Let’s talk

<ul>
<li>When this phrase is uttered in a meeting of a team of system operators, it is not necessarily a nice moment at a sporting event, but the adequacy of backing up IT systems. 31 March is World Data Backup Day, which aims to raise awareness among users and companies about the importance of data backup, as data has become one of the most important assets in our information society (data is the new oil) and IT services are the most important enabler of business operations, so they need to be protected. And one of the most important elements of protection is the proper backup of our data and systems.</li>
</ul>



Our IT environments, from home networked devices to robust enterprise systems, contain elements where data or settings (configuration) need to be backed up. This is necessary so that they can be restored in the event of any problems or problems, as the loss of our data can be a costly business risk, a drain on a user&#8217;s wallet, or even a source of emotional distress &#8211; no one wants to lose family photos, memories or work on a computer or other storage device. Data loss and loss of service can be caused by a number of unexpected events, where backups are the only solution. Most often, data loss is caused by hardware failure, computer viruses, intentional or accidental human intervention, and although there are many options and different ways to protect against it, the last and surest resort is always a properly performed data backup.



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="538" src="https://fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-21-1024x538.png" alt="" class="wp-image-933" srcset="https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-21-1024x538.png 1024w, https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-21-300x158.png 300w, https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-21-768x403.png 768w, https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-21.png 1200w" sizes="(max-width: 1024px) 100vw, 1024px" /></figure>



&#8220;Unfortunately, I haven&#8217;t backed up my phone in months. When I dropped it I realised that all my recent family photos were gone. Although an expert managed to make a copy, it would have been much cheaper if I had thought of it earlier and turned on the backup or taken care of it regularly.&#8221;



Of course, data backup, like the other elements of keeping us safe, is not a one-off, easy-to-do task, but a process with many elements, as our data, the IT services and solutions we use change, and we need to keep up with these changes.



WHAT IS NEEDED TO HAVE A PROPER BACKUP?



<ul>
<li>First and foremost, we need to know where our data is, how it is used and how much of a problem it is if it becomes inaccessible or is completely destroyed.</li>



<li>We need to assess the risk of a hardware failure, a ransomware attack or other catastrophic event such as a fire or other natural damage that affects our systems.</li>



<li>We also need to consider how often our data in a given location changes and determine the frequency of backups accordingly.</li>



<li>We need to decide what backup solution we will choose, what medium or storage will be the location for our backed up data. A company needs to know exactly what the acceptable recovery point objective (RPO) is for a given system, and how long it will take to recover data or services from an available backup (Recovery Time Objective &#8211; RTO)</li>
</ul>



&#8220;Despite spending money on a server with redundant batteries, a faulty power supply caused a failure that could only be resolved by replacing the storage system and recovering from the backup.&#8221;



KEY TASKS:



<ul>
<li>Determining the data to be backed up &#8211; this could be user data, images, documents, or even a database, a complete application or system with all its data.</li>



<li>Selecting the backup solution &#8211; could be a simple external storage, some kind of cloud service, or a complete backup system service</li>



<li>Perform backups on a regular basis &#8211; preferably automatically</li>
</ul>



It is important to check backups periodically, restore data from them, as it is very unpleasant to find out that you only thought you had a backup, but you cannot restore from existing backups. It is essential that backups are kept sufficiently separate so that if a damaging event occurs, the backup is not corrupted at the same time as your working system. It is advisable to design a backup process where there is the possibility of remote storage that is physically separated from the operation.



&#8220;Unfortunately, our backup system was constantly accessible on the company&#8217;s network, so the ransomware virus also locked up the data stored in it. Recovering from the archive caused us to lose over a month&#8217;s work, resulting in high costs in recovering from the incident and significantly damaging our company&#8217;s reputation.&#8221;



Of course, a business has different data backup expectations and capabilities than a user, but it is paramount for both to be regular and diligent about backing up their data. Today is a good example!

THAT WAS A NICE SAVE!

The hype around AI has been going on for months. I read somewhere that everyone has become an AI expert lately, and how true that is. It writes the tests for the students, the questions for the teacher, advises on court rulings, draws the Pope in puffy jackets, brings the end of the world, and cracks our passwords… And now I&#8217;m giving you another shot at a heart attack…


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="600" height="377" src="https://fortix.sybell.net/app/uploads/2023/12/960x0-600x377-1.jpg" alt="" class="wp-image-929" srcset="https://static.fortix.sybell.net/app/uploads/2023/12/960x0-600x377-1.jpg 600w, https://static.fortix.sybell.net/app/uploads/2023/12/960x0-600x377-1-300x189.jpg 300w" sizes="(max-width: 600px) 100vw, 600px" /></figure></div>


If we have access to such technology, where are the APTs (Advanced Persistent Threat, government-backed hacker groups), governments and the various specialised services? By the time we, as ordinary citizens, see the results of these developments, by the time the &#8216;tinfoil moon landing&#8217; is a tinfoil moon landing, will the intelligence services working under a few acronyms be dead? But don&#8217;t worry, it doesn&#8217;t stop our hearts.



Let&#8217;s also finally acknowledge that AI is not yet Him. Although the huge mass of information base and the proper programming of language procedures make the answers we get look like those of an entity with a consciousness and personality, it has neither consciousness nor self-image and its creativity is a statistical processing unit with a good random number generator.



A few days ago there was a round in the media about AI wanting to destroy humans (ChaosGPT), but if we set aside the clickbait title, the completely lay journalistic spin, we see something else. If you define the destruction of humanity as the goal as the input of a program and set the algorithm in that direction, then even a google search for the most powerful weapon of mass destruction (spoiler: Tsar bomb) is only a clever toddler&#8217;s level of a program called evil, if that is an incredible technological feat. In fact, if ChaosGPT were the unchallenged master of nuclear bombs after such an instruction, we&#8217;d be in trouble. But for now, let&#8217;s stick to the text game level.


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="600" height="334" src="https://fortix.sybell.net/app/uploads/2023/12/indianexpress-600x334-1.jpg" alt="" class="wp-image-930" style="width:600px;height:auto" srcset="https://static.fortix.sybell.net/app/uploads/2023/12/indianexpress-600x334-1.jpg 600w, https://static.fortix.sybell.net/app/uploads/2023/12/indianexpress-600x334-1-300x167.jpg 300w" sizes="(max-width: 600px) 100vw, 600px" /></figure></div>


Another cry from the internet ether was that AI can decode our passwords in seconds. However, the table uploaded alongside the article only reveals what was true years ago &#8211; that short, easy-to-guess passwords are not worth a damn, as a modern password cracking tool can decode complex passwords of less than 12 characters in minutes. Again, it is not clearly stated in the article that this does not require AI. So it is not because of that, but because of the general evolution of IT tools that multi-factor authentication, password passwords and caution are required when using passwords. The risk is, however, that an AI-enabled system, using existing tools, will be able to exploit vulnerabilities at what speed, since we can already optimize even our malware code with AI.



While we have the finite application of predicting depression based on text reading, AI will not necessarily talk to me on a medical level if I turn to it with a complex problem of my mind and emotions. It&#8217;s not the machine that makes me suicidal, it&#8217;s the inhuman and often emotionless society. And the developer should not be responsible. If I cut my wrists, the blade would not be to blame.



The whole point of this whole thing is that misinformation, sound bites and titles steal the show. Instead of thinking, looking for and learning the right ways to use AI, we just absorb the posts that appear in the columns of gossip magazines and on the sleazy social media.



I believe that it will be a question of responsibility or failure. If I know who is responsible for what activity, if I know that social norms are respected when using a tool, in this case AI, if I know the context in which it works, the possibilities &#8211; but that is true for the internet as well &#8211; then it will be like a bread knife… I could stab the neighbour with it, but I usually just eat a good slice of buttered bread.



<hr class="wp-block-separator has-alpha-channel-opacity"/>



Sources:



<a href="https://www.hwsw.hu/hirek/66012/homesecurity-mi-jelszo-feltores-passgan-jelentes.html">https://www.hwsw.hu/hirek/66012/homesecurity-mi-jelszo-feltores-passgan-jelentes.html</a>



<a href="https://hvg.hu/tudomany/20230414_chaosgpt_mesterseges_intelligencia_alapulo_chatbot_gonosz_tervei">https://hvg.hu/tudomany/20230414_chaosgpt_mesterseges_intelligencia_alapulo_chatbot_gonosz_tervei</a>



<a href="http://www.ma.hu/eletmod.hu/387648/Ongyilkos_lett_egy_apa_miutan_egy_AI_chatbot_rabeszelte" target="_blank" rel="noreferrer noopener">http://www.ma.hu/eletmod.hu/387648/Ongyilkos_lett_egy_apa_miutan_egy_AI_chatbot_rabeszelte</a>



<a href="https://telex.hu/zacc/2023/03/26/papa-kabat-slay-fake">https://telex.hu/zacc/2023/03/26/papa-kabat-slay-fake</a>

AI AGAIN, AGAIN AND AGAIN…

The short answer is yes, but it is still in its infancy and not all devices support it yet.



From 3 May 2023, you will be able to create passkeys for your personal Google Account. This is part of Google&#8217;s &#8220;Advenced Protection Program&#8221;. Google will not ask for a password or two-step authentication when you sign in. Such passkeys can be a more convenient and secure alternative to passwords. They work on all major platforms and browsers and allow users to log into their computer or mobile device using their fingerprint, facial recognition or PIN.



<figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="980" height="409" src="https://fortix.sybell.net/app/uploads/2023/12/Data_Privacy_Blog_Header_Opt_2_1_1-980x409-1.png" alt="" class="wp-image-926" srcset="https://static.fortix.sybell.net/app/uploads/2023/12/Data_Privacy_Blog_Header_Opt_2_1_1-980x409-1.png 980w, https://static.fortix.sybell.net/app/uploads/2023/12/Data_Privacy_Blog_Header_Opt_2_1_1-980x409-1-300x125.png 300w, https://static.fortix.sybell.net/app/uploads/2023/12/Data_Privacy_Blog_Header_Opt_2_1_1-980x409-1-768x321.png 768w" sizes="(max-width: 980px) 100vw, 980px" /></figure>



WHY IS IT MORE SECURE THAN A PASSWORD?



Passkeys, unlike passwords, are stored only on your own devices. This means that passkeys can protect against phishing attacks, password reuse or data leaks. This is stronger protection than most two-factor methods offer today, so you can skip two-factor authentication when using a passkey. Existing login methods, such as passwords, will still work if you need them, for example when using devices that do not yet support passkeys. Passkeys are still new, and it will take time before they will work on all devices. If you want to sign in on a new device for the first time, or temporarily use someone else&#8217;s device, you can use the passkey stored on your phone to do this. If you lose a device that has a passkey for your Google Account and you think someone else can unlock it, you can revoke the passkey immediately in your account settings.



BUT HOW DOES IT WORK?



The main component of a passkey is a cryptographic private key that is stored on your device. When you create one, the associated public key is uploaded to the Google system. When you sign in, Google will prompt your device to sign a unique call with the private key. The device will only do this if you approve it, it will then verify the signature with your public key. Your device also ensures that the signature is only shared across Google websites and apps. The signature proves to Google that the device is yours because you have the private key, that you were present when you unlocked it, and that you really want to sign in to Google. To do this, you only share the public key and the signature with Google. Neither of these contain any information about your biometric data. Since each passkey is only valid for a single account, there is no risk of reusing the same one for other services, so password reuse can be ruled out.



WHY CAN&#8217;T LOGIN INFORMATION BE OBTAINED REMOTELY?



When you want to log in for the first time on another device using the passkey stored in your phone, the first step is to scan the QR code displayed on the other device. The device then checks that your phone is nearby by sending a small, anonymous Bluetooth message, and then establishes an end-to-end encrypted connection over the internet with the phone. The phone uses this connection to send the requested one-time passkey signature, which requires your approval and a biometric or screen lock step on the phone. Neither the passkey itself nor the screen lock information is sent to the new device. Bluetooth proximity control ensures that remote attackers cannot obtain any information.



WHY TRUST IT?



Passkeys are based on the protocols and standards established by the FIDO Alliance and the W3C WebAuthn Working Group. This means that passkey support works on all platforms and browsers that accept these standards. These same standards and protocols provide the security keys that provide strong protection. Passkeys inherit many strong account protection measures from security keys, but are convenient for everyone.



It&#8217;s still a new process, and it has technical limitations because not all devices can detect so-called Bluetotth Low Enegry, but it&#8217;s exciting to see how Google is trying to replace it. 



Sources: 



<a href="https://landing.google.com/advancedprotection/">https://landing.google.com/advancedprotection/</a>



<a href="https://security.googleblog.com/2023/05/so-long-passwords-thanks-for-all-phish.html?m=1">https://security.googleblog.com/2023/05/so-long-passwords-thanks-for-all-phish.html?m=1</a>

PASSWORD-FREE LIFE? IS IT REASONABLE?

In the spring, I received a beautiful message on Messenger saying that a banker lady was very interested in meeting me. Not because of what you might first think, of course, but because my name is very similar to the name of an account holder in a bank branch in Turkey who has passed away and I really need someone to help me access her late account, who unfortunately has no heirs. That would be me. Of course I deleted the message on impulse, but I got it again, along with a gmail address.



&#8220;Dear, Adrian Szabo



I write to you with a language translator. I have been in search of someone with this last name, Szabó, so when I saw your profile on Facebook I decided to add you and write to you this message to see how best we can assist each other.&#8221; …



Okay, I thought, so I registered an email account with the expected name and replied, wondering what I could get out of such a conversation. Within moments I received a quite fair-looking reply that the banker lady would certify that I was the heir of the deceased and help me to arrange for proof of this. If this was done, the $9.5 million in the account could be released and we could split it. I don&#8217;t know how many heirless gold dealers Adrián Szabo has tens of millions of dollars in savings in Isbank, but not many, that&#8217;s for sure.



&#8220;One late Mr. Adrian Szabó, a citizen of your country who was in Gold business here in Instanbul, had a fixed deposit with my bank in 2007 for 108 calendar months, valued at US$9,500,000.00 (Nine Million Five Hundred United State Dollars) the due date for this deposit was last year. Adrian Szabó, was among the death victims in April 30 Covid19 2020 Pandemic in Ankara province in Turkey.&#8221;



I hesitated as Adrian whether it was free, legal or not.


<div class="wp-block-image">
<figure class="aligncenter is-resized"><img decoding="async" src="https://admin.fortix.hu/app/uploads/2023/06/0615_1.png" alt="" class="wp-image-15869" style="width:839px;height:auto"/></figure></div>


Just the basics to understand: Someone needs me, because of my supposed name, to access someone else&#8217;s money through a scam. How much nicer it is to be involved in a fraud than to have an African prince simply transfer a few million to me. Right?



Just like the Nigerian scam (or 419 scam), which is one of the oldest forms of internet fraud. The technique of the scam itself dates back to the age of the fax machine and even earlier, to the 19th century (Spanish Prisioner). The idea is that a person who appears to be rich &#8211; a ruler, a high-ranking official, a businessman &#8211; promises a large sum of money in exchange for a little help, for which all you have to do is provide details… Simple, isn&#8217;t it? Yet many people fall victim to such a simple scam.



My new friend and I agreed that, in the interests of trust, we would both send copies of our ID cards, although I was expected to provide a telephone number. I didn&#8217;t send a real ID picture either, just a photoshopped copy of the one I had received, in the form of a bank card and ID. The fraudster was so unpretentious that he could spot the fake by a simple glance. No phone numbers were exchanged, so we continued to correspond in increasingly urgent tones.


<div class="wp-block-image">
<figure class="aligncenter is-resized"><img decoding="async" src="https://admin.fortix.hu/app/uploads/2023/06/0615_2.png" alt="" class="wp-image-15870" style="width:374px;height:auto"/></figure></div>


In the meantime, I looked around and easily found the real person behind the name, who had actually worked for the bank years ago, so a simple internet search might have given the impression that the story could be true, although I would have had to be very wishful and inattentive. It is a pity that this person is now working for another organisation, albeit in a fairly senior position. Of course, I contacted the person concerned through his company, but all I could find out was that legal proceedings were under way in connection with the matter. I would have been very curious to know what counter-measures were taken when it was discovered that personal data had been used for this fraud. There are currently nearly 100 active profiles in his name on Facebook, uploaded with pictures of various media events, mainly from the second half of 2022, but also some from 2017.


<div class="wp-block-image">
<figure class="aligncenter is-resized"><img decoding="async" src="https://admin.fortix.hu/app/uploads/2023/06/0615_3.png" alt="" class="wp-image-15871" style="width:304px;height:auto"/></figure></div>


I corresponded with the scammers in the meantime, but we could not reach an agreement. Unfortunately, they did not want to send me direct contact information, and the e-mail is silent (which is still alive, but they no longer write to me). They must have got bored. It did get really boring that I didn&#8217;t send anything meaningful, they didn&#8217;t send anything. Maybe I managed to get them (or the MI they use, but that&#8217;s another story) busy for a few minutes



&#8220;My dear friend, I assure you that as soon as this transaction is done, the bank will transfer the money to any account in your country, so all you need to do now is to provide me with all the necessary details to my email address so that we can proceed with this transaction immediately.&#8221;



Just as a thought experiment, I ran a round of a few bank security departments, what if a corresponding controlled account was available for such a purpose. If I could show the fraudsters a few million dollar account with a verified phone number, they might be taken in by the lure of even greater risk than email on such a slip. I know, naive notion. Still, maybe with access to real account data, the fraudsters could be identified, not by a mealy-mouthed clumsy attempt like I make, but by real fraud detection. Unfortunately, given the risks and costs involved, this does not seem to be an achievable solution in general.



So this email is silent now, but the scammers are certainly not sleeping. That leaves the awareness raising. Articles like this one, blocking, conscious internet use and common sense will put an end to this sort of thing one day, but not any time soon. The last estimate of damage I found with the &#8220;Nigerian Prince type&#8221; scams is also in the millions of dollars a year…and the scammers are getting more adept.



In any case, if someone were to write to you, promising you big bucks… think instead of the motto: If something is too good to be true, it usually isn&#8217;t true.

THE NIGERIAN SCAM IS ALIVE AND WELL

WE ARE PROUD OF OUR NEWLY OBTAINED ISO 27001 CERTIFICATION, WHICH IS A GUARANTEE OF OUR COMMITMENT



For FORTIX, obtaining ISO 27001 certification is not only a certification, but also a guarantee of safety and reliability. The ISO 27001 international standard ensures that the services provided by our company meet the highest security requirements, guaranteeing the security of our customers&#8217; data and the protection of their information.



By obtaining the standard governing the Information Security Management System (ISMS), FORTIX further strengthens its market position and proves its ability to meet both the most modern and the highest requirements. The certification also demonstrates the efficiency of our company&#8217;s internal processes and the responsible way in which we operate.



<figure class="wp-block-image size-large is-resized"><img loading="lazy" decoding="async" width="724" height="1024" src="https://fortix.sybell.net/app/uploads/2023/12/ISO27001-724x1024.png" alt="" class="wp-image-894" style="width:535px;height:auto" srcset="https://static.fortix.sybell.net/app/uploads/2023/12/ISO27001-724x1024.png 724w, https://static.fortix.sybell.net/app/uploads/2023/12/ISO27001-212x300.png 212w, https://static.fortix.sybell.net/app/uploads/2023/12/ISO27001-768x1086.png 768w, https://static.fortix.sybell.net/app/uploads/2023/12/ISO27001-1086x1536.png 1086w, https://static.fortix.sybell.net/app/uploads/2023/12/ISO27001.png 1414w" sizes="(max-width: 724px) 100vw, 724px" /></figure>

ISO 27001 CERTIFICATE

WE ARE PROUD TO ANNOUNCE THAT WE ARE A FAMILY-FRIENDLY COMPANY IN 2023!



We are delighted that the FORTIX team has been certified as a Family Friendly Company in 2023 and we have been included in the TOP 3 small businesses in this category. This recognition not only from our employees, but also from the industry, proves that we are making a real positive impact with our family-friendly initiatives.



This year&#8217;s Family Friendly Business 2023 competition focused on community development, mental health and combating loneliness. FORTIX is proud to be a leader in these areas, supporting our employees and their families towards a more balanced life.



We thank all our colleagues, without whose dedication and commitment this recognition would not have been possible. Together we remain committed to further strengthening the family-friendly culture in our workplace.


<div class="wp-block-image">
<figure class="aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="538" src="https://fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-48-1024x538.png" alt="" class="wp-image-887" srcset="https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-48-1024x538.png 1024w, https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-48-300x158.png 300w, https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-48-768x403.png 768w, https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-48.png 1200w" sizes="(max-width: 1024px) 100vw, 1024px" /></figure></div>

FAMILY-FRIENDLY COMPANY CERTIFICATION

FORTIX AND CYBERCAMP ALSO WON THE HUNGARIAN BRANDS AWARD







Both FORTIX and CyberCamp won the &#8216;Hungarian Brands&#8217; 2023 award in the &#8216;Innovative Brand&#8217; category. The recognition not only honours our achievements, but also acknowledges our commitment and expertise in information security and cybersecurity.



The &#8216;Hungarian Brands&#8217; Award is one of the most prestigious domestic brand awards, which evaluates and recognises domestic brands. The criteria for recognition include a brand&#8217;s reputation, domestic branding practices, innovative solutions and social utility. The &#8216;Innovative Brand&#8217; category particularly emphasises achievements in innovation and innovation.



This award recognises not only our commitment and perseverance, but also the outstanding work of our entire team. FORTIX has always strived to provide high quality information security, data protection and business continuity services, while CyberCamp aims to train and prepare the next generation of cybersecurity experts.



This recognition encourages us to continue to deliver high quality work and further improve our services for the benefit of our clients and the cybersecurity community.



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="538" src="https://fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-50-1024x538.png" alt="" class="wp-image-884" srcset="https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-50-1024x538.png 1024w, https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-50-300x158.png 300w, https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-50-768x403.png 768w, https://static.fortix.sybell.net/app/uploads/2023/12/posztok-masolata-1200-×-630-keppont-50.png 1200w" sizes="(max-width: 1024px) 100vw, 1024px" /></figure>

Hungarian Brands Award

Not enough for us at the Christmas market, is the Advent everyone is always open weekends? No. Crowds everywhere, online marketplaces flashing the counter: only here and only now! 70% or even we&#8217;ll pay you if you buy! Buy! Buy more! In fact, it&#8217;s not even Friday anymore, it&#8217;s the season.



The marketer wakes up in the morning, the sun is shining, it&#8217;s still 30 degrees and maybe a sunstroke will give him the idea: let&#8217;s have Black Friday 1-2-3 weeks earlier, and you can see from the moon how the sales will increase due to the sales. The warehouse, logistics and all the courier services will be sweating blood. They are left with the black really black. And shoppers won&#8217;t even want to remember the origin of the name, the broken windows, the injured, the chaos, where even crying children are clinging on the backs of the action-hunting shopper for discounts. Long gone, USA &#8217;50s.



So we start the Advent season, and then the mad consumerist frenzy lasts until Christmas. Last year saw a record number of purchases registered during this period, and it looks like this year will be no different. Christmas is a celebration of love and the month before is a celebration of the love of shopping.



Of course, it&#8217;s not just on the shelves of shops, there will be increased traffic on the servers of online shops. Cybercriminals will also come with their best offers. Discounted viruses, free botnets, discounted keys to ransomware, cheaper SPAM. The conscious shopper will try to avoid these, but there are bound to be some nasty surprises among the masses of sensational offers. One of the worst parts of this is that, like mum and dad, young people and children see this as an endless opportunity to save money, which can also be used as a feeding frenzy. They too will be hurt by the empty box of a smart phone bought at a non-existent 90% discount, the pocket money that has been transferred to infinity as the price of a superhero doll and ended up in the offshore account of a cybercriminal group. Older people also gamble riskily, sometimes blindly, with their pensions on offers that are already on waste products, but now instead of ten thousand, you can buy a degenerating smart blade, a pair of reading glasses that go dark, for half price, for fifteen thousand, only here, only now. You like it here, please sign here, no robot, right? Here you can enter your credit card details, and now the code you see after the beep on your phone… Thank you.


<div class="wp-block-image">
<figure class="aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="574" src="https://fortix.sybell.net/app/uploads/2023/12/lakatosdaniel88_Black_Friday_online_scam_scene_depicting_a_chao_6d1c168e-0bb2-49d0-8e04-7fedabfb342d-1024x574.png" alt="" class="wp-image-880" srcset="https://static.fortix.sybell.net/app/uploads/2023/12/lakatosdaniel88_Black_Friday_online_scam_scene_depicting_a_chao_6d1c168e-0bb2-49d0-8e04-7fedabfb342d-1024x574.png 1024w, https://static.fortix.sybell.net/app/uploads/2023/12/lakatosdaniel88_Black_Friday_online_scam_scene_depicting_a_chao_6d1c168e-0bb2-49d0-8e04-7fedabfb342d-300x168.png 300w, https://static.fortix.sybell.net/app/uploads/2023/12/lakatosdaniel88_Black_Friday_online_scam_scene_depicting_a_chao_6d1c168e-0bb2-49d0-8e04-7fedabfb342d-768x430.png 768w, https://static.fortix.sybell.net/app/uploads/2023/12/lakatosdaniel88_Black_Friday_online_scam_scene_depicting_a_chao_6d1c168e-0bb2-49d0-8e04-7fedabfb342d.png 1456w" sizes="(max-width: 1024px) 100vw, 1024px" /></figure></div>


Let&#8217;s talk to the family about the impact of advertising, unnecessary shopping, the cyber-fraud businesses that are springing up and generating serious revenue, the use of our data &#8211; our payment data &#8211; and the need to be careful and savvy when using the internet. It&#8217;s good for everyone to know that the marketing approach is the same as the scammers&#8217;: &#8216;Only here, only now! Right now, without thinking!&#8221; It&#8217;s not easy to spot a scam. One involves a product, the other involves only the sad experience of the victim.



Of course, don&#8217;t miss the good offers. Many people can shop smart at lower prices at this time, but



<ul>
<li>pay attention to the details of the offers</li>



<li>avoid unknown online marketplaces and websites</li>



<li>for larger amounts, ask someone to look at the offer</li>



<li>use a credit card or payment method designed for online purchases, with limits</li>



<li>prefer virtual cards that are easily interchangeable</li>



<li>shop together, even with family members</li>
</ul>



They may seem small, but they can save us from fraudsters &#8211; and not just online.



In the long run, I think we&#8217;re better off if we cut back a bit on the convenience of shopping, the thrill of getting the star deal, and focus on conscious, sensible internet use. Instead of celebrating consumerism, let us concentrate on security, and instead of acquiring gadgets that are often unnecessary, let us prepare to create a truly cosy atmosphere for the holidays.

Black Friday

In a world of rapidly developing cloud security technologies and increasingly sophisticated cyber threats, it is essential for security experts to keep up to date with the latest cloud security solutions and trends.



New innovations in cloud security, such as SASE, CASB, ZTNA, CNAPP, and others, not only require learning new tools and technologies, but also require a whole new mindset and approach.



We&#8217;ve created a starter pack for those who want to navigate the constantly developing jungle of cloud security solutions.



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="591" src="https://admin.fortix.hu/app/uploads/2024/02/Kepernyokep-2023-11-28-130101-1024x591.png" alt="" class="wp-image-1429" srcset="https://static.fortix.sybell.net/app/uploads/2024/02/Kepernyokep-2023-11-28-130101-1024x591.png 1024w, https://static.fortix.sybell.net/app/uploads/2024/02/Kepernyokep-2023-11-28-130101-300x173.png 300w, https://static.fortix.sybell.net/app/uploads/2024/02/Kepernyokep-2023-11-28-130101-768x444.png 768w, https://static.fortix.sybell.net/app/uploads/2024/02/Kepernyokep-2023-11-28-130101.png 1032w" sizes="(max-width: 1024px) 100vw, 1024px" /></figure>

CLOUD SECURITY TOOLING STARTER PACK

<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="574" src="https://admin.fortix.hu/app/uploads/2024/02/lakatosdaniel88_Online_scam_involving_a_credit_card_a_hackers_d_2dd1842b-773c-4541-a8e3-c5818ee12d1d-1024x574.png" alt="" class="wp-image-1327" style="width:500px" srcset="https://static.fortix.sybell.net/app/uploads/2024/02/lakatosdaniel88_Online_scam_involving_a_credit_card_a_hackers_d_2dd1842b-773c-4541-a8e3-c5818ee12d1d-1024x574.png 1024w, https://static.fortix.sybell.net/app/uploads/2024/02/lakatosdaniel88_Online_scam_involving_a_credit_card_a_hackers_d_2dd1842b-773c-4541-a8e3-c5818ee12d1d-300x168.png 300w, https://static.fortix.sybell.net/app/uploads/2024/02/lakatosdaniel88_Online_scam_involving_a_credit_card_a_hackers_d_2dd1842b-773c-4541-a8e3-c5818ee12d1d-768x430.png 768w, https://static.fortix.sybell.net/app/uploads/2024/02/lakatosdaniel88_Online_scam_involving_a_credit_card_a_hackers_d_2dd1842b-773c-4541-a8e3-c5818ee12d1d.png 1456w" sizes="(max-width: 1024px) 100vw, 1024px" /></figure></div>


Generative artificial intelligence allows anyone to launch sophisticated phishing attacks that only next-generation MFA tools can stop.



The least surprising development for 2023 is that ransomware has once again broken records for the number of incidents and the damage caused. Each week saw new headlines featuring a who&#8217;s who of big-name organisations. If MGM, Johnson Controls, Chlorox, Hanes Brands, Caesars Palace and many others can&#8217;t stop the attacks, how can a smaller organization?



<h2 class="wp-block-heading">Ransomware and phishing, hand in hand</h2>



Ransomware attacks, the cyber threat that comes from phishing, are bigger and more dangerous than anything else. CISA and Cisco report that 90 per cent of data breaches are the result of a phishing attack, with total monetary losses exceeding $10 billion. The Splunk report found that 96 percent of companies have been victims of at least one phishing attack in the past 12 months, and 83 percent have suffered two or more.



Anyone who works in the cybersecurity segment has seen incredible advances in protection over the past 20 years. The only thing that hasn&#8217;t improved is the people. Users in every organization are not much more advanced at stopping cyber attacks than they were two decades ago. That&#8217;s why phishing is so effective for cybercriminals &#8211; because it exploits human weaknesses, not technology. That leaves traditional MFA as the most critical defense mechanism, and guess what, most companies are using legacy MFA technology that is also 20 years old.



Here&#8217;s why things are about to get much worse. With the rise of Generative Artificial Intelligence (GenAI), cybercriminals are able to take phishing to a whole new level, where it can become almost impossible for users to be identified in any attack, and attackers will now be able to do so with little effort.



<h2 class="wp-block-heading">What has GenAI to do with phishing?</h2>



Generative artificial intelligence allows anyone to launch sophisticated phishing attacks that only next-generation MFA tools can stop.



The least surprising development for 2023 is that ransomware has once again broken records for the number of incidents and the damage caused. Each week saw new headlines featuring a who&#8217;s who of big-name organisations. If MGM, Johnson Controls, Chlorox, Hanes Brands, Caesars Palace and many others can&#8217;t stop the attacks, how can a smaller organization?



Ransomware and phishing, hand in hand



Ransomware attacks, the cyber threat that comes from phishing, are bigger and more dangerous than anything else. CISA and Cisco report that 90 per cent of data breaches are the result of a phishing attack, with total monetary losses exceeding $10 billion. The Splunk report found that 96 percent of companies have been victims of at least one phishing attack in the past 12 months, and 83 percent have suffered two or more.



Anyone who works in the cybersecurity segment has seen incredible advances in protection over the past 20 years. The only thing that hasn&#8217;t improved is the people. Users in every organization are not much more advanced at stopping cyber attacks than they were two decades ago. That&#8217;s why phishing is so effective for cybercriminals &#8211; because it exploits human weaknesses, not technology. That leaves traditional MFA as the most critical defense mechanism, and guess what, most companies are using legacy MFA technology that is also 20 years old.



Here&#8217;s why things are about to get much worse. With the rise of Generative Artificial Intelligence (GenAI), cybercriminals are able to take phishing to a whole new level, where it can become almost impossible for users to be identified in any attack, and attackers will now be able to do so with little effort.


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="579" height="302" src="https://admin.fortix.hu/app/uploads/2024/02/adathalaszat2.png" alt="" class="wp-image-1328" style="width:500px" srcset="https://static.fortix.sybell.net/app/uploads/2024/02/adathalaszat2.png 579w, https://static.fortix.sybell.net/app/uploads/2024/02/adathalaszat2-300x156.png 300w" sizes="(max-width: 579px) 100vw, 579px" /></figure></div>


<h2 class="wp-block-heading">Next-Gen MFA: Disrupting the phishing attack surface</h2>



Next-generation MFA replaces traditional credentials, password-based authentication and the inconvenient and vulnerable old MFA solutions. The next-generation MFA paradigm relies on a physical, wearable, FIDO2-compliant device that eliminates the human element in phishing &#8211; making it virtually phishing-proof. These cutting-edge biometric wearable devices also protect organizations against BYOD vulnerabilities, lost and stolen credentials, weak passwords, credential stuffing, MFA fatigue and easily stolen SMS one-time passwords. Unlike traditional MFA, attackers simply cannot bypass next-generation MFA through malware, MFA fatigue, adversary-in-the-middle (AiTM) attacks and other methods. Because the authenticator always stays with the user, wearable next-gen MFA tokens are always secure and immediately available for authentication. The device can only be used by the authorised user and no attacker can access the secrets, keys and biometric data stored on it.



GenAI is driving an impending tsunami of phishing attacks that will effectively nullify traditional phishing defenses and render traditional MFA obsolete. Wearable, next-generation MFA devices, such as the Token Ring, will stop the most sophisticated phishing attacks and can be a good defense against the coming phishing armageddon.



Depending on user awareness, people may be able to detect, act, report and stop these attacks. However, this requires the right knowledge and awareness.



<hr class="wp-block-separator has-alpha-channel-opacity"/>



Source: <a href="https://thehackernews.com/2024/01/there-is-ransomware-armageddon-coming.html">There is a Ransomware Armageddon Coming for Us All (thehackernews.com)</a>

Phishing and Ransomware Armageddon!

DORA, the Digital Operational Resilience Act, is a new EU cybersecurity regulation that aims to provide common rules for financial institutions on the use of information and communication technologies (ICT).



The legislation takes important steps to protect the financial system and customers from risks arising from digital incidents. 



By advising and preparing institutions for DORA, we help them to comply with the new EU regulations and effectively manage cybersecurity risks.

DORA compliance readiness service

Consultancy