Yau ga yawancin mazauna Khabrovsk shine hutu na ƙwararru - ranar kariyar bayanan sirri. Don haka muna so mu raba nazari mai ban sha'awa. Proofpoint ya shirya nazari kan hare-hare, lahani da kariyar bayanan sirri a cikin 2019. Bincikensa da bincike yana ƙarƙashin yanke. Barka da hutu, 'yan mata da maza!
Abu mafi ban sha'awa game da binciken Proofpoint shine sabon kalmar VAP. Kamar yadda sakin layi na gabatarwa ya ce: "A cikin kamfanin ku, ba kowa ba ne VIP, amma kowa zai iya zama VAP." VAP a takaice yana nufin Mutumin da Aka Hari sosai kuma alamar kasuwanci ce mai rijista ta Proofpoint.
Kwanan nan, an yarda da cewa idan harin da aka keɓance ya faru a cikin kamfanoni, ana jagorantar su da farko a kan manyan manajoji da sauran VIPs. Amma Proofpoint yayi jayayya cewa wannan ba haka lamarin yake ba, saboda ƙimar mutum ɗaya ga maharan na iya zama na musamman kuma gaba ɗaya ba zato ba tsammani. Saboda haka, masana sun yi nazari kan masana'antu da aka fi kai hari a bara, inda aikin VAP ya kasance ba zato ba tsammani, da kuma irin hare-haren da aka yi amfani da su.
Rashin lahani
Wadanda suka fi fuskantar hare-hare sune bangaren ilimi, da kuma abinci (F&B), inda manyan wadanda abin ya shafa suka kasance wakilan ikon mallakar hannun jari - kananan kasuwancin da ke da alaƙa da “babban kamfani”, amma tare da ƙarancin ƙwarewa da tsaro na bayanai. Abubuwan girgijen su koyaushe suna fuskantar munanan hare-hare kuma 7 cikin 10 abubuwan da suka faru sun haifar da sasantawa na bayanan sirri. Shiga cikin yanayin gajimare ya faru ta hanyar kutse na asusun mutum ɗaya. Kuma ko da yankuna kamar kuɗi da kiwon lafiya, waɗanda ke da ƙa'idodi daban-daban da buƙatun tsaro, sun rasa bayanai a cikin 20% (na kuɗi) da 40% (na kiwon lafiya) na hare-hare.
Hare-hare
An zaɓi vector na harin musamman don kowace ƙungiya ko ma takamammen mai amfani. Duk da haka, masu bincike sun iya gano alamu masu ban sha'awa.
Misali, adadi mai yawa na adiresoshin imel da aka lalata sun zama akwatunan wasiku na raba - kusan ⅕ na jimlar adadin asusun da ke da saukin kamuwa da phishing da kuma amfani da su don rarraba malware.
Dangane da masana'antu da kansu, sabis na kasuwanci ya zo na farko dangane da tsananin hare-hare, amma gabaɗayan matakin "matsi" daga masu satar bayanai ya kasance mai girma ga kowa da kowa - ƙaramin adadin hare-hare yana faruwa akan tsarin gwamnati, amma har ma a cikinsu, mutane 70 sun lura. munanan tasiri da yunƙurin ƙetare bayanai % na mahalarta binciken.
Gata
A yau, lokacin zabar vector harin, maharan a hankali suna zaɓar rawar da yake takawa a cikin kamfani. Binciken ya gano cewa asusun manajoji na ƙasa yana ƙarƙashin ƙarin 8% ƙarin hare-haren imel, gami da ƙwayoyin cuta da phishing. A lokaci guda, ana kai hare-hare kan 'yan kwangila da manajoji ba sau da yawa.
Sassan da suka fi fuskantar hare-hare akan asusun gajimare sune ci gaba (R&D), tallace-tallace da PR - suna karɓar imel ɗin 9% fiye da matsakaicin kamfani. A wuri na biyu akwai sabis na ciki da sabis na tallafi, waɗanda, duk da babban ma'aunin haɗari, duk da haka sun sami ƙarancin hare-hare na 20%. Masana na danganta hakan da wahalar shirya hare-haren da ake kai wa wadannan sassan. Amma ana kai hari ga HR da lissafin kuɗi kaɗan kaɗan.
Idan muka yi magana game da takamaiman matsayi, mafi saukin kai hare-hare a yau shine ma'aikatan sashen tallace-tallace da manajoji a matakai daban-daban. A gefe guda kuma, wajibi ne su mayar da martani ga ko da mafi ban mamaki haruffa a matsayin wani ɓangare na aikinsu. A gefe guda kuma, suna sadarwa akai-akai tare da masu kudi, ma'aikatan kayan aiki da 'yan kwangila na waje. Saboda haka, asusun mai sarrafa tallace-tallace da aka yi wa kutse yana ba ku damar samun bayanai masu ban sha'awa da yawa daga ƙungiyar, tare da babban damar samun kuɗi.
Hanyoyin kariya
Kwararrun masu tabbatarwa sun gano shawarwari 7 da suka dace da halin da ake ciki yanzu. Ga kamfanonin da suka damu game da tsaron su, suna ba da shawara:
- Aiwatar da kariyar da ta shafi mutane. Wannan yana da amfani da yawa fiye da tsarin da ke nazarin zirga-zirgar hanyar sadarwa ta kumburi. Idan jami'an tsaro sun ga wanda ake kai wa hari a fili, sau nawa ya karbi saƙon imel iri ɗaya, da kuma irin albarkatun da yake da damar yin amfani da su, to, zai kasance mafi sauƙi ga ma'aikatansa don gina kariya mai dacewa.
- Koyar da masu amfani don yin aiki da saƙon imel. Mahimmanci, yakamata su iya gane saƙonnin phishing kuma su kai rahoto ga tsaro. Zai fi kyau a yi haka ta amfani da haruffa waɗanda suke da kama da na ainihi gwargwadon yiwuwa.
- Aiwatar da matakan kariya na asusun. Yana da kyau koyaushe a tuna abin da zai faru idan an kutse wani asusu ko kuma idan mai sarrafa ya danna hanyar haɗi mara kyau. Don karewa a waɗannan lokuta, ana buƙatar software na musamman.
- Shigar da tsarin kariyar imel tare da duba haruffa masu shigowa da masu fita. Masu tacewa na al'ada ba sa jure wa saƙon saƙon saƙo da aka haɗa tare da ƙwarewa ta musamman. Don haka, yana da kyau a yi amfani da AI don gano barazanar, da kuma bincika imel masu fita don hana maharan yin amfani da asusun da ba su dace ba.
- Ware albarkatun yanar gizo masu haɗari. Wannan na iya zama da amfani sosai ga akwatunan saƙon da aka raba waɗanda ba za a iya kiyaye su ta amfani da gaskatawar abubuwa da yawa. A irin waɗannan lokuta, yana da kyau a toshe duk wata hanyar haɗin gwiwa.
- Kare asusun kafofin watsa labarun a matsayin hanyar kiyaye suna ya zama mahimmanci. A yau, tashoshi da asusun kafofin watsa labarun da ke da alaƙa da kamfanoni suma suna fuskantar kutse, kuma ana buƙatar mafita na musamman don kare su.
- Magani daga masu samar da mafita masu hankali. Idan aka yi la'akari da kewayon barazanar, haɓakar amfani da AI wajen haɓaka hare-haren phishing, da nau'ikan kayan aikin da ake da su, ana buƙatar mafita na haƙiƙa na gaske don ganowa da hana ɓarna.
Hanyar Acronis don kariyar bayanan sirri
Abin baƙin ciki, don kare bayanan sirri, riga-kafi da tace spam ba su isa ba. Kuma wannan shine dalilin da ya sa daya daga cikin sabbin fasahohin ci gaban Acronis shine Cibiyar Ayyukan Kariya ta Cyber a Singapore, inda ake nazarin abubuwan da ke tattare da barazanar da ake ciki da kuma sa ido kan sabbin ayyukan munanan ayyuka a hanyar sadarwar duniya.
Ma'anar Kariyar Cyber, wanda ya ta'allaka ne a tsaka-tsakin tsaro na yanar gizo da dabarun kariyar bayanai, yana nuna goyon baya ga nau'ikan tsaro na yanar gizo guda biyar, gami da tsaro, samuwa, keɓaɓɓu, sahihanci da amincin bayanai (SAPAS). Binciken na Proofpoint ya tabbatar da cewa yanayin yau yana buƙatar ƙarin kariya ta bayanai, don haka, a yanzu ana buƙatar ba kawai don adana bayanai (wanda ke taimakawa kare bayanai masu mahimmanci daga lalacewa), amma har ma don tabbatarwa da sarrafawa. Misali, mafita na Acronis suna amfani da notaries na lantarki don wannan dalili, suna aiki akan tushen fasahar blockchain.
A yau, sabis na Acronis suna aiki akan Acronis Cyber Infrastructure, yanayin girgije na Acronis Cyber Cloud, kuma suna amfani da Acronis Cyber Platform API. Godiya ga wannan, ikon kare bayanai bisa ga tsarin SAPAS yana samuwa ba kawai ga masu amfani da samfuran Acronis ba, har ma ga duk yanayin yanayin abokan tarayya.
Masu amfani da rajista kawai za su iya shiga cikin binciken. don Allah.
Shin kun ci karo da hare-haren da aka yi niyya akan masu amfani da "marasa tsammanin" akan hanyar sadarwar da ba "ba VIP bane kwata-kwata"?
-
42,9%Da 9
-
33,3%No7
-
23,8%Ba mu yi nazarin wannan ba
Masu amfani 21 sun kada kuri'a. Masu amfani 3 sun kaurace.
source: www.habr.com