Written by Antonishi Kora, CMO | Growth Officer, Secfense
Increasingly reported leaks of sensitive data from email accounts or improperly protected applications are targeted at businesses, individuals, and politicians. In Poland, hackers recently hijacked the prime minister’s email account and released content – official communications.
How can politicians and employees be protected from similar attacks?
As the number grows, the issue of cyberattacks on email accounts of employees in critical countries and healthcare institutions has become a concern in almost every country. In the last 6 months Hacker got sensitive information Related to a UK aid project funded by the National Security Council aimed at combating terrorism and building stability abroad. In February, sensitive data breaches were reported at: Oxford University Institute Survey of Covid19.
“Hackers get the user’s digital ID through phishing emails. That’s why everyone, especially those with access to sensitive information, needs to use so-called additional elements. This solution is 100% accurate. It provides verification of the user ID. Simply put, it checks if the person behind the computer is actually an authorized person and not a hacker who uses a stolen password. ” Secfense CEO Tomasz Kowalski said.
180 days to adopt 2FA in the US
The fact that multi-factor authentication (MFA) is mandatory today is Executive order to improve national cybersecurity Issued by the President of the United States on May 12, it urged the federal government to implement two-factor certification (2FA) within 180 days.
This type of security measure was not found in the case of Polish Prime Minister Michal Dworczyk, whose personal email account (improperly used for official communications) was hacked in June of this year. rice field. The situation caused considerable confusion as it was obtained by individuals who were not allowed strategic and strictly confidential information about the importance of the state.
“According to the owner of the domain where the Polish politician’s account is hosted, providing the correct login and password resulted in access to the account. The hacker forced the password from the minister’s wife, or It is probable that she used the same password for other services and took advantage of the fact that she got the password from one of them, “Kowalski added.
Gmail status issues
The use of private email accounts for public affairs within state government is not just a flaw in Poland.according to To sky newsIn 2020 alone, the UK Department of Defense reported 151 violations as a result of transferring confidential information from a government-protected network to a personal email account.
“As you can see, it is difficult to take disciplinary action even for those who have access to the most sensitive information. Therefore, use so-called additional elements extensively and comprehensively during authentication in systems and applications. It’s imperative to talk about, “explains Tomasz Kowalski. “The second factor could be both the physical key or the biometric scanner built into the laptop or smartphone. It’s important to protect all applications used by employees and politicians. Fortunately, today there are several non-invasive ways to use any method of multi-factor authentication, including encryption keys, that does not require application code changes.
After a scandal about an email leak by Minister Dworczyk, discussions began on the purchase of a physical encryption key (U2F) for the government. But it is questionable whether the keys protect all government applications or whether politicians actually use them.
In any case, multi-factor authentication is today regarded as the most effective protection against information theft, such as getting sessions from logged-in users, phishing, and man-in-the-middle attacks. All of us, especially those in state status, should immediately stop using passwords as the only online authentication and security verification. Passwords are vulnerable to theft and are often vulnerable and identical in many services, which can lead to political crises as well as stress for owners.
What measures should politicians and authorities take to protect themselves from cyber attacks?
- Use different passwords for different services.
- Use a password management application that allows you to generate strong passwords and their storage.
- Implement two-factor authentication anytime, anywhere wherever possible.
- Do not send sensitive information through your private email account.
- Allows automatic updates of the operating system and major applications. This allows you to eliminate security bugs.
- If someone requests immediate provision of data, the request is from an application, from an email requesting an immediate response, or the fake bank rep who called to request the installation of a phone application. Do not react, whether from someone else.
- Use the signal communicator for important messages. Signal is currently the most secure application. In contrast to WhatsApp, it not only provides confidentiality, but also does not collect connection metadata, thus maintaining the privacy of all conversations. That is, the message is encrypted, so the application is unaware of the content and not the participants. It’s a conversation.
A politician under a cyber attack. Is it possible to prevent attacks and leakage of confidential information? —
Source link A politician under a cyber attack. Is it possible to prevent attacks and leakage of confidential information? —