Today, large companies and small and medium-sized enterprises that employ many people equip their IT systems with a number of high-tech protection mechanisms and solutions that act as a reliable line of defense against attempts by external intrusions. However, this is not to say that company leaders can sit idly by. In the world, including in our country, there has long been a trend that instead of a frontal attack, data is taken over by cybercriminals, professional phishers who use information for other purposes, with the involvement (voluntarily or forcibly) of employees.
Surprisingly, three-quarters of Hungarian companies also experienced minor or major data breaches, unauthorized access to data through exploitation of company negligence and unregulated employee rights. Of course, no one throws them out the window, but regular examinations and checks, unfortunately, year after year support this situation. Of course, the market has not been idle. In the international arena, the European Banking Authority (EBA) was one of the first to take a stand and make recommendations in this area. As early as 2019, the most important security measures to be implemented included regular permission checks at financial institutions to reduce the risk of internally supported IT attacks.
“Allocations issued by the EBA to go beyond the financial sector. The economic sector is characterized by ad hoc access to company data. In the course of our work, we have seen an example where employees performing administrative tasks not only had access to confidential the financial database of a given company, but they could download information from it at any moment if it was in their interests. Simply because in companies – the smaller they are, the more typical – it is still often decided on the basis of habits and the free logic of managing the worker process, who can see and what to use on internal networks the possibility of data leakage, and what is even more painful for your company of users that they have to pay a commission for a huge number of licenses allocated on the basis of access, even if many of the authorized colleagues do not use it at all . “Unnecessary burning of money,” said Tamas Michali, dreamer of TheFence, a solution that combines license cost savings and IT security enhancements. The conclusions that can be drawn from the attacks all point to the fact that it is not enough to hide company documents behind firewalls today. Whether companies store their data in the cloud or on their own systems, they can really mitigate the risks they face. only if they are precisely and timely defined who can get personal access to what, and even from where they can download and on what medium they can store any information about the company. According to Tamas Mihaj, this is the main problem that if companies it is handled according to its weight, it is pre-coded, data loss is small or large, information gets into the wrong hands, which in addition to financial risks, it can even lead to a decrease in competitiveness in the market.
TheFence strategist first recommends to company managers and IT managers that with the involvement of other departments (HR, finance, law, etc.) and an external expert, and they regularly check their users and their roles authorization using the appropriate tools. At the same time, assess the real risks and exclude as much as possible those accesses and users who, on the one hand, only take money from a licensing point of view due to their underuse, and on the other hand, potentially allow leakage of any company information through ignorance or malicious intent .
Hardware, software, tests, interesting and colorful news from the IT world at the link!