Cyber ​​security, password protection strategy


AGI – TheNational Cyber ​​Security Agency published on its website instructions for password storage created together with the Guarantor for Personal Data Protection. It is the first in a series of technical publications to protect the cyberspace in which we all move. During these hours, a ransomware attack by the Russian hacking group Lockbit on public administration services took place, the attack was foiled and “mitigated” thanks to the help of ACN technicians.

In the last year, the activity of the Agency under the leadership of Prefect Bruno Frattasi has been noted requests for help are multiplying by public institutions, private companies, sometimes even small ones, whose websites or business management systems have been blocked by more or less well-known groups of “cyber attackers”, ready to restore the functionality of the platforms that were “held hostage” in exchange for a ransom.

Cyber-attacks that affect the target IT infrastructure almost always after an employee error: a poorly kept or easily identified password or a response to a seemingly harmless email are always two incidents that employees and secretaries encounter and that lead to the paralysis of the company. . Hence the massive campaign that ACN has been running for months to help businesses and public institutions better defend themselves and prevent cyber attacks.

The agency’s latest publication does not specifically, it refers to the manner in which a personal password must be generated to secure, for example, social accounts, but the way in which the provider of the service you are accessing must protect your password in order to access it. A critical operation given, as already mentioned, the high number of breaches of these password databases that have caused uproar and concern and caused significant economic damage.

Think of the repeated breaches of databases of major social networks, email account providers, and e-commerce services, and the subsequent collection of stolen credentials in vast virtual warehouses offered for sale on dark markets to the highest bidder, or with a simple one aimed at damaging the reputation of the companies and entities involved.
Agency technicians in via di Santa Susanna estimate that there are several trillion credentials for sale on underground forums and that the average global cost of a data breach in 2023 was around $4.5 million, growing by 15% over the year. 3 years.

This is why many organizations plan to increase security investments after a security breach. For example, healthcare data breach costs have increased by 50% since 2020, and the healthcare industry in particular has seen a significant increase in data breach costs since 2020.

The aim of these guidelines is therefore to provide recommendations on the cryptographic functions that are currently considered the most secure for storing passwords, in order to prevent the authentication data (username and password) in the databases that are contained from being breached and not ending up in the hands. by cybercriminals to then be placed online or used for identity theft, ransom demands, or other types of attacks.

Cryptography protected written communication from time immemorial and Italy developed an important school of cryptography over the centuries starting with Leon Battista Alberti who wrote “De Cifriis”. Alberti was a brilliant cryptographer and invented a method of generating encrypted messages using a device, the encryption disk. Today, from an important diplomatic-military tool useful where couriers, doors and closed envelopes were no longer enough to protect communications, encryption has become an essential tool for guaranteeing security in cyberspace every time we turn on our smart TV to watch a game. , every time we send a chat message, every time we make an online purchase.

As the art and science of secret writing, cryptography is evolving and must be updated to maintain its important societal function. However, the secure password storage work done with Privacy Guarantor is just one way ACN has stepped in to build a safer digital environment.

Following the example of other international realities, the Division of Technology Control, Cryptography and New Technologies within the Certification and Surveillance Service of the Agency, under the leadership of Admiral Andrea Billet, decided to start publishing the “Functions Guidelines Cryptographic” series, which presents the main (primitive) cryptographic functions from a theoretical and practical point of view.

Including “Cryptographic hash functions“, essential tools for cyber security, because thanks to their properties, they allow to ensure the integrity of data, that is, they allow to verify the change of data or message; and “message authentication codes”, or MAC, which allow guaranteeing the integrity of the message and verifying the identity of the sender.

These guidelines, taken together, provide precise data for the use of commercial cryptographic algorithms throughout the life cycle of ICT systems and services in accordance with security and privacy principles. The documents – informs ACN in a note – take into account the threats present on the day of their publication and will be promptly updated based on the development of research in the field of cryptography and cyber security.

Due to the diversity among the information systems to which they apply and the variety of possible contexts, Acn cannot guarantee that these recommendations can be used in the target information systems without adaptation. In any case, the relevance of the implementation of solutions proposed by ACN must be evaluated and validated in advance by persons responsible for the security of information systems.

Reproduction is expressly reserved © Agi 2023


Source link

Leave a Comment