Protect your company from cyber attacks! Thorough explanation of techniques, cases, and countermeasures
As the use of the Internet continues to grow, we often hear the word "cyber attack" in recent years. In 2018, big companies were hit by cyber attacks, and it was big news. In order to avoid damage, it will be necessary to know the methods of cyber attacks and take countermeasures. This time, we will explain the methods of cyber attacks, actual damage cases, countermeasures, and so on.
What is a cyber attack?
To put it simply, a cyber attack is an unauthorized access to a server, stealing personal or confidential information, or tampering with or destroying data. Not only does it cost money to recover from damage, but if customer information is leaked, it loses the credibility of the company and suffers great damage.
Cyber attack method
If you don't know the actual technique, you can't take measures.
Know the typical tricks to protect your company from cyber attacks.
Ransomware
Ransomware is a virus that is introduced by a Trojan horse (a means of disguising and invading), and is a cyber attack that demands money to lock and unlock data in a PC. It was named after "ransom," which stands for ransom in English.
DoS attack
DoS attack DoS is an abbreviation of "Denial of Service attack", and an attacker (1 base) puts an excessive load on the server on the other side, slowing down or stopping the activity. increase.
There is also a "Distributed Denial of Service attack" (Distributed Denial of Service attack), in which the load is higher than a DoS attack by attacking from multiple locations.
F5 attack
Press F5 in your internet browser to reload (refresh the page). Reloading is an attack that brings down the server by intentionally hitting the F5 key repeatedly because it puts a certain load on the server. It can be said that it is the easiest cyber attack to be executed.
SQL injection
SQL injection is to send a SQL statement to the database to the server and cause it to behave illegally. It corrupts the database and steals or rewrites information. In some cases, it can also be attacked from the address bar or form of the browser, so many companies are suffering.
List type attack
Every service exists on the Internet, and there are many users who have multiple accounts. Many people use the same password because it is cumbersome to manage. Attackers use passwords obtained from other sites to steal personal information and money from the target site. This is a list attack.
Cases of damage caused by cyber attacks
There are various methods for cyber attacks, and many damages have been reported. It's just the tip of the iceberg, but let's take a look at some examples of cyber attacks on businesses and organizations.
Case 1: Lawson
In September 2018, it was announced that the "Lawson ID" managed by Lawson was illegally accessed by a cyber attack. This is due to a list-type attack that uses the same password that is also used on other sites. Lawson responded to password reset to reduce the damage. The scale of damage and compensation are not disclosed.
Case 2: Japan Pension Service
In May 2015, the Japan Pension Service announced that the personal information of 1.25 million people had been leaked. The beginning is an email titled "Opinions on'Review of the Welfare Pension System (Draft)'" sent from the free address to the staff of the Japan Pension Service. When the staff opened and downloaded it, the PC was infected with a virus and personal information was leaked. It is reported that the damage caused by the damage is more than 12 billion yen.
Case 3: British Airways
British Airways British Airways was also hit by a cyberattack in 2018. The application software provided by the company was flawed, and user information was stolen from it. The personal information of about 380,000 users was stolen, the corporate image was significantly damaged, and compensation was paid.
Case 4: Naruto Hospital, Tokushima Prefecture
In 2018, it was announced that the homepage of Naruto Hospital in Tokushima Prefecture was illegally accessed and there was an unauthorized posting in Hangul. Since the electronic medical records and personal information were not leaked, the damage was reduced, but it can be seen that not only major companies are targeted.
Countermeasures against cyber attacks
It seems that specialized knowledge and personnel are required to protect yourself from cyber attacks, but there are ways to deal with it even if it is not.
Use security tools
When we think of security measures, we often think of antivirus software, but that alone is not a complete measure. This is because antivirus software only protects against existing viruses and does not support the latest viruses. For cyber attack countermeasures, we recommend using security tools provided by security companies. Specifically, the following policies are taken.
Do not let intrusion
Do not allow communication from inside to outside
Quarantine if attacked
If you follow these three principles, even if you are hit by a cyber attack, you will not be seriously damaged.
Raising employee security awareness is also important
It is also important to ensure employee security awareness. With phishing and spoofing emails, you'll also need to keep your employees up-to-date with the latest security information.
Small and medium-sized enterprises are targeted⁉
Only large companies are reported in the media, but small and medium-sized companies are also suffering more damage. According to the " FY2016 Fact-finding Survey on Security Measures in SMEs " released by IPA (Information-technology Promotion Agency) , the rate of virus infection was 27.8% for SMEs, 34.4% for SMEs (100 or less), and SMEs. (100 or more) announced that it was 54.6%.
While large companies are implementing countermeasures against cyber attacks, many small and medium-sized enterprises are still unable to take countermeasures. In the above survey, 57.5% of small businesses and 43.7% of small and medium-sized businesses with 100 or less said that they "do not systematically" provide information security.
At present, SMEs may be the prey of cyber attacks. Even if you don't feel it is a problem right now, you need to take good security measures in case of risk.
Sophisticated cyber attacks, but security is also evolving
Cyber attacks are becoming more sophisticated year by year. However, security software and equipment are also evolving. Collect security information and take appropriate measures to reduce the risk.
Comments