Why defend yourself? Cybersecurity trends
The amount of data is growing like an avalanche: from 2010 to 2020 alone, the volume of stored information increased 50 times. There are millions of Google and Amazon servers. As Alibaba founder Jack Ma put it, "data is the new oil." The value of information has become comparable to the value of raw materials. Information becomes especially important in the context of its processing using machine learning and other modern technologies. The more valuable information is for a business, the greater the need to protect your custom development.
Cybersecurity belongs to one of the branches of information security and covers the protection of data in the networks of companies and organizations, as well as the protection of private information of individuals.
The role of cybersecurity in the world
Data leaks in companies cause both direct financial losses and delayed reputational damage. Attacks on valuable information are external and internal:
- in case of an external attack, the attacker invades the protected information perimeter;
- with an internal attack, data leakage occurs due to the company's employees.
Here are the consequences of several recent data breaches:
- In 2014, Eileen Daly caused $ 250 million in damages to PNC Bank. Elin captured her work computer screen on her mobile phone and relayed the information to competitors at Morgan Stanley.
- Due to the personal data leakage of 57 million Uber customers and drivers, the aggregator had to pay $ 148 million.
- A Texas court charged $ 740 million from insurance company Amrock for stealing trade secrets in favor of rival HouseCanary.
- The loss of valuable data to the American aggregator of credit reports Equifax cost $ 700 million.
Several times a year, "mega-leaks" occur, when confidential data of tens and hundreds of millions of users gets into the public domain. The largest information leak occurred in 2019, when the logins and passwords of 773 million e-mails were published in the public domain. Earlier in 2018, more than 500 million customers of the Marriott hotel chain, 440 million users of Veeam software, and 300 million customers of the logistics company SF Express were compromised.
The CIA, the FBI, the US Department of Defense, the UK, Japan, the European Parliament, the International Olympic Committee, the People's Bank of China, BitTorrent, GitHub, Skype, Tinder, WhatsApp and YouTube have faced data breaches.
Data is leaked not only through the network. Often, hackers and insiders gain valuable data through removable media, voice messages, SMS, audio and video communication channels, through paper documents, and even by examining the contents of trash cans. Theft or loss of laptops and other gadgets remains a common problem.
Information as a commodity
The Darknet sells and buys databases that store personal and confidential information. Among the goods on this illegal market are the logins and passwords of administrators of various resources, as well as the data required to access financial and banking information. The most expensive accounts are the accounts required to access sites, domains, and other network resources. Often, such data is sold at auctions at prices ranging from $ 125,000 to $ 500,000 per account.
Data from users of antivirus programs, logins and passwords to file-sharing networks cost $ 1-2 per valid pair - they are sold in tens of thousands. At a piece-rate price, in the tens or hundreds of dollars, data is used to access social networks. Then such data is used for various scams related to obtaining loans, issuing installments, registering dubious companies.
It is important that the value of information is changing rapidly. If the first buyer receives a database of bank users at a price of several thousand rubles per record, then after several resales the price of the record falls below one ruble. Often, users themselves help fraudsters by providing them with their confidential information when filling out a “raffle questionnaire”. It also happens that the information provided for obtaining a tourist visa or payment by installments "leaks" from the company, which is obliged to store such data.
A study by analyst firm Digital Shadows found that the number of compromised credentials quadrupled in 2019 compared to the previous year. The main reason is that users use the same or even the same passwords. Hacking software tools like the Sentry MBA and OpenBullet are capable of handling millions of valid pairs per day. The data from one successful hack is immediately used to try to access the rest of the user's accounts.
Those who are about to commit a crime on behalf of another person can acquire a “digital identity” on the Darknet, which includes both social media records and data for access to mail, streaming and other services. There is also the service of renting someone else's account with payment on time of use on illegal sites.
Medical data and cybersecurity
According to Kaspersky Lab, in 2019 and 2020, medical information becomes more relevant for hackers than financial and banking information. Health data is used to blackmail and deceive not only users themselves, but also their relatives. Cybercriminals can potentially alter a patient's electronic medical records, making it difficult to diagnose by forcing doctors to prescribe the wrong treatment.
It turned out that even medical research and MRI machines are vulnerable to remote hacking. Back in 2017, the medical device company Abbott had to update the software for 465 thousand pacemakers - a vulnerability allowed a hacker to change a patient's heart rate.
What tasks do cybersecurity specialists solve?
Cybersecurity specialists protect the SaaS platform and other software products of companies and organizations from hacking.
The data-loss prevention (DLP) strategy implemented by information security specialists allows you to control possible paths of data leakage. Thanks to DLP, user actions are monitored via e-mail, network protocols, Skype, instant messengers, applications. DLP does not allow writing valuable data for an enterprise to a disk, flash drive, mobile phone memory or other external media. The strategy also prevents data theft by taking pictures of the work screen.
Information security specialists have at their disposal systems of authentication and identification based on biometric data, systems for cryptographic protection of transmission channels and data carriers, software solutions for managing encryption keys. Secure corporate VPN tunnels, professional Firewall, private cloud services are used.
Identification and Authentication tools
Modern identification/authentication tools must support the concept of single sign-on to the network. Single sign-on is primarily a user-friendliness requirement. If a corporate network has many information services that can be accessed independently, then multiple identification/authentication becomes too burdensome. Unfortunately, it cannot yet be said that single sign-on has become the norm; dominant solutions have not yet emerged.
Thus, a trade-off must be found between reliability, affordability, and ease of use, and administration of identification and authentication tools.
It is curious to note that an ID / Authentication service can become the target of accessibility attacks. If the system is configured so that after a certain number of unsuccessful attempts, the identification information input device (such as a terminal) is blocked, then an attacker can stop the work of a legitimate user with just a few keystrokes.
The main advantage of password authentication is simplicity and familiarity. Passwords have long been built into operating systems and other services. When used correctly, passwords can provide a level of security acceptable to many organizations. However, in terms of their combination of characteristics, they should be recognized as the weakest means of authentication.
To make the password memorable, it is often kept simple (girlfriend name, sports team name, etc.). However, a simple password is not hard to guess, especially if you know the user's preferences. There is a classic story about the Soviet intelligence agent Richard Sorge, whose object of attention spoke "caramba" through the word; of course, the same word was used to open the top-secret safe.
Sometimes passwords are not kept secret from the very beginning, since they have standard values specified in the documentation, and they are not always changed after the system is installed.
Password entry can be spied on. Sometimes even optical devices are used for peeping.
Passwords are often shared with colleagues so that they can, for example, change the owner of the password for a while. In theory, in such cases, it is more correct to use access controls, but in practice no one does this; and a secret that two know is no longer a secret.
The password can be guessed by "brute force" using, say, a dictionary. If the password file is encrypted but readable, you can download it to your computer and try to guess the password by programming a brute-force attack (it is assumed that the encryption algorithm is known).
Nevertheless, the following measures can significantly improve the reliability of password protection:
- imposition of technical restrictions (the password must not be too short, it must contain letters, numbers, punctuation marks, etc.);
- management of the validity period of passwords, their periodic change;
- restricting access to the password file;
- limiting the number of unsuccessful login attempts (this will make it difficult to apply the "brute force method");
- user training;
- the use of software password generators (such a program, based on simple rules, can generate only euphonious and, therefore, memorable passwords).
It is always advisable to apply the above measures, even if other authentication methods are used along with passwords.
The number of information incidents is growing steadily. Ransomware, phishing, and social engineering viruses did not appear yesterday. However, over the past year, the intensity of external attacks on organizations has increased significantly. One of the main reasons for the increased activity is the COVID pandemic and the transition to a remote work format.
The epidemic gave rise to the need to rebuild the internal and external algorithms of work, plunging enterprises of all forms of ownership into chaos. And the attackers immediately took advantage of this. After all, the crisis for some is a window of opportunity for others.
Along with the increased workload on the specialized divisions, which were forced to throw forces to modify the internal structure, the threat of insider increased. And it's not just about employees looking for new illegal opportunities to earn extra money during the crisis. The staff, moving from the office to a cozy home environment, relaxed and became inattentive. As a result, inadvertent leaks have skyrocketed over the past 12 months.
And last but not least, the cuts caused by the crisis, as well as the availability of free time for yesterday's schoolchildren, have led to the fact that the network was idle professionals in conjunction with the "digital punks" They very quickly came up with the idea to while away their free time, trying on the strength of the security system of any company. Such "entertainment" not only gives a dose of adrenaline and makes you feel like a "hacker", but in some cases also brings financial dividends.
Against the background of this situation, the development of new methods of protection was only a matter of time. And one of the most obvious solutions is biometric authentication and user identification. It is almost impossible to fake, for example, a face or retina. In addition, data protection systems using facial recognition tools not only prevent an unidentified character from entering the perimeter, but also accurately establish the "author" of the leak if an incident occurs.
One of the markers of the rapid growth of biometric security systems is the size of the market. For example, worldwide it has reached almost 20 billion dollars, and in the United States it has increased to 6 billion.
Steve Martino, former senior vice president of information security at CISCO, believes that using biometrics as a secondary factor in authentication is one of the most advanced ways to protect data.
The most advanced algorithms should not only include identification with a password and, for example, a person, but also track how a particular user uses his computer, registering deviations in the pattern of behavior if a “substitution” took place.
Today, the mass introduction of complexes with biometric identification of the identity of employees within the perimeter of the organization occurs mainly in the United States. Outside North America, such systems are more commonly used for business-to-consumer applications. For example, for remote registration of clients, as well as in systems for accessing mobile devices or cars.
However, interest in biometric authentication of personnel in Europe and Asia is growing rapidly. As a result, solutions are beginning to appear on the market to meet new business needs.
Information is becoming the most expensive commodity in the world. In this regard, the number of ways to obtain it illegally is steadily growing. Cybersecurity specialists develop new ways to protect users in different sectors every year. If you have not yet thought about the safety of your SaaS product, then our dedicated development team is ready to discuss and offer you the best solution.
Interested in this expertise?
Get in touch with us and let's discuss your case. We will gladly share our knowledge and experience with you and find the most suitable option for you.