4 IMPORTANT INFORMATION ON CYBERSECURITY

Because of growing concerns about extortion programs and Internet threats, there are some key considerations that leaders need to consider when it comes to protecting their organizations. The blog gives a brief overview of the cyber security that real international statistics provide and suggests a solution that can be implemented easily and quickly.
WHAT IS THE BLOG ABOUT?

Data security, authentication, MFA, ZeroTrust, brute-force

There are many types of employees in businesses, but there are basically two main types in terms of IT security. One who is connected to the necessary resources and applications on the company’s internal, managed systems. The other, who is out of the office, shop, or plant while working, but also needs access to corporate administration or office applications.

WHY IS IT IMPORTANT?

The 2020 pandemic has reorganized many jobs into home offices, and there is still a great need on the part of workers to have more traditional office positions remotely accessible. Innovative IT solutions such as the development of online sales methods or the creation of cloudy workspaces also support the principle of being able to work from anywhere. Statistics show huge internet growth worldwide, and with the digital transformation, the number of data leaks and malicious attacks is also rising sharply.

THE DEVIL NEVER SLEEPS AND THIS CAN COST A LOT!

Costs following data leakage are rising year on year. According to a 2021 report by IBM and the Ponemon Institute Cost of Data Breach Report, the cost of data leakage has risen from $ 3.86 million to $ 4.24 million. The statistics were based on 537 data leaks in 17 countries, 17 industries and three and a half thousand interviews. The interviews show that e.g. the situation in retail has deteriorated a lot.

 

  • 50% of retailers have experienced data leakage.
  • 40% of retailers experienced a dropout that had an impact on revenue.
  • 30% of retailers lost such critical business data that affected the business long after the breaches.

 

Security Magazine reports that the number of credentials stolen and revealed has increased by 300% since 2018. According to the 2021 Verizon Data Breach Investigations Report, passwords accounted for 89% of incidents involving web applications, whether through stolen credentials or brute-force attacks. Given this, it is clear that the protection of credentials is paramount.

WHAT CAN YOU DO ABOUT THREATS?

Be aware and don’t trust anyone until you know who’s on the other side of the connection!

Apply ZeroTrust security!

ZeroTrust assumes a security breach and therefore does not allow access until reliability has been verified multiple times with multi-factor authentication. Don’t base your protection on a one-layer solution, especially when it comes to protecting your credentials and reliable access! Antivirus and firewalls are great solutions, but by adding a separate MFA solution, companies can better protect their sensitive data and devices. This can be the first layer to provide authentication that prevents attacks on credentials.

Phishing and deceptive social engineering campaigns are a leading problem

Attackers can easily access e-mail lists and profiles from the dark web and launch a phishing attack against commercial companies. One click is enough to download malicious programs, such as keyword loggers, that can capture non-MFA-protected credentials and gain access to systems. CSOonline.com reports that 94% of malware arrives via email, and phishing attacks are responsible for more than 80% of security incidents. Almost all of these start with the theft of credentials.

A security incident at a third party can lead to even more incidents

Protecting VPNs, devices, and endpoints with MFA can prevent damage from security breaches and data leakage by third parties (vendors, subcontractors, etc.) by protecting trusted access to critical systems. With adaptive policies, Duo MFA can restrict access to applications and data based on the knowledge required. Other incident-causing entry points include unrepaired updates and zero-day vulnerabilities. Maintain your devices and software regularly to prevent unauthorized access! With Duo Device Health, you can check the security posture of devices connected to your network and restrict access if devices do not meet certain security requirements.

Be aware of the dangers of Brute-Force and Credential Stuffing.

According to a LastPass survey, 91% of respondents admitted to reusing passwords. Hackers are aware of this and collect passwords from credentials or the dark web. Automated tools are then used to test passwords for access through various websites, known as Credential Stuffing, or Brute-Force. Once they get in, an internal, multi-directional attack can begin. The 2021 Verizon Data Breach Investigations Report finds 61% of all breaches exploited credential data via brute force attacks, credential stuffing attacks, or credential data leaked and used later. A powerful MFA solution can provide real protection against attacks that start using stolen data.

CONCLUSION & SOLUTION

Protecting credentials is a vital part of a business organization’s successful security strategy. By implementing a powerful MFA solution like Duo, in which users must present a combination of credentials to verify their identity before they can gain access, attackers will not be able to launch attacks from the user side. This is because the Duo MFA requires authentication in addition to the user name and password, such as a trusted device, software, possibly a hardware token, or biometric data such as the fingerprint. Thanks to these requirements, MFA is 99.9% effective in preventing the first steps in fraud. MFA is one of the cornerstones of ZeroTrust security and will help achieve the level of security that companies will absolutely need in 2022.

ASK FOR A PROFESSIONAL CONSULTATION FROM OUR EXPERTS!

We help you with your infrastructure development decisions with expert advice. Our IT engineers have decades of experience waiting for your ideas. We guarantee that we only and exclusively recommend reliable, cutting-edge technologies. With our solution, you can also operate your IT infrastructure cost-effectively.

LEARN MORE

PROFESSIONAL BLOG

Jelszó nélküli hitelesítés
Cybersecurity

THE PASSWORDLESS WORLD

Cybercrime and phishing are on the rise. Not only civilian users, but also large companies regularly hand over their passwords as a result of inadequate precautions.

READ MORE »

Gyere és reggelizz velünk!

A Syswind Kft. a Cisco szakembereinek támogatásával bemutatja, hogyan valósítható meg az IT innováció a dinamikusan fejlődő KKV-k számára.