Cybersecurity 2018 - Passus experts advise how to prepare a company for an attack
When and how do cybercriminals most often attack companies? What does such an attack look like? How can companies counteract cyber threats? These are the questions answered by the recent Security Day 2018 seminar, organized by Passus SA together with Symantec, Fidelis CyberSecurity and STM Solutions.
The seminar was addressed to directors and managers of IT departments, as well as employees of company security departments, consultants and information security experts as well as persons responsible for implementation of security measures.
During the event, the organizers revealed statistics showing that cybercriminals most often use critical vulnerabilities in applications between 40 and 60 days after their detection - the probability of attacking a company using the application with disclosed vulnerability reaches as much as 90 percent. Meanwhile, patching such a gap in the application takes on average an average of 100-120 days from its detection.
The companies that have their own IT security department are much better at attacking. Intrusion detection takes them an average of 56 days. Companies that do not have their own security department are aware that their IT infrastructure has been compromised on average after 320 days.
The most common types of attacks on companies include these use meltdown, designed to collect data and search for vulnerabilities and vulnerabilities in the company's IT systems. Social engineering attacks, interception of encrypted sessions, remote code execution - SEH / BoF, attacks on wifi infrastructure and targeted attacks are also very popular. All these techniques were demonstrated live to the participants of the seminar by Passus SA specialists using a specially prepared environment.
In the second part of the seminar, the organizers confronted the previously presented attack techniques with selected IT security tools, demonstrating how to protect against attempts to steal data.
During the meeting, the experts also presented how to calculate the risk of threats in the company based on information, how much the company can lose for a year as a result of a hacker attack and what is the probability. On this basis, it is possible to make rational decisions as to whether it is more profitable to function on the market without investing in IT security or whether it is a better idea to look after adequate security in advance.
Add new comment
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.