Industry and information security: the main threats of 2018
Companies, because of their social and economic importance, are at the center of attention when it comes to safety. However, unlike physical security, information protection has become a priority only recently. Meanwhile, changes are occurring rapidly in this industry and require an equally rapid reaction.
Increased number of accidental invasions of malicious software
The human factor has been considered by the specialists the main threat to information security. Hackers have not yet found an easier way to violate a company's protection than attacking a specific user and PC. They use social engineering to gain confidential information by sending viruses, ransomware, and trojan horses.
To succeed in combating the risks generated by the human factor, it is necessary to control all channels of information transmission, analyze the traffic and guide employees about the Information Security (IS) rules. Regular monitoring in the scope of the IS can be carried out within the institution itself or by using services of companies specialized in the training of information security agents, such as CTI, Security Awareness Training, among others.
Increased attacks on industrial enterprises
By 2017, SI specialists noted the increased interest of cybercriminals and internal agents by industrial companies. First they steal user data, plans, technology process diagrams, engineering technical documentation, and then monetize that information. The volume of such crimes only tends to grow, as the computerization of industrial facilities has been gaining strength.
In order for employees to understand responsibility for internal activities, it is important to inform them about incidents and their punishments in cases of fraud. For example, in 2017 the case of one of SearchInform's customers was disclosed. The Akado Yekaterinburg company started and won a lawsuit against a former employee and his accomplice who tried to "leak" the database of their clients. The data obtained with the help of the DLP system were used as evidence in the judicial process.
Mining of encrypted currencies with enterprise resources
The media has widely discussed major scandals related to data mining in the workplace. The most famous case is that of the January 2017 verdict. The Federal Reserve system official, Nicholas Bertault, has installed on the organization's server software for the mining of encrypted coins. Bertault changed the security policy to gain remote access to the server from his personal computer. Nicholas was sentenced to 12 months in prison on parole and fined five thousand dollars.
In 2018 the trend prevails. Workers are attracted to the ease of this kind of gain: they spend the resources of the company and still receive an additional income. Most unpleasant is that it is more difficult to detect the mining done internally than in the case of an invasion by a mining virus. The security department must have the necessary tools to identify such activities.
Internal fraudsters use IT tools to commit common crimes
Malicious employees are increasingly using methods of cyber fraud. A Real Case: An IT professional from one of SearchInform's clients "mirrored" the e-mails of two executives, commercial and general directors, in their own e-mail. Access to e-mail was left in the hands of the company's direct competitors, and if the DLP system did not detect the violations, competitors would know about all of the company's management processes. The criminal's activities were interrupted.
In any work team, there are potentially dangerous employees: indebted people can end up stealing to pay their debts, alcoholics and people with other addictions may end up losing their heads and disrespecting their colleagues. This employee profile will always be a weakness in the company, besides which, they can also easily become victims of blackmail: when pressed, they may end up committing crimes to keep their personal secrets. Armed with the right tools, Information Security professionals can identify and monitor the "risk groups" in companies.
A SearchInform customer was able to avoid financial losses in their company by developing a security policy focused on at-risk groups. The company's chief financial analyst spent his lunch hour playing poker on the internet. The security department discovered that the hobby had already become an addiction for some time, and that the annual volume spent on gambling by the employee was more than $ 40,000. At any time, this money could be withdrawn from the company accounts. So the clerk had to be turned off.
Integration of protection solutions
Information security is an ongoing process that requires an integrated approach and comprehensive analysis. The idea of integrating protection solutions into a single system is supported by SI regulators and experts as it significantly increases the level of data security. While one system identifies abnormal behavior, determining the means of obtaining access to information, the other evaluates the content of communication. This interaction between the systems makes it possible to fully investigate the crime and collect the most evidence.
Despite the breadth of the problems described above, the seriousness of the new challenges and threats, there are reasons to look to the future optimistically. To combat information security threats, today's businesses have professionals with the necessary qualifications, and vendors, on the other hand, offer high-tech solutions. It remains to combine these two factors and carry out a well-planned work.