and the pioneer of theoretical computer science and artificial intelligence. He was born in London on the 23rd of June of 1912. Since he was a little kid at school, his intelligence was more than clear. It is reported that he did not pay much attention to classes but still could get the highest grades in tests. As a result, he had different teachers call him a “genius.” 

His experience studying mathematics at the University of Cambridge gave him a few years filled with work, social life, and sports. He even joined the peace movement against the rise of Hitler. He graduated with a first-class honor’s degree. And then headed to Princeton University to earn his Ph.D. in the same field. During this time, he made the “Turing Machine,” the first notion of a universal computing machine that could solve complex calculations.  

Once he went back to England, he was invited to join the Government Code and Cypher School (now known as the GCHQ), a top-secret British code-breaking organization. Once World War II started in 1939, Alan decided to move the organization’s wartime headquarters to Bletchley Park, where he completed one of his most notable achievements: cracking the “Enigma Code.”  

Alan Turing & The Enigma Code 

The Enigma was an enciphering machine used by the German armed forces to send secure messages during wartime. At the time, a team of Polish codebreakers cracked these codes, but once the Germans noticed this had happened, they improved their controls by changing the cipher system daily. Then Turing came along.

Alan Turing took some of the systems the Polish had developed and, with the help of the fellow code-breaker Gordon Welchman, he developed the “Bombe,” a machine that decoded messages sent from the Enigma, not only helping ease the work for code-breakers at that time but helping gain intelligence for war efforts.

His efforts also helped decrypt more complex information during the war. With the “Hut 8” team at Bletchley Park, they read German naval signs from submarines prowling in the Atlantic to hunt Allied ships that carried equipment and other vital things for the war efforts. In addition, the Hut 8 team was in charge of charting the movements of the German submarines, so the Allied forces could avoid them and successfully deliver their cargo.

His breakthroughs during World War II helped ease the path to more pacific times, and at the end of the war, his government recognized him as an Officer of the Most Excellent Order of the British Empire (OBE).

Life After World War II 

Once the war finished, Turing went back to study and work in computer science and designed the Automatic Computer Engine, which he believed would offer “unlimited scope for practical progress towards embodying intelligence in an artificial form.” He was then made Deputy Director of the Computing Laboratory at the University of Manchester and was the first to address Artificial Intelligence.

In 1952, the police investigated a burglary in his house when he admitted he had a sexual relationship with Arnold Murray. He was arrested for homosexuality, which was illegal in Britain at that time. He was later found guilty of “gross indecency” and decided to avoid prison by accepting chemical castration by taking high doses of estrogen to reduce sex drive. Two years later, he was found dead, in an apparent suicide from cyanide poisoning. His death was never examined, but something that remained true is that homosexuals could not complete security clearances, which meant that Alan Turing could not be involved in secret work during the Cold War. His conviction was overturned in 2013.  



Important Considerations from the 2021 Verizon Data Breach Report

Are you familiar with the Verizon Data Breach Investigations Report (DBIR)? If not, this is an annual analysis of the security incidents that occurred over the course of a year. It centers most of the work on data breaches. It was first published in 2008. Since then, they have increased the number of organizations’ data (public and private) they collect to provide a more robust report on breaches, threat actors, types of organizations targeted, and more.  

This year, the Data Breach Report was built out of 5,258 breaches from 88 countries around the world. The largest number they have ever reported, and it turned into a 119-page publication. Going through its pages, we found many interesting and important pieces of information that we think will help you, our readers, better understand what happened during the first year of the pandemic in the cybersecurity industry. 

We don’t expect you to read through all the pages. But, if you want to do it, please take your time so you can fully digest their findings. You can access the report using this link. In this blog post, we share a summary of what we consider major trends that can impact your actions and plans to prevent cybersecurity incidents in your organizations.  

Key Findings From the Verizon Data Breach Report 2021 

Just as the DBIR states, this “publication is not in the business of prediction… you don’t need a crystal ball, a neural network, or next-gen AI to tell you what the norm is,” but it can be beneficial when creating or updating your response strategy. For example, by understanding how a normal data breach happens, you can improve against it and the exceptions.  

1- Organized crime continues to dominate, year after year, the number one position when it comes to attackers. In fact, 80% of data breaches are attributed to them. However, we find it important to say that the study did find a decrease in internal actors being the cause of data breaches.  

2- The vast majority of data breach attacks are due to financial reasons. Espionage and other motivations are only responsible for less than 10% of the attacks. 

3- Even with the pandemic going on, the top action varieties in breaches remained the same from the past report. Phishing is still number one, but with the pandemic, we saw an increase from 25% to 36% of breaches attributed to it.  

4- Ransomware attacks are on the rise. The report concludes that it is the third cause of data breaches, and it doubled its frequency from last year. 

5- Human factor continues to be one of the biggest cybersecurity threats. 85% of data breaches involve a human element, and to make things even scarier for organizations, the report claims that employees are still making mistakes that cause security incidents and breaches.  

6- External cloud assets are more likely to be compromised by an attack than on-premises assets. 

7- Attackers are using older vulnerabilities to exploit and gain access to systems and networks. Making it clear that organizations need to improve their patching performance.  “To patch smarter, not harder, by using vulnerability prioritization not necessarily to improve security, but to improve organization’s productivity.” To put it in other words, you are taking steps further from downtime for every patch you apply.   

8- Hackers are looking to steal credentials, in fact, it is the most sought-after data type, and it is the fastest to get compromised.  

9- Privilege misuse and system intrusion are the types of breaches that take longer to be discovered by an organization.  

10- The average cost of a business email compromise attack is $19,296. At the same time, the median loss in a ransomware attack was $11,150. 

Industry-Specific Data 

This year the Data Breach Report included the analysis of 12 industries, demonstrating that each one of them suffered attacks and threats in different ways. This will vary according to their infrastructure, the data they collect, and their interactions with groups of interest (customers, employees, vendors, and others). Some of them are:

1- Financial and insurance organizations frequently face credential and ransomware attacks from external actors. 

2- Healthcare is still vulnerable to human factors as misdelivery is the most common error causing security problems. On a more positive note, since 2019, the industry has seen a shift from branches caused by internal actors to external actors that are looking to compromise both personal (66%) and medical (55%) data. 

3- Public administration has been the perfect target for social engineering attacks, as hackers have managed to craft credible phishing emails to gain access to credentials (80%) and personal information (18%). 

4- The retail industry faces financially motivated attacks of criminals trying to get credit cards and personal information. The most common social tactics in this sector are pretexting and phishing.

As we said before, these numbers give us a better understanding of what has been the most common behavior for cybercriminals and data breaches over the last year. It can help us prepare and plan our security measures, but we cannot consider them to predict the future of our organization. A word of advice would be to put in place security training for everyone in your staff, patch and solve past vulnerabilities, and establish an identity and access management to better control who has access to technology.