Security Defender Insights: “bad actors are using intelligence and automatic tools, we need to surpass those abilities”

In this new series, Security Defender Insights, Detectify is recognizing Security Defenders in our network to bring you actionable insights and inspiration for your security strategies in 2021. 

We want to encourage open discussions about web security and show appreciation for hard-working security practitioners. So let’s get started with this interview with Roberto Arias Alegria, Information Security Architect at Quandoo.

How has COVID-19 impacted your org’s security awareness or practices in the last year?

Although we were already a fully cloud-based company and remote work was relatively common, we decided to double-down on security awareness training for everyone, emphasizing early detection. As anyone could be working from any network in a remote set-up, the “perimeter” is removed. This prompted us to rethink our own VPN and how people use it.

Have you seen any increased attempts of any web attacks or vulnerabilities? 

There’s an increase in phishing and what appears to be spear-phishing attempts towards the organization. I guess that’s because cybercriminals already know that most German companies were working from home, and they expect the “CEO fraud” tactic to be more successful. Fortunately, our employees are vigilant of this and report such events to us quickly.

What measures have you taken to strengthen your Infosecurity practices in 2020? 

The baseline measures never get old! Security professionals with technical backgrounds (like myself) sometimes forget about this. 

One of the big wins was enforcing 2FA across the organization. It proved to be useful for improving security during the lockdown.

Which Detectify features do you find most valuable for your information security?

The pre-classification of vulnerabilities is very useful as they’re put in context. It’s impossible to simultaneously remove all kinds of vulnerabilities, so prioritization has to occur; this is a known fact. The ranking of vulnerabilities that Detectify provides is quite useful for this purpose, and it’s a time-saver! 

What will be your main security focus in 2021?

Early detection. More proactive and intelligent security is a must now. As the bad actors are raising the bar on using intelligence and automatic tools, we need to match (or surpass!) those abilities. We can do this by using the best in breed next-generation SIEM tools that can do early detection of unknown attacks simpler and at a scale.

We want to thank Roberto for sharing his Security Defender Insights for a more secure 2021. If you’re interested in connecting with Roberto, you can find him on Linkedin.

Information security is a growing concern for 2021. Make your security strategy for 2021 more robust and scalable to keep up with your development pace. Let Detectify scan you web apps for vulnerabilities, so you can focus on building the next great thing! Discover how Detectify brings clarity and scale to your application security with a free 2-week trial today. Go hack yourself.

Jocelyn Chan is the Content Manager at Detectify. She is a self-proclaimed hype-girl for automated web security powered by white hat hackers and believes that the future is in the crowd. She also would like to connect more women in tech and security together which is why she is co-leading the Women in Security – Stockholm Chapter. And yes she has seen Hackers, and believes that it's so good because it's so bad.