Through the Eyes of JellyTech -> Cybersecurity
When thinking about 2023 in the IT industry, it is impossible not to talk about security. Of course, we can look at the problem both globally and locally. Today we would like to focus on areas where we, as commercial internet users, are present every day: e-commerce, government services, payments, and bank accounts. The lion's share of our lives now exists only in cyberspace, so it is worth making sure it is safe.
Indeed. So let's start with the basic question: are our data and money safe?
Globally, e-crime is estimated to cost a staggering $10.5 billion per year. What's the situation in Poland? According to SW Research study — 22.7% of Poles have been defrauded or robbed while shopping or conducting other online transactions. In 2021, CERT Polska registered 116,071 e-crime reports. From all reports, 65,586 were selected, based on which a total of 29,483 unique cybersecurity incidents were recorded. Year over year, the number of cyberattacks thus increased by 182%*. We are awaiting data for 2022, but we already know that in 2022 this institution handled 34% more incidents compared to 2021.
Companies and institutions are of course not standing still. Anticipating attacks and strengthening security measures has become a priority. What weapons do they have?
Today, a word about two-factor authentication and the Computer Security Incident Response Team as institutions established to guard our security online.
The technical and technological aspect.
The simplest and most familiar tool for us is two-factor authentication (also called two-step verification, or in English: Two Factor Authentication, 2FA). "It is the process of securing an account by adding a second verification step, beyond the standard login and password," says Krzysztof Rybicki, Frontend Developer at JellyTech. "Usually this is a code generated on a mobile device or sent in a text message to a phone number, which the user enters after entering their login and password. Such a system provides greater protection against unauthorized access to an account, because a potential hacker would need not only the login and password, but also the physical device or access to the phone number to which the code will be sent."
Do we have only these options? Of course not. There are other second factors as well. We can use "security keys" — small devices that can be individually purchased — we can provide a "second", alternative email address, or use backup codes (useful, for example, when the phone runs out of battery).
As Krzysztof Rybicki notes: "The benefits of two-factor authentication are obvious — it provides a higher level of security and protects users from identity theft, online fraud, and hacker attacks. For example, in the case of online banking, two-factor authentication secures our bank account against theft of money by unauthorized persons. Similarly, in the case of email services, two-factor authentication protects our privacy and data from theft, which is especially important for companies that store sensitive customer data."
The institutional aspect.
By the institutional aspect, we mean the institutions that have been established to organize cybersecurity support structures at the state level. In Poland, these include the specially created Computer Security Incident Response Teams (CSIRT for short), operating within organizations such as the Ministry of National Defense (MON), CSIRT GOV (run by the Head of the Internal Security Agency), and NASK (the Research and Academic Computer Network). The latter entity, as a research institute, has the task of developing telecommunications networks in Poland and ensuring their security. Such initiatives include an early warning system against cyber threats in enterprises and a system responsible for detecting in real time attempts to take over accounts and unauthorized transactions. In the area of individual security and threats, CERT (also established within NASK) is very active. This is the institution to which we can report all incidents from cyberspace (including SMS scams), check whether a given domain is conducting malicious activity, etc. Its tasks include, among others, developing tools and methods for detecting and combating cybersecurity threats. Those interested in the profile of these institutions are referred to the links in the sources below.
We are aware that this topic is very broad, and we are only touching the tip of the iceberg. We will continue to follow the latest cybersecurity trends and return to you in future blog posts.
*per CERT Polska, year-over-year data 2020/2022. The 2022 report will be available in April. https://cert.pl/uploads/docs/Raport_CP_2021.pdf
Sources:
https://swresearch.pl/
https://cert.pl/
https://www.nask.pl/
