What services are most often overlooked by security specialists
|Photo: Global Look Press|
The main reason for hacks and data leaks in Russian companies is digital assets unaccounted for during the inventory , found out in the Bi.Zone company. Most often, public cloud storages like Google Drive, DropBox and files in them, as well as services for organizing internal processes, fall out of sight of security services. They allow attackers to penetrate organizations' networks and gain access to confidential information. Digital assets often remain unaccounted for due to the high speed of business digitalization: local security services do not have time to keep track of new software, experts say.
60% of leaks and 85% of breaches of computer networks are associated with unaccounted for in the inventory of digital assets , according to a study by Bi.Zone. The company's specialists obtained this information by analyzing the data of more than 200 Russian and foreign companies.
- For example, the company employs an information system (IS) A . Then it changed to information systems . At the same time, no one will dispose of the first IC , it remains. At the same time, she may have access to the Internet. Since system A stops even being updated, the risk of intruders entering through it increases, since they can take advantage of a vulnerability that the company forgot to close with an appropriate update , ”said Andrey Konusov, CEO of Avanpost.
According to him, there is also a risk that an employee of the company, who has not been working in it for a long time, can transfer access to the old system to the attackers. Such a key can allow obtaining data from both a compromised system and from others.
|Photo: Global Look Press|
Researchers also call digital assets files and folders shared in public cloud storage such as Google Drive and DropBox, various information systems (for example, for customer relationship management, for setting and controlling tasks, for electronic document management), virtual servers. Often during the inventory, some of these elements remain unaccounted for and thus drop out of sight of information security services (IS)
During the inventory of digital assets, the company takes into account all of its files and services, including those that are stored or operated on the Internet. If something is overlooked, there is a risk of leaks or network compromise.
- For example, an employee may mistakenly leave a client base file with the default password (admin, 12345678) in the public storage. With full control of digital assets, such problems are easier to identify in a short time - before a hacker gets to them, the authors of the study explained.
Alexei Parfentiev, head of the analytics department at SerchInform, shares a similar opinion. According to him, unaccounted assets are, in fact, an open door for intruders to confidential data.
- Network services available for connection make it possible for any Internet user to select credentials for these services and exploit vulnerabilities in the software. Then the attacker can develop an attack and penetrate the company's internal network, conduct a denial of service attack, gain access to confidential data, '' said Olga Zinenko, senior analyst at Positive Technologies.
More than 60% of companies register assets only in the context of accounting and management accounting , Bi.Zone experts noted. In their opinion, in this case, other important business assets not related to accounting and management leave the field of vision.
- A very common situation is the use of various external file exchangers, resources for the exchange of documents intended for use exclusively within the company.
Or, for example, due to lack of resources, due to a lack of resources, properly unprotected temporary or test machines for storing a backup copy of data containing confidential information, - said Alexey Kubarev, head of the business development group of the Dozor product center of Rostelecom-Solar.
Files and folders shared in public cloud storages like Google Drive and DropBox are indeed one of the most common causes of leaks and compromises, Andrey Konusov confirmed.
Vseslav Solenik, director of the R-Vision center of expertise, believes that many "technical" assets created by the IT service for testing or their own needs, including accounts with privileged rights , remain unaccounted for.
- In general, if something is created temporarily, it is rarely entered into the inventory registries and is configured correctly. And then it becomes permanent or the configuration of the settings is transferred to industrial assets, as it is, with all the shortcomings, the expert explained.
|Photo: Global Look Press|
Digital assets often remain unaccounted for during inventory due to the fact that local IT and information security services do not keep pace with the high pace of business digitalization , he added. Also, some assets are left outside the security loop on purpose - for the sake of meeting tight deadlines, the specialist said.
“When you need to quickly launch a system, service or infrastructure segment and there is a high time pressure, it’s easier to deploy servers or services bypassing“ bureaucratic ”procedures, which automatically makes them unaccounted for,” said Vseslav Solenik.
Rostelecom-Solar noted that, in addition to haste, often the reasons for the violations discussed are lack of resources and neglect of information security requirements for the sake of convenience.