Cybersecurity Report

17.10.2022

Cybersecurity Report

Situation with security in the IT sphere remains critical

Recently two factors were the main impetus of arising threats: COVID 19 related issues, actively exploited by numerous intruders and shift to the remote way of work worldwide. Related to these factors attack vectors remain actual even now due to their large effect on a society in general. 

Cyber extortion is becoming one of the greatest threats

Significant expansion of cyber-criminal extortion methods was reported as well. Not only did the number of malware increase rapidly, the level of the attacks’ sophistication also continued to increase considerably. When conducting such an attack, cyber criminals encrypt companies and institutions’ data in order to extort a ransom. 

Vulnerabilities as one of the biggest challenges

Dealing with vulnerabilities remains one of the biggest challenges for information security experts. Cyber criminals sometimes exploit vulnerabilities without any further action on the part of users. Attackers systematically exploit a number of existing vulnerabilities, including outdated software or hardware, inadequate security standards or human errors. A successful cyber attack can quickly lead to monetary and non-monetary damage – such as loss of reputation – for all those involved. It can have legal consequences as well. Not only the targeted companies, but third parties along the entire value chain or even the entire society may be affected.

An issue with Microsoft's Exchange servers that was fixed in March 2021 is the emblematic of the scale of the challenge. Immediately after the vulnerability was detected, attempts to detect and compromise vulnerable Exchange servers were observed. 

The "human" factor

The "human" factor continues to play an important role as a gateway for attacks. The uncertainty and excessive demands caused by the COVID 19 pandemic, the real and perceived time pressure, and the social and media dominance of the defining issue were exploited by attackers. They tried to persuade victims to hand over sensitive information or personal data through phishing attacks and other forms of fraud and social engineering. Data leaks, cyber attacks during videoconferences, poorly secured VPN servers, and the usage of private IT for corporate purposes has also led to security incidents. DDoS attacks, problems with cryptography and hybrid threats from foreign states and their proxies have also caused security incidents.

Successful digitization requires efficient and reliable cyber security

Threats, posed by cyber criminals to the digital society and the interconnected world continue to grow. With the development and adoption of new legal acts, aimed at regulation of the information security sphere organizations and companies become more motivated for ensuring high level of information security protection. This track should be flowed as it really strengthens protection.

Find out what products to implent to protect corporate information security perimeter.

Digitization, with all the opportunities and benefits it brings, also permanently generates numerous vectors for attacks and increases the amount of existing threats. For this reason, the approach to digitization must be thoughtful and practical. Information security must take on a much higher priority and become the core issue of any digitization projects. 

Basic recommendations for improvement of cybersecurity protection:

• Comply with requirements, proposed by regulators
• Educate employees in order to increase their level of computer literacy and organize practical trainings
• Implement advanced protective software

Human factor ransomware Employee monitoring