Ensuring the operation of a computer network
We will take care of the users and hardware of your computer network under pre-agreed conditions
Helpdesk and support
Consultation for development of IT infrastructure
Consulting services related to strategic planning and development plans in the field of information and communication infrastructure
Service and prophylaxis
We also perform routine repairs of corporate hardware directly related to the operation of the company's ICT infrastructure
Instalation of hardware and software
Servers and active items of PC networks
We supply more complex computer systems, especially physical servers and active elements of computer networks and selected application solutions
Consuling support to comercial IT departments
We provide consulting support to IT staff in solving problems associated with the operation of corporate computer networks and IT infrastructure
We increase computer literacy and qualification of employees of private companies and organizations
The computer security company
We are a company providing consulting, implementation, service, sales and technical support of ICT infrastructure in companies and organizations. "Diestra" - in Spanish right hand. Diestra comprende, or if you will, Diestra understands and gives its customers the right hand in solving computer problems and the functioning of corporate networks. Shake your right with IT specialists and salespeople from a stable company operating in their field since 2007. Our goal is to ensure the proper and secure operation of your corporate IT. You will have both hands free to develop and manage your company.
Whalers or Spearphising or an upgraded version of ordinary Phising
(Spear phishing - harpoon hunting)
Sophisticated attacks on computers, company data, but also the health of employees, especially from the company's ICT department. How not to shake your head over spilled milk.
According to our ethical penetration experiments in companies of various sizes and orientations, phishing methods can be used effectively, on the scale of attack effectiveness with a scale from 1-10 (10 most risky), in terms of risk of a successful proven attack and obtaining information, say 7. A fairly decent awareness of this problem for the general lay IT public, as well as ordinary corporate users in the most remote offices, which will easily announce this method and the number 5. At the same time we actually express that the success of the attack "old-fashioned" is currently about fifty to fifty . But be careful. If you use "deception" of access data through attachments or hyperlink aspects in fake emails, the attacker tunes the responsible preparation for knowledge of the environment and internal processes of the target of the future attack, we are suddenly at 8,9,10… or more. It is already a Spearphising attack (or Spear Phishing - hunting on the edge of a spear or simply a harpoon)
In the case of Spearphising, it is a combination of classical phishing and old well-known social engineering, as its world was introduced (and realized) in the distant past and was described in a few years by Kevin Mitnick in his book The Art of Deception. He realized himself very sophisticatedly with telephone companies and later with banking houses, and with the help of his discovered and undisguised talents he discovered how easy it is to obtain information from unsuspecting employees of these companies. Then they couldn't do almost unbelievable things with them, incomprehensibly simply. But back to Spear Phising. It is with email in the perfect Czech language, with a small, easily overlooked "modification" of the sender's domain in a single letter (for example, instead of l), with email preferably with the signature of one of the influential bosses, it is becoming relatively more interesting. If the attacker decorates this email optimally with the boss's iconic photo in the signature of "his" email, then the chances of success for the enemy increase again. In addition, if the text in the e-mail is sufficiently urgent and requires the reaction of the user "ASAP", which term this boss very often, as an experienced megamanager uses J even more experienced, is only a small step to a major fire problem. The user clicks on the attachment, confirms that he really wants to open it and he must not avoid the inconvenience associated with disobeying the order in due time :-) And that's it.
All it takes is the user, his boss and the boss of his boss together with the management or directly with the business owner… and especially in the past before the heart attack of the company's IT department already shakes his head in disbelief, usually late. The heads are even more concerned about whether to pay the ransom or try to recover from the deposit. Whether to start a contract with an attacker for the best price for the decryption key, or spend, at best, weeks, or worse, unnecessarily, trying to collect (understand find where to take) data after all possible and impossible backups and step by step to resume operation companies with "thank God" perhaps most of the original data and databases.
What with this? How to reduce the risk of a successful attack in our company? How to reduce to a minimum the possibility that this problem will concern us? It simply doesn't work. Unfortunately.
Still, let's not lose hope. There are definitely methods, ways, technologies from which a very effective defense strategy can be mixed. It is clear that it is mainly, but not only, software and hardware technologies, their regular and consistent management, monitoring, ongoing evaluation of security incidents, but also, not least, user education, their motivation to behave on the Internet and regular security education.
All these segments of the company's developing security strategy, which are appropriately selected and "tailor-made", cannot do wonders. Thanks to this, neither the user, nor his boss and the boss of his boss, nor the owner of the company, and especially the well-functioning fire brigade IT separate, just nowhere else has to shake his head in disbelief.