Antiquated digital centralized security access is no longer fit for purpose, leading to a spiraling underground market of stealing, buying and selling legitimate credentials which are then used to launch ransomware and supply chain attacks. MyCena has now developed a unique decentralized access solution, segmenting the risks, stopping the stealing of credentials and preventing devastating ransomware attacks.
The exponential rise of ransomware attacks
Access security has long been the weakest link in the digital revolution. To get around the problem of remembering many passwords, companies have used centralised access solutions like IAM, PAM, SSO and password managers. To login to any system, users log in just once, which opens all their systems at the same time.
However, this model goes against the most fundamental principle of any security plan, which is to not put all your eggs in the same basket, so they don’t all get crushed at the same time. In a centralized model, from one single access point, criminals can impersonate employees, penetrate a network, move laterally, escalate privilege, take over an admin account and the entire company network, encrypt files and demand a ransom. Centralized auto-fill systems help to scale ransomware and third-party supply-chain attacks. Within days of a breach, one hacked company can infect thousands of other third parties in a software supply chain ransomware attack like the one we saw at Kaseya.
The return on investment of such operations has been growing so fast it fostered the rapid growth of a Ransomware-as-a-Service ecosystem of global suppliers, partners, resellers and affiliates. This allows smaller operators to hire sophisticated weapons developed by nation-state actors to launch widespread random cyberattacks for profit.
On the other hand, no matter how advanced your 2FA, anti-virus, detection or remediation solutions are, they can only play catch up to cybercriminals’ innovations. By the time an update goes live, new variants are already in circulation, running unnoticed.
The gap in this ongoing technology race is further widened by the lack of security visibility at the single access point. Companies have no idea if the single password used by their employees to access their systems is weak, reused, shared, or stolen. If the identity of a real employee has been stolen and used to connect to the network, companies will only find out when an actual incident has broken out, and investigations are made back to the original breach point.
How MyCena solves the problem
Going back to the fundamental principle of security of not putting all your eggs in the same basket, MyCena has taken the opposite approach to centralized access.
MyCena is a European company founded in 2016, specialising in credentials security. MyCena has developed a complete system of security, control and management for decentralised credentials. More than a state-of-the-art technology, MyCena’s patented system incorporates a comprehensive cyberresilience strategy, automating system segmentation, creating unique and strong passwords per system per user, distributing encrypted credentials to the right users in real time, providing credentials decentralization and protection, auto-filling encrypted passwords into specific systems, recording credentials events, and removing the human risks of error, fraud and phishing by eliminating the need for people to create, memorize, type or see passwords.
No centralized access = no ransomware
With MyCena, there are no centralized credentials, meaning no centralized access point for hackers to target. Every system has a strong unique password. To access that system, you need that password.
Only the user can pull and access their own encrypted passwords in their local device using a combination of token, security questions, PIN, lock pattern and passphrase. Credentials are stored in three different levels of security, Bronze, Silver and Gold, depending on their level of importance. Users do not need to open Silver or Gold level if they only need a Bronze level password. Once a user accesses a specific credential, the user can auto-fill the right address using encrypted password transportation. Only one credential is accessed and filled at a time, keeping the other credentials untouched.
“The explosion of ransomware didn’t happen in a vacuum. Centralized access created the perfect environment for rapid network contamination and ransomware attacks. To reverse the situation, we need to go back to what we know in the physical world: one door, one key. Now if a credential is stolen in a third-party breach, MyCena prevents all others credentials from being exposed.” Julia O’Toole, founder and CEO of MyCena Security Solutions, explains.
By taking back control and automating access security, companies eliminate their exposure to weak and reused employees’ passwords, while removing the human risks of password sharing and phishing with bad actors.
With no passwords to remember, companies achieve substantial cost savings associated with resetting passwords, while boosting employee productivity.
For incident tracing purposes, companies also have real time company-wide records of who has accessed which credential when, facilitating audits and investigations.
The main benefits of MyCena are
• Best access control and management system to protect the whole company from cyberattacks and ransomware.
• Better cyber-resilience: three levels of security for different credentials, no phishing, no fraud, no SPOF (single point of failure), no mass infection, no ransomware.
• Better productivity: save IT support costs + reduce absenteeism (no password to know).
• Protect value of trade secrets, proprietary and personal data
• Prevent ransomware payments and reduce costs of cyber-insurance policy
• Compliance with law to avoid GDPR, LGPD fines.
• No infrastructure change, fast implementation, ready-to-use.
Why MyCena marks a turning point in the fight against cyberattacks
Before MyCena, businesses and governments believed it was impossible to stop phishing, ransomware and supply-chain attacks. Unable to ever close the technology gap as cybercriminals always stay ahead with innovation, cybersecurity was expensive yet couldn’t prevent a single breach from spreading like wildfire. MyCena puts an end to this sustained widespread risk. Using a decentralized architecture to automatically contain any emerging fire, companies and governments no longer have to accept phishing, ransomware and supply-chain attacks as a fact of life. Finally, people can trust the cyber-resilience of their digital infrastructure.