Several million cyber attacks are launched worldwide every day. Not all are successful, but it is still clear that the risk situation remains acute for both companies and private individuals. What is frightening is how easy it is for attackers to hijack email accounts or corporate networks. So far, the motto was that something would have to happen before investments were made in security measures. This now seems to be overridden - a dangerous development.
You can join ethical hacking course in delhi from DICC.
The New Year hadn't really started yet, when a 20-year-old from Hessen made a name for himself with the spectacular publication of more than 1,000 email account data from numerous celebrities and politicians in Germany. What, in retrospect, sounds like a prank by a young person makes it all the more clear how weak the topic of IT security is in this country. The excitement was great at first, but subsided again just as quickly as a tidal wave in the North Sea.
A few weeks later came the news that more and more data records appeared in the Darknet, which contained user names and passwords for email accounts of more than 770 million private users. Since then, not a week has passed without corresponding reports. What initially sounds like changing the password is sufficient, the development and design of such email services is profound. E-mail accounts from traditional service providers are particularly affected, including Gmail, but also other providers. The government had to act quickly, which is why a Cyber Defense Center Plus is to be built and a new early warning system for hacker attacks by the Federal Office for Information Security (BSI) is to be set up.
Attacks in the high six-figure range take place every day in Germany, and not just recently - on the contrary, the trend is increasing and the attacks are becoming increasingly large. According to the current status report of the BSF for example, the number of known malicious programs in circulation rose from 600 to over 800 million. Attacks carried out with these malware signatures alone rose to 390,000 per day, according to the agency, which is 110,000 more than in the previous year. The speed at which the attacks can be carried out and the attackers' focus also change. With 190 GBit per second now, not only browsers or operating systems are attacked, but also devices in the IoT, processors, chips and surveillance cameras.
Uncertainty factors: people, hardware and unprotected infrastructure
And in many cases it is made very easy for the attackers that an attack ends successfully: human error, outdated hardware or insufficiently secured IT infrastructure, or missing security mechanisms. The Hasso Plattner Institute analyzed around one billion user accounts for a study on password use (2)that were freely available on the internet due to data leaks. It was particularly striking here that 20 percent of users use identical passwords for different accounts or only change them slightly (27 percent). According to this study, the most used password is "123456". This point becomes particularly relevant for companies when employees increasingly bring their IoT devices into the company network that are not sufficiently secured. Cyber criminals can take advantage of this opportunity to attack the company's IT.
Another point that still has to be considered when it comes to security - even if the majority of IT now takes place in the virtual area - is the hardware. Outdated devices that are still in the networks, even though they may no longer be used at all (keyword Shadow IT), can provide a gateway here. In addition, they are not updated sufficiently or may not be updated due to their age. This means that existing weak points remain and back doors are opened unintentionally. A good example of hardware as a gateway was the vulnerability discovered in fax machines last year.
One of the biggest challenges for companies is the fact that the security tools and systems used can no longer cope with the sophisticated hacker attacks. These modern hacking tools enable criminals to act quickly and to widely infect the corporate network. So-called multi-vector attacks can only be prevented by an integrated and uniform security structure. So this means that older generations of security tools are supplemented with modern technologies and companies are moving away from pure attack detection to proactive attack defense.
Conclusion
The likelihood of becoming a victim of a cyber attack is part of our everyday life. Now it is a matter of protecting yourself accordingly and trying to think one step further. Companies can no longer focus solely on the detection and defense of attacks, but must take their IT security to a new level. Ideally, the security structure is based on a combination of preventive, identifying and corrective procedures. Then it will be possible for security teams to act preventively and to protect their companies, but also their employees, and to provide them with tips for better protection of their private email accounts.
Comments