What is the Cause of the Data Leak?
- Security
These questions will be answered in the following article.
Leaked login credentials
Into the circulation of information available to the average person, there are increasingly those presenting various aspects of data security. Mainly these are news about login data leaks from popular portals or information about money theft by cybercriminals. We live in a time when we can talk about IT security with practically any person. This is because security topics are widely covered in mass media.
Examples of security breaches:
-
- A well-known journalist described his case, during which, becoming a victim of phishing, he lost several thousand zlotys from his accounts,
- One of the banks disabled the default acceptance of transfers via SMS code, then a phishing attack was carried out, which a multitude of bank customers caught on to,
- Entrepreneur discusses in a several-minute video how he lost 40 thousand zlotys (virus that substitutes bank account numbers)
Examples can be multiplied. My idea is to try to answer the question - what is the main cause of data leakage. The answer is seemingly - simple: IGNORANCE!
Types of attacks on security systems
Phishing attacks
Above all, it is preying on someone's gullibility and scant knowledge of the dangers.
Attacks using account number substitution on bank website
is to let a virus into one's computer (by what route is an absolutely negligible matter, the huge value for criminals is that users are simply inattentive).
For example, when verifying bank account numbers in a control SMS.
Attacks using known vulnerabilities
resulting primarily from the ignorance of system administrators, who have not responded to a known vulnerability for several years.
SUMMARY
It is also noteworthy that in the vast majority of cases of unauthorized access to data in systems, it is the so-called "protein interface" that is certainly crucial.
Tomasz Jurgielewicz
Head of Security Department at Lukardi. For the past 10 years, he has led a team of SAP Security specialists, providing comprehensive services and tools to secure SAP systems and optimize licenses. Experience in the areas of: - identification of authorization conflicts and authorization reorganization, - identification of SAP vulnerabilities, - integration of SIEM solutions with SAP, - optimization of SAP licenses.