focus notes
What are the 10 major threats in information security?
table of contents
Information security issues have come up frequently in recent years. caused panic around the world in 2017 Ransomware “WannaCry”The number of cyberattacks that not only steal information but also directly aim for money is increasing, and small and medium-sized businesses and individuals are becoming more interested in these attacks.
Among the diversifying cyber attacks, this is a factor that requires particular attention. "Top 10 threats to information security"is published every year.
In this article, what are the 10 major threats of this year (2018)? Explain what new threats are emerging. Read this article to deepen your knowledge about information security.
What are the top 10 threats to information security?
As cyber-attacks become more diverse, one threat to be especially careful about is "Top 10 threats to information security"is.
From an administrative standpoint, we are promoting the strengthening of information security measures. Information-technology Promotion Agency (Independent Administrative Agency) (commonly known as IPA)publishes the ``Top 10 Threats'' to information security every year.
The ``Top 10 Threats'' is a list of information security threats that had a large social impact in the previous year by gathering experts. Threats for “individuals” and threats for “organizations”, and ranked them separately.
Source: Information-technology Promotion Agency, Japan, 10 Major Information Security Threats 2018
https://www.ipa.go.jp/security/vuln/10threats2018.html
10 major threats for individuals
Here are the top 10 information security threats of 2018: Contents and methods of malicious cyber attacks targeting individualsLet's take a look at some of them.
1st place: Unauthorized use of internet banking and credit card information, etc.
internet banking and credit card Steal login information and misuse it.Recently, the number of scams targeting virtual currencies has been increasing.
<Trick>
- Infect with malware through email attachments or malicious websites
- An email that pretends to be from a financial institution etc. tricks you into entering personal information on a fake login screen (phishing scam)
2nd place: Damage caused by ransomware
By locking the screen and encrypting data, Holds computer or mobile phone information hostage and demands moneyI'll do it. If you don't pay, your important data will be lost. Moreover, even if you pay money, there is no guarantee that your data will be restored.
<Trick>
- Infect through email attachments or malicious websites
- Infect by exploiting OS vulnerabilities
- Force users to download an app with ransomware functionality
4th place: Attacks targeting smartphones and smartphone apps
Malicious apps may also be published on your smartphone's official app store. Many of them are disguised as popular apps. If you download it by mistake, Contacts, personal information, login information, photos, etc. on your smartphone can be stolen.
<Trick>
- Publish an app with the ability to steal information on the official app store and have it downloaded
- Accidentally download fake apps of popular apps
- Steal information from smartphones using Wi-Fi and Bluetooth vulnerabilities
5th place: Unauthorized login to web services
Login to various web services using fraudulently obtained authentication data. Account hijacking and financial damageIt leads to
<Trick>
- Unauthorized login by guessing password from personal information etc.
- Unauthorized login using login information leaked from other websites
6th place: Personal information theft from web services
Rather than extracting information from an individual's device, this is a cyber attack that attacks the web service itself and steals users' personal information. Credit card information is fraudulently used or misused for fraudulent emailsIt may be done.
<Trick>
- Attacks that exploit software vulnerabilities
8th place Unjustified claims such as one-click billing
While browsing the internet on your computer or smartphone, a billing screen appears. Improperly asking you to pay a feeI'll do it. There seem to be a particularly large number of claims related to adult sites.
<Trick>
- Display billing screen while browsing the website
- Send the URL of the incorrect billing screen via email
10th place: Internet fraud due to false warnings
Displaying false warnings such as virus infection while using a computer or smartphone, arousing user anxiety. Install malicious apps or softwareor defraud money or personal information.
<Trick>
- Control users by displaying false warnings such as "You are infected with a virus"
Top 10 threats for organizations
Next, we will explain some of the details and methods of malicious cyberattacks directed at organizations . In addition, items that overlap with the top 10 personal threats are omitted here.
1st place: Damage caused by targeted attacks
A cyber attack that targets a specific organization or group. Not only private companies and government offices that handle a lot of personal information, but also Possibility of targeting any organization/groupthere is.
<Trick>
- Virus infection via email attachments
- Virus infection by being directed to a fraudulent website
- Direct attacks based on server vulnerabilities
3rd place: Damage due to business email fraud
Impersonating a business partner Issue fake invoices and defraud money.As a preliminary step, you may receive a notice of change in the bank account to which the transfer will be made.
<Trick>
- Send invoices using similar email domains
- Take over email accounts and send invoices
4th place Increase in exploits due to disclosure of vulnerability countermeasure information
If a vulnerability is found in software, the software manufacturer will release information and countermeasures, but until the countermeasures are taken, Cyber attack exploiting vulnerability informationWe will implement it on a large scale. Over a million websites were also defaced.
<Trick>
- Create attack code based on published vulnerability information
- Launching brute force attacks around the world targeting websites that are slow to respond
7th: Emergence of vulnerabilities in IoT devices
in recent years, Exploiting vulnerabilities in IoT devicesIoT devices themselves may be used as a springboard for DDoS attacks or hijacked. personal information stolenAn incident is occurring.
<Trick>
- Exploiting vulnerabilities in IoT devices to infect them with viruses
- Internet service disruption due to DDoS attack using IoT devices as a springboard
8th place: Information leak due to internal improprieties
An employee or former employee maliciously Steal information inside the companyThis is a case where information is lost when it is taken outside the company, even if there is no malicious intent.
<Trick>
- A former employee fraudulently obtains information using previously used account information
- Losing information by taking it out with USB memory or laptop computer
9th place: Service outage due to denial of service attack
for websites and servers all at once. High load due to large amount of accessThis is a cyber attack that makes services unavailable.
<Trick>
- Attacking hijacked IT equipment by turning it into a bot
- DDoS attack agency services also exist (illegal services)
How many information leak incidents are occurring in Japan and what is the scale of the damage?
So far, we have explained the 10 major threats to information security. So, how often do information leak incidents, which are one of the most serious information security incidents, occur in Japan?
frequency
Information leak incidents at Japanese companies in 2017 386 itemswas.
(From the 2017 Information Security Incident Investigation Report Preliminary Edition)
Damage scale
For each accident, Average 31,453 people's personal information was leaked. The average amount of damages is also 628.11 million yenIt is expected that
Education is essential to prevent information leaks
According to a report by IPA, over 60% of personal information leaks are due to management errors (34.0%), operational errors (15.8%), and loss/misplacement (13.0%). “Human error”This is due to
Improving personal information literacy to reduce human errors will help prevent information security incidents. To that end, from now on, Information security education is importantIt will become. Why not take a look at this article and reevaluate your own or your company's information security?
[Reference site]
・Investigation report on information security incidents in 2018 | Japan Network Security Association
・NICTER Observation Report 2017 | National Institute of Information and Communications Technology
・Top 10 information security threats 2018 | Information-technology Promotion Agency
Achievements left behind
48 years since its establishment.
We have a proven track record because we have focused on what is important.
It has a long track record in both the public and private sectors.
Number of projects per year
500 PJ
Annual number of business partners/customers
200 companies
Maximum number of trading years
47 years
Total number of qualified persons
1,870 people