How vulnerable are our data?
Is it possible for files to open for everyone? Or is it a matter of unsafe passwords? What about social engineering - one of the oldest tricks? Or maybe all of the above?
In the fifth edition of the Inside Out Security Show, security experts David Gibson and Michael Buckby looked for answers to these pressing questions.
The most important thing that we found out when communicating with experts:
')
File system risk assessments.
For potential customers, VARONIS collected anonymous (unnamed) data using its risk assessment systems. And the results were unexpected. For example, an average of 9 million files can be opened by every employee in a company!
A little about why the ability to open a file by any employee of the company is a serious problem:
“10, 20 years have passed, and now with the help of modern technologies we are very connected ... now it is so easy to create data ... At the same time, many people realize their value. After all, these data can not be used with good intentions. If you think about how this situation has changed over time, then you need to start with the fact that until the end of the 90s the related systems were not publicly available ... the number of people who could get the data was relatively small ... But then with the advent of the Internet and the possibility of cheap storage ... huge amounts of data of large companies were very weakly separated from the rest of the world ... And if there is no security system built into each data layer, then many difficulties will certainly arise. ”
How does the C-level react when it finds out
“Many of the C-levels will be surprised at how much data is available ... This does not mean that IT will spread and advertise the data they have. However, it is very difficult to determine what confidential data is available and whether it is open to everyone in the company. ”
(Shhhh, VARONIS can help identify sensitive data that is open to all!)
Insufficient standards governing the creation of passwords
“Mike found the best worst password ever, in the last 20 years, the government code for launching nuclear missiles is 00000000.”
“This confirms that the password does not help protect the data ... No matter what the consequences may be, people nevertheless do not create the" correct "passwords."
Since passwords will not disappear anytime soon, click here if you want to learn how to become the best password generator.
Then can better cooperate with hackers?
Files that can be opened by everyone, and unreliable passwords, can later lead to file corruption. We all saw what happened to major law firms, how they suffered due to massive file corruption.
Fortunately, last year, law firms formed an information sharing group to discuss security threats and vulnerabilities. However, it may be better to cooperate with hackers and use their ideas?
“It seems to me that it is always difficult to quantify innovations ... We are always interested in saving material and should evaluate the available financial possibilities. What we see in hacker communities is the reputation of our economy. There are definitely people selling products, but there are those who have a reputation, a person who recognized X or learned Y. „
“Of course, there is competition in the hacker community, but it’s important that they can quickly organize against a common enemy, as happened with law firms.”
“Law firms have a large amount of information that should not be publicly available, but is potentially“ sensitive ”, hence the huge potential to capitalize on this”
In the fifth edition of the Inside Out Security Show, security experts David Gibson and Michael Buckby looked for answers to these pressing questions.
The most important thing that we found out when communicating with experts:
')
File system risk assessments.
For potential customers, VARONIS collected anonymous (unnamed) data using its risk assessment systems. And the results were unexpected. For example, an average of 9 million files can be opened by every employee in a company!
A little about why the ability to open a file by any employee of the company is a serious problem:
“10, 20 years have passed, and now with the help of modern technologies we are very connected ... now it is so easy to create data ... At the same time, many people realize their value. After all, these data can not be used with good intentions. If you think about how this situation has changed over time, then you need to start with the fact that until the end of the 90s the related systems were not publicly available ... the number of people who could get the data was relatively small ... But then with the advent of the Internet and the possibility of cheap storage ... huge amounts of data of large companies were very weakly separated from the rest of the world ... And if there is no security system built into each data layer, then many difficulties will certainly arise. ”
How does the C-level react when it finds out
“Many of the C-levels will be surprised at how much data is available ... This does not mean that IT will spread and advertise the data they have. However, it is very difficult to determine what confidential data is available and whether it is open to everyone in the company. ”
(Shhhh, VARONIS can help identify sensitive data that is open to all!)
Insufficient standards governing the creation of passwords
“Mike found the best worst password ever, in the last 20 years, the government code for launching nuclear missiles is 00000000.”
“This confirms that the password does not help protect the data ... No matter what the consequences may be, people nevertheless do not create the" correct "passwords."
Since passwords will not disappear anytime soon, click here if you want to learn how to become the best password generator.
Then can better cooperate with hackers?
Files that can be opened by everyone, and unreliable passwords, can later lead to file corruption. We all saw what happened to major law firms, how they suffered due to massive file corruption.
Fortunately, last year, law firms formed an information sharing group to discuss security threats and vulnerabilities. However, it may be better to cooperate with hackers and use their ideas?
“It seems to me that it is always difficult to quantify innovations ... We are always interested in saving material and should evaluate the available financial possibilities. What we see in hacker communities is the reputation of our economy. There are definitely people selling products, but there are those who have a reputation, a person who recognized X or learned Y. „
“Of course, there is competition in the hacker community, but it’s important that they can quickly organize against a common enemy, as happened with law firms.”
“Law firms have a large amount of information that should not be publicly available, but is potentially“ sensitive ”, hence the huge potential to capitalize on this”
Source: https://habr.com/ru/post/301568/
All Articles