Living. Data.

Siber Saldırılarla İlgili En Büyük 10 Yanılgı

Ransomware, phishing, fraud: cybercrime is on the rise, introducing us to new terms and techniques every day. Many companies protect themselves as much as possible, but many also indulge in a false sense of security. A security software manufacturer Sophos< /b> summarized the 10 most common misconceptions of the past year.

"Our company is too indifferent to be hacked"

Criminals, takes advantage of favorable opportunities regardless of company size, success or turnover. Thus, all companies and anyone with a digital presence can become a victim of a cyber attack. Especially companies with open vulnerabilities or misconfigurations are their main targets.

"Our endpoint protection is completely adequate"

hackers Every day is finding new ways to bypass or undetected endpoint software. Whether you're using social engineering, obfuscated malicious code or malware attacks: the list is long and traditional antivirus technologies have a hard time detecting and blocking such activity.

Also, Hacked endpoints could be the gateway to additional, unprotected servers. For example, a backdoor can be installed on a hacked computer so that attackers can always access the targeted network from there. Sophos are the most popular target servers for hackers.

In conclusion : In addition to basic security through endpoint protection, advanced security tools such as behavioral and AI-based detection or proprietary security measures on servers are mandatory to ensure adequate protection.

"Our security policies have proven to protect us well"

That's right It can happen – but security policies that aren't constantly reviewed and updated quickly become obsolete and still create a vulnerability. It is critical to ensure that security policies are always compatible with existing IT infrastructure.

"We protect Remote Desktop Protocol (RDP) servers by changing ports and using multi-factor authentications"

These two even the measure does not adequately protect RDP servers. Even if you change ports, hackers will look for vulnerabilities regardless of the ports you use.

Additionally While multi-factor authentication is important, it only fully protects your company if all employees and every device actually use it. It is also recommended to perform RDP activities within a virtual private network (VPN). However, this provides only limited protection if attackers already have a foothold in the network in question.

Finally, It is recommended to limit the use of RDP as much as possible.

"Our employees can handle such incidents"

This is basic , but should always be expanded. Hackers are getting more sophisticated: for example, by making phishing emails increasingly difficult to detect. That's why regular and frequent training of employees comes first to equip them for the ever-evolving types of attacks.

"My data can be recovered after ransomware attack"

What a shame That said, hackers hardly ever make mistakes today and encryption processes have greatly improved. By the way, automatic backups are also affected by ransomware, so restoring the original data is almost impossible. In this case, even experts are unlikely to save anything.

"If we pay the ransom, we will get our data back"

This is probably Biggest misconception: According to a recent "Ransomware Status" study, companies that pay ransom only get back an average of 65% of their data. In fact, 39% of companies get less than half of their data back, and only 8% recover all of their data.

Also, data recovery represents only the smallest piece. Software and systems must be rebuilt from scratch, as in most cases computers are completely shut down. According to the "State of Ransomware" study, these recovery costs are nearly ten times higher than the total ransomware.

"When we recover from the ransomware attack, we are completely safe again"

What a shame which rarely happens. Effective ransomware attack and shutdown of the entire IT system only happens when the hackers' activities become visible and noticeable. In most cases, the attackers were on the network weeks ago. This allowed them to disable or delete backups, install backdoors or delete important information.

Cyber ??attacks One of the most effective ways to protect against it is to keep up to date with what works and what doesn't. That's why we like to share such helpful tips regularly. For those who do not have a large IT department of their own, it is imperative to bring in outside professionals to continue to be successful in the business world.

Stay undamaged!