Lukardi

Webinar Bezbolesny projekt reorganizacji uprawnień SAP – automatyczne dopasowanie ról

What is the Cause of the Data Leak?

Share
Just a few years ago, topics related to data security were only discussed by small groups of cybersecurity specialists. Before the era of ubiquitous logins and passwords, most people didn’t really worry about the risks to data security. Those days are long gone.
 
Why is cyber security important and what is the main cause of data leakage?
These questions will be answered in the following article.

Leaked login credentials

Into the circulation of information available to the average person, there are increasingly those presenting various aspects of data security. Mainly these are news about login data leaks from popular portals or information about money theft by cybercriminals. We live in a time when we can talk about IT security with practically any person. This is because security topics are widely covered in mass media.

Examples of security breaches:

    1. A well-known journalist described his case, during which, becoming a victim of phishing, he lost several thousand zlotys from his accounts,
    2. One of the banks disabled the default acceptance of transfers via SMS code, then a phishing attack was carried out, which a multitude of bank customers caught on to,
    3. Entrepreneur discusses in a several-minute video how he lost 40 thousand zlotys (virus that substitutes bank account numbers)

Examples can be multiplied. My idea is to try to answer the question - what is the main cause of data leakage. The answer is seemingly - simple: IGNORANCE!

Types of attacks on security systems

Phishing attacks

Above all, it is preying on someone's gullibility and scant knowledge of the dangers.

Attacks using account number substitution on bank website

is to let a virus into one's computer (by what route is an absolutely negligible matter, the huge value for criminals is that users are simply inattentive).

For example, when verifying bank account numbers in a control SMS.

Attacks using known vulnerabilities 

resulting primarily from the ignorance of system administrators, who have not responded to a known vulnerability for several years.

SUMMARY
To sum up: I treat this post with a slight pinch of salt because the real causes of abuse lie both in the layer of errors of (more or less conscious) users, but also in the technical layer of systems.
It is also noteworthy that in the vast majority of cases of unauthorized access to data in systems, it is the so-called "protein interface" that is certainly crucial.
  1.  
  1.  

Tomasz Jurgielewicz

Head of Security Department at Lukardi. For the past 10 years, he has led a team of SAP Security specialists, providing comprehensive services and tools to secure SAP systems and optimize licenses. Experience in the areas of: - identification of authorization conflicts and authorization reorganization, - identification of SAP vulnerabilities, - integration of SIEM solutions with SAP, - optimization of SAP licenses.