TCU points out the vulnerability in cyber attacks on the government’s Internet infrastructure – Convergência Digital

Digital Convergence… 03/28/2024…Digital Convergence

The Federal Court of Inquiry has concluded an investigation to identify the problem of setting up the website, electronic mail and directory solutions in the systems of the government. public organization. According to TCU, this type of weakness can be exploited by hackers.

The work concluded that there is a flaw in the configuration of the management recommended by good practices for web hosting, e-mail and DNS (Domain Name Service) services. Most of the average indicators of data security practices indicate a low or moderate level of development.

The method allowed us to identify thousands of originals. With a negative outlook, most organizations and their customers are vulnerable to cyber attacks. This could compromise the confidentiality and integrity of a large part of the digital services provided to citizens by governments and subnational organizations.

Seven risks are identified that point to the possibility of control of network connections, compromise of user accounts, theft, leakage and loss of data or even interference influence of civil society. Problems can affect the organization’s programs, actions and goals, in addition to the loss of public trust and the possibility of fines. For example, 84% of laboratories are at high risk for attacks against applications hosted on their servers.

The main reason for non-compliance with security management is the lack of resources or investment, personnel and training. There is also a lack of efficiency in the use of models, and it is necessary to join the organization’s top management.

The expert-expert for the analysis, Aroldo Cedraz, mentioned the scale of the work, which evaluates 100% of the areas that have been analyzed. “The laboratories are used by public bodies and organizations of our power, at the federal, state and local level. Therefore, the survey is also innovative through the construction of products the true business of cyber security of services across the entire Brazilian public administration,” he said.

The review seeks to support improvements in the management of information security risks in the services of organizations. The Court decided to conduct the review because more than 80% of ransomware attacks can be attributed to incorrect settings in software and hardware, according to Microsoft Cyber ​​​​​​​Signals 2022 report.

According to the analysis, only 2% of the administrators have adequately evaluated the use of all four security checks in the web (HTTPS), 12% of the administrators in the web test and 29% in the email test do not use a digital signature certificate, 81% of the review list. in the web test and 86% in the email test do not use DNSSEC domain signature and only 8% of administrators have used all the anti-phishing measures evaluated.

TCU will teach eight clubs that represent various clubs that have presidents. The idea is to encourage the adoption of measures and the development of strategies to manage the risks that arise from non-compliance with regulatory audits.

To support public organizations, the audit team has prepared a “Risk and Control Map”, which seeks to clarify security controls, risks of non-use, as well as costs and benefits result. The document also details the procedures and instructions for using each control.

* With information from TCU

Check Also

How to identify fake Ozempic you buy online

If you know you have fake medicine, stop taking it and contact your doctor André …

Leave a Reply

Your email address will not be published. Required fields are marked *