CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 724
- Points
- 113
Do you think most people are reliably protected from cyberattacks? According to Positive Technologies, their number is growing every year. Moreover, more than 70% of them have a specific goal. Despite the fact that incidents involving individuals account for about 12%, this does not mean that the issue of personal information security can be approached lightly. If someone steals your data, they will definitely find a way to monetize it.
Hacker's Choice 2021
Here's a striking detail - the two most popular vulnerabilities among cybercriminals in 2021. Remember WannaCry? Something old, from the pre-coronavirus era, right? In fact, this is quite a reality of the present. It is actively infecting machines right now, and in March 2021, the number of affected organizations increased forty times compared to October 2020. The second hotly exploited vulnerability of this year is in the legacy file-sharing program Accellion FTA. That is, a huge number of people violate the most important rule "Do not use outdated software" and get a huge number of problems because of this.
In addition, phishing emails have not disappeared from mailboxes - the most popular way among cybercriminals to "throw" malware into your system. They are used in 6 out of 10 successful attacks. This is another reason to carefully read the letters and immediately strain if something goes wrong. And ransomware (also hello from the past, right?) Is used in more than 60% of attacks.
And just in case. If you work in a public sector, industrial company, scientific or educational institution, you should be especially careful when communicating with someone on the Internet. According to statistics, most of the attacks are directed specifically at these institutions and their employees.
What about the brave corporate world?
We can agree with the fact that private individuals are generally bad with security, but what about the corporate sector? Okay, man, he may not understand the consequences, but in the case of organizations, reputation and money are at stake? It would seem that there is no better motivation for security. 1 Password surveyed 500 IT and DevOps companies and found that the situation is as follows - organizations know their problems, but only a few are close to solving them.
On average, four out of five companies are vulnerable to attacks because they "do poorly with security." 1Password cites the reason for this: modern technologies (clouds, microservices, etc.) can speed up development cycles, but ensuring security takes time (which it does not). It is also not uncommon for such egregious situations when API tokens, SSH keys and security certificates are in configuration files. This is how developers make life easier for themselves, and at the same time for attackers.
It should be admitted that, in general, companies are rather self-critical of themselves, about 80% of them admit that they cannot cope with ensuring the required level of security. Employees say that they do such work without any system and spend about 25 minutes a day on it. 60% of companies surveyed have experienced some form of data breach, and more than 80% of employees still have access to sensitive information from their former employer.
One in four organizations that took part in the survey have sensitive data like passwords stored in more than 10 different locations. And half of the respondents admitted that they do not even know the exact number of these places, there are so many of them.
And, the most important (and perhaps the most obvious) insight. Many employees admit that they do not have any information security strategy. The strategy here is to solve problems as they arise. The main consequence of this approach is that there are more and more problems, and their solution requires more and more resources. Many employees argue that dealing with corporate security is "the worst part of the workday."
“In the field of corporate security, the West is absolutely wild and it takes a change of mind to fix this situation,” writes 1Password in its report.
What do we have to do?
Also among the tips from the FBI (these guys probably know something about security) are the following:
The American intelligence services, for the benefit of all, even prepared full-fledged flyers on safe Internet use, just like a computer science teacher in your home school (only they look a little more interesting). Here are materials on backups, secure work with RDP, the need for updates, complex passwords, and two-factor authentication.
Thus, in order to find yourself in the wonderful world of the future, where everything is as reliable as possible, no one is hacked and data is not stolen, there is nothing left. Follow simple recommendations and do everything possible so that other people follow them. Doesn't sound like a daunting task.
Hacker's Choice 2021
Here's a striking detail - the two most popular vulnerabilities among cybercriminals in 2021. Remember WannaCry? Something old, from the pre-coronavirus era, right? In fact, this is quite a reality of the present. It is actively infecting machines right now, and in March 2021, the number of affected organizations increased forty times compared to October 2020. The second hotly exploited vulnerability of this year is in the legacy file-sharing program Accellion FTA. That is, a huge number of people violate the most important rule "Do not use outdated software" and get a huge number of problems because of this.
In addition, phishing emails have not disappeared from mailboxes - the most popular way among cybercriminals to "throw" malware into your system. They are used in 6 out of 10 successful attacks. This is another reason to carefully read the letters and immediately strain if something goes wrong. And ransomware (also hello from the past, right?) Is used in more than 60% of attacks.
And just in case. If you work in a public sector, industrial company, scientific or educational institution, you should be especially careful when communicating with someone on the Internet. According to statistics, most of the attacks are directed specifically at these institutions and their employees.
What about the brave corporate world?
We can agree with the fact that private individuals are generally bad with security, but what about the corporate sector? Okay, man, he may not understand the consequences, but in the case of organizations, reputation and money are at stake? It would seem that there is no better motivation for security. 1 Password surveyed 500 IT and DevOps companies and found that the situation is as follows - organizations know their problems, but only a few are close to solving them.
On average, four out of five companies are vulnerable to attacks because they "do poorly with security." 1Password cites the reason for this: modern technologies (clouds, microservices, etc.) can speed up development cycles, but ensuring security takes time (which it does not). It is also not uncommon for such egregious situations when API tokens, SSH keys and security certificates are in configuration files. This is how developers make life easier for themselves, and at the same time for attackers.
It should be admitted that, in general, companies are rather self-critical of themselves, about 80% of them admit that they cannot cope with ensuring the required level of security. Employees say that they do such work without any system and spend about 25 minutes a day on it. 60% of companies surveyed have experienced some form of data breach, and more than 80% of employees still have access to sensitive information from their former employer.
One in four organizations that took part in the survey have sensitive data like passwords stored in more than 10 different locations. And half of the respondents admitted that they do not even know the exact number of these places, there are so many of them.
And, the most important (and perhaps the most obvious) insight. Many employees admit that they do not have any information security strategy. The strategy here is to solve problems as they arise. The main consequence of this approach is that there are more and more problems, and their solution requires more and more resources. Many employees argue that dealing with corporate security is "the worst part of the workday."
“In the field of corporate security, the West is absolutely wild and it takes a change of mind to fix this situation,” writes 1Password in its report.
What do we have to do?
- Most recently, the FBI and the US Cybersecurity and Infrastructure Protection Agency have issued topical guidelines. 1Password has also prepared its own tips. The nature of these documents allows us to draw final and very sad conclusions about the general (very low) global level of information security. Here are a few of them: At the company level, there is a need for a common understanding of the importance of information security. An organization is only as reliable as its weakest link. Sufficient time should be allocated for training employees.
- The implementation of the information security policy must be formal and documented so that employees understand that the company is taking the matter seriously.
- The policies and technologies used must be constantly updated and revised in accordance with the changing nature of the threats.
Also among the tips from the FBI (these guys probably know something about security) are the following:
- make backups of your data;
- do not follow suspicious links;
- update your OS and your software on time;
- use strong passwords;
- enable two-factor authentication.
The American intelligence services, for the benefit of all, even prepared full-fledged flyers on safe Internet use, just like a computer science teacher in your home school (only they look a little more interesting). Here are materials on backups, secure work with RDP, the need for updates, complex passwords, and two-factor authentication.
Thus, in order to find yourself in the wonderful world of the future, where everything is as reliable as possible, no one is hacked and data is not stolen, there is nothing left. Follow simple recommendations and do everything possible so that other people follow them. Doesn't sound like a daunting task.
