Posted at June 25, 2018, by O. QUENUM.
Cyber-Security, prior to share with you some ways to start answering the two questions on top of this article. We have to play business in a web space where the question is no longer whether your website will experience cyber-attacks, but when, and how often? According to CHECK POINT RESEARCH, here is a map of cyber-attacks identified in real time around the world https://threatmap.checkpoint.com/ThreatPortal/livemap.html. In terms of Cyber-Security, every day proves that it is better to prevent rather than believe in the lottery of healing the damage of cyber-attacks … Today, if no company is spared, and even large international companies are targeted, we have to cope with increasing cyber-attacks at SMEs. Indeed, 77% (about 8/10) of cyber-attacks are targeting SMEs (http://www.leparisien.fr/economie/cyber-attaques-les-pme-particulierement-vulnerables-27-04-2015 -4728719.php). This wave is mainly due to the conjunction of several factors that are among others:
- Two decades ago, the motivation of cyber-hackers was mainly the “glorious feat”. As a result, the more the cyber-victim was famous, the more the “glorious feat” was in the middle of the media… That’s why cyber-hackers targeted larger companies or larger organizations… Today, the motivation of cyber-hackers is more financial than the “glorious feat”.
- Having often been victims, big companies are more and more Cyber-Security aware, and they are reducing their Cyber-Security vulnerabilities…
- SMEs remain out of Cyber-Security aware, and they offer an attractive alternative due to their large number. Indeed, a huge number of “small profits” are preferred to few “big profits”. This is especially so because the “small profits” are yielded by easy cyber-attacks against SMEs and the “big profits” are yielded by increasingly difficult cyber-attacks against large companies.
- Web site URL vulnerabilities that may facilitate “Brute Force” attacks via faked URL requests. For instance, a website Backup service can be hijacked to steal sensitive data from the website (or the web server), configuration file containing passwords in plain text, source code, log file or other.
- Vulnerabilities in the storage of sensitive data (for examples: passwords of salaries and users).
- Risks related to the phenomenon of “Bring your own device” or the difficulty of identifying the devices connected to the network of the company.
- Failure to raise salaries’ awareness of Cyber-Security risks or failure to apply Cyber-Security measures due to constraints that ignore current practices (for example: e-mails and their attachments that are main vectors for broadcasting malwares and ransomwares).
Please, log in prior to leave a comment.