The second problem is related

relemedf5w023 · Post by **relemedf5w023** » Wed Feb 12, 2025 9:27 am

— Protection of communication channels is no less important, especially for payment and banking systems, where in addition to disclosure of personal and private data, financial losses are possible. Most often, it happens that they do not think about the protection of channels and the environment for transmitting information, and if they do think about it, they use the “default” settings, for example, TLS/SSL. But there are also some peculiarities in choosing the protocol version (TLS 1.1, 1.2, 1.3 or SSL v1-3), encryption algorithm (RC4, IDEA, Triple DES, SEED, Camellia or AES), key length. Sometimes, for example, the correct TLS 1.2 protocol is chosen, with AES encryption, a key length of 256 bits, but they forget about the possibility of choosing an address by port 443 for HTTPS and or port 80 for HTTP, instead of blocking port 80 , as a result of which it becomes possible to gain access via an unprotected channel. Or, for example, they set up infrastructure on virtual machines and do not think at all about the need to close network access between virtual machines.

B) to business, as it invests money in specific special functionality that does not take into account security blocks.

Unfortunately, businesses do not always understand why they should macedonia whatsapp data resources on security units if they have no functional benefit, the product will not bring in any more money, and there are only probable risks that may not work. Businesses often understand the need to invest in security when an information security incident has already occurred.

Unfortunately, it is not only business that is to blame for this, but also its environment, which:

- also does not understand security;

— stinted on the budget for information security specialists (they don’t hire them at all, or they hire highly specialized specialists, or they hire one person who is responsible for everything);

— was unable to clearly convey the need for security and correctly justify the current risks (reputational, financial, time).

B) Problems with communication in the company or lack thereof.

This is the case when the business and its environment understand the need and importance of information security. They have allocated budgets, hired the appropriate specialists, but difficulties arise in communication between business units and information security/IT services, developers.