Unauthorised access to personal information, financial accounts or trade secrets can cause a lot of damage. This can lead to large losses due to the loss of reputation and financial assets, violation of user privacy, etc. Therefore, every person, organisation, business or financial institution must take care of data protection.
Let’s consider what types of information protection exist and take a closer look at the technical means.
Plan of the article:
- Who is interested in receiving confidential information
- How attackers gain access to information
- Types of information protection
- Protecting information from computer viruses
- Overview of hardware security methods
Who is interested in receiving confidential information
- Intruders and hackers: these are individuals or groups who attempt to gain unauthorised access to accounts, breach security, or use malware to obtain sensitive data.
- Market competitors: they may be interested in obtaining data such as customer base, plans, strategies, or innovations to gain a competitive advantage.
- Government agencies and spies: in some cases, particularly in areas relating to national security, information may be targeted for espionage by government agencies or foreign intelligence services.
Information also needs to be protected from internal threats, such as negligence or abuse of trust by employees. Insufficient security awareness, improper data processing, or incorrect user access rights can create risks for information leakage.
How attackers gain access to information
There are many techniques used by attackers to gain access to information. They depend on the context, the target system, and the goals of the attackers. Here are 15 of them, for example:
- Phishing – messages in email notifications with links to fake rating websites that require the entry of personal data.
- Social engineering is the manipulation of people to obtain confidential data.
- Use of malicious software – introduction of viruses, Trojans, spyware, etc.
- Network traffic interception — unauthorised connections to communication channels in computer networks to obtain confidential information.
- Theft or loss of physical devices – gaining physical access to computers, laptops, smartphones with confidential information.
- Exploitation of software vulnerabilities – exploitation of flaws in software or operating systems, especially in outdated versions.
- The use of USB devices (the “Road Apple” method) – attackers plant virus-infected USB keys or flash drives so that the victim connects them to a computer.
- Buffer overflow attack – exceeding the buffer size in order to cause system malfunctions and gain unauthorised access.
- The use of keyloggers – the introduction of software that records keystrokes on a computer to obtain passwords and other confidential data.
- Physical entry into the facility – theft or forgery of access keys to the premises, server room, etc.
- Session hijacking attack – attackers steal or spoof session IDs to gain access to user accounts.
- The use of skimming or skimming is the installation of fake devices on ATMs or payment terminals to steal information from bank cards.
- Brute force attacks – automating the process of guessing passwords by using a combination of commonly used passwords or dictionary attacks.
- The use of “inter-operator” fraud – requests from telecommunications’ operators to provide access to telephone conversations or forward certain messages.
- The use of the “deleted data recovery” method is the use of software and techniques to recover deleted files or information from storage media that have been improperly deleted or deemed unrecoverable.
Types of information protection
Information security is the process of applying technologies, methods, and strategies to ensure the confidentiality, integrity, and availability of information in order to prevent unauthorised access, theft, damage, or loss of data.
There are several types of information protection, among which we can distinguish:
- Physical protection: includes measures to ensure the security of the physical environment, such as access control to premises, the use of surveillance cameras, locks, and alarm systems. It also includes the security of physical media: paper documents, flash drives, hard drives, etc. It provides protection against loss, damage or unlawful use.
- Organisational defence: оcovers the policies, procedures, and practices developed to ensure the security of information within an organisation. This includes a security training policy, segregation of duties and access control, and warnings social engineering, which involves manipulating people to gain unauthorised access to information.
- Financial protection: concerns the protection of financial transactions and data. This includes measures to prevent fraud, theft and financial crime, such as networked payment verification systems and monitoring of financial transactions.
- Technical protection of information: covers hardware protection methods, including physical barriers to restrict access to the system (smart cards, USB tokens, hardware encryption modules), software methods (protection against computer viruses) or a combination of hardware and software. Technical protection also includes data backup and recovery, and may include other measures related to the security of computer systems and networks.
Undoubtedly, a set of measures will work most effectively. Therefore, attention should be paid to premises surveillance, threat monitoring, countering technical intelligence tools, and training in information security for new team members. But it is better to start by testing the IT structure for vulnerabilities and conducting a security audit.
We also recommend that you pay special attention to technical security, as it is probably difficult to find a company that does not have an online presence, or does not use computers and does not store information on electronic media. Most of the threats come from the network and are aimed at stealing digital data. And modern equipment can significantly help reduce the cost of protecting information.
First of all, you need to protect your computers from viruses. This information is important in order to navigate the issue. Because in reality, you can’t just install the best antivirus software on your hardware and hope that it will be enough.
Protecting information from computer viruses
You can organise protection against computer viruses in the following ways:
- differentiating between access to information and storing it on additional servers or in cloud storage, so that in case of damage, it can be quickly restored;
- Hardware-based antivirus protection devices – gaining popularity in recent years;
- Antivirus software is the most common means of countering cyberattacks.
In turn, antivirus programs are divided into several types based on different functions:
- detector software;
- doctor programmes;
- audit software;
- filter programs;
- vaccine software.
Let’s consider their advantages and disadvantages.
Detector programs (utilities) are designed to detect threats to information security, such as viruses, spyware, Trojans, network worms, and other types of malicious code. They scan files and drives using databases of known vulnerabilities and malware patterns. If malicious code is detected, the utility notifies the user. Or it can take steps to block, quarantine, or remove the malware.
Disadvantages of detector software. The capabilities of these programmes are limited by the information available in their databases, and they cannot provide 100% protection against all types of threats, especially new ones. By blocking the operation of malware, they can also delete files that the user needs. Also, detectors are not designed to prevent threats from entering computers.
Antivirus software doctors
Doctor programs are designed to “cure” files, disks, or programs infected with viruses. That is, they are able to restore maliciously damaged programs to their original state without deleting the virus carrier file itself. This is their advantage compared to detector utilities.
Disadvantages of doctor apps. As in the previous case, doctor antivirus programs are based on detecting known patterns of malicious code. So new malware that is not part of their databases can go undetected. Keeping your apps up to date can partially address this issue.
Antivirus software auditors
Audit software works by comparing the initial state of the system with the current one. This way, they can quickly respond to any suspicious changes in files. Unlike scanners, they work many times faster and are able to detect new viruses that are not yet available in any databases. It can restore some damaged files to their original state by storing copies of them.
Shortcomings of auditors: Unfortunately, the auditors cannot protect 100% against all viruses, and rolling back the system to the previous state is not always a good solution for the user. Therefore, auditors are usually used in conjunction with other antivirus programs.
Filter programs can detect malware that is designed to replicate itself and accesses the system’s RAM directly. Just like scanners, they are able to detect yet unknown viruses that are not in antivirus databases.
Disadvantages: viruses that are downloaded by the user together with legitimate programs or access permanent memory are not detected by the filters.
Vaccines are designed to process files in such a way that viruses that enter the system think they are infected, although the latter work correctly and without interfering with the user’s work.
Disadvantages of vaccine programs: they are not designed to detect viruses and treat files.
Since all available antivirus programs have certain limitations, hybrid programs (doctors-detectors, auditors-doctors, etc.) or several antivirus packages are usually used in practice (it is important to choose the right one, as they can conflict).
We can also recommend using reliable cloud storage for storing databases and copying important information, where all the necessary equipment, including antivirus solutions, is usually already configured. To select tools for effective information protection, we recommend that you contact information security specialists.
Please also note that when it comes to malware that steals access to accounts or helps attackers interfere with network traffic, you may be protected by hardware devices.
Overview of hardware security methods
Hardware devices that prevent password theft and securely protect even against phishing and physical access to devices include hardware security keys, smart cards, tokens, and hardware modules (HSMs).
Hardware security keys or tokens — -are small devices that work like an apartment or car key. They only unlock access to an operating system account or accounts stored in web applications, and unlike regular keys, they cannot be forged or copied. Tokens can store identification data, certificates, encryption keys, and other confidential information. They are commonly used for authentication, document signing, security, and access to various resources.
Smart cards — these are usually plastic cards that contain an embedded chip with a processor, memory, and communication interfaces. They can be used to store information, including personal data, financial data, medical information, and more. Smart cards are often used for authentication, contactless payments, access control, electronic passports and other applications.
The main difference between tokens and smart cards is their form and functionality, but both types of devices are used to store and protect confidential information and ensure security in various fields. However, some security keys, such as the YubiKey 5 Series and YubiKey FIPS have a smart card mode (PIV та CCID).
A hardware cryptographic module is a device designed to protect cryptographic keys (PKI) and accelerate cryptographic operations. It ensures the authenticity of digital signatures of blockchain network participants and creates a secure environment for implementing IT solutions.
Cryptographic modules come in a variety of form factors:
- PCI Express embedded cards;
- network modules;
USB tokens are the most compact devices for server security.
To choose the most reliable technological security options, we recommend paying attention to the following:
- key certification;
- speed of work;
- capabilities of the devices;
- energy consumption;
- resistance to burglary;
- physical reliability;
- ease of use.
In this sense, one of the most interesting options is YubiKey keys and security modules.
YubiKey’s security keys
YubiHSM 2 security module
If you need help with a security audit, developing a cyber defence system, or choosing hardware devices to protect your IT structure, don’t hesitate to contact us!
Cybersecurity is a constant race against the clock: hackers find vulnerable chains and try to gain access to confidential information, while security experts build security systems that attackers try to break into after a while. And this happens all the time....
How the YubiKey protects against brute-force attacks: technicalities of attacks and key encryptionBrute force attacks are one of the most common hacking methods. It is considered one of the simplest, because in fact, in order to start an attack, an attacker only needs...
What is a USB token and how to use itThe concept of a USB token Since protecting accounts with a login and password has long been outdated, back in the early 2000s, many manufacturers began to offer USB tokens as an alternative solution. These are hardware keys for...