[Countermeasures] What are the countermeasures to prevent unauthorized access?
There are various methods to prevent unauthorized access, ranging from simple free methods to strong paid methods. If you do not take measures against unauthorized access, important data in applications and software may be rewritten, or you may be infected with ransomware, a virus that rewrites your account PIN and demands a ransom in exchange for telling the PIN. If such unauthorized access occurs, it will not only affect your company, but it will also have a negative impact on your business partners, and there is a possibility that trust issues will arise.
In order to prevent these problems, we must take measures against unauthorized access, and even those who are not familiar with IT should take measures to the extent possible.
In this article, we will explain the history of unauthorized access and ultimately explain how to prevent it.
What is unauthorized access?
We will explain unauthorized access according to the definition of the Ministry of Internal Affairs and Communications.
Unauthorized access refers to the act of someone who does not have the proper access privileges breaking into a server or information system. This can result in the server or information system shutting down or important information being leaked, which can have a major impact on the operations and brand image of a company or organization. It goes without saying that when customer information or other information is leaked, the credibility of the company or organization is severely damaged, and there have been cases in the past where this has escalated to the point of having to pay such damages. As you can see, unauthorized access can cause enormous damage. Because the Internet is connected to the whole world, unauthorized access can occur from anywhere in the world. Quote: What is unauthorized access? | Cybersecurity site for the public |
History of unauthorized access
Unauthorized access began to spread in the late 1990s. Computer viruses first appeared in 1986, and were first created and distributed for the purpose of detecting illegal copies of software. Therefore, computer viruses were originally created for practical purposes and existed in a completely different form than they are today.
A few years later, a virus called the Morris Worm infected many computers and caused confusion for many users. This marked the beginning of the spread of virus threats worldwide, and the next virus that infected many users was “ransomware.”
Ransomware is a computer virus that illegally accesses a computer, encrypts folders and applications, and demands a ransom agaist the user in exchange for revealing the password. The infection route of ransomware is different before and after the spread of the Internet. Before the spread of the Internet, floppy disks were distributed to computer users, and ransomware was transmitted through these floppy disks.
After that, as the Internet became more widespread, the number of cases of unauthorized access increased significantly as convenience increased. Now, with the spread of teleworking, unauthorized access is increasing, targeting security vulnerabilities, unauthorized access from emails and websites, and unauthorized access from various locations.
| Timeline of unauthorized access | ||
| Decades | Events | Details |
| 1986 | Brain Virus | An early computer virus. Created by the Alvi brothers in Pakistan |
| 1988 | Morris Worm | The world’s first internet worm. Infected approximately 6,000 computers. |
| 1989 | PC Cyborg (AIDS Trojan) | The world’s first ransomware. Distributed via floppy disks. |
| 1998 | Unauthorized Access Act | Enacted in Japan. Unauthorized access and acts that aid in such access are now illegal. |
| 2000s | Code Red, Nimda | As the Internet becomes more widespread, various viruses spread. |
| 2010s | Phishing emails, ransomware | Targeted attacks increase. |
| 2020s | The spread of telework | Attacks targeting security vulnerabilities increase. |
Number of victims of unauthorized access
The number of unauthorized access cases is increasing year by year, with ransomware causing the most damage to corporations. According to a survey by the Information-Technology Promotion Agency (IPA), the number of ransomware cases in the second half of 2020 was 21, while the number of cases in the first half of 2024 was 128, which was approximately six times as many. The main routes of ransomware intrusion are VPN devices and remote desktops (VDI), and there is an impression that many unauthorized accesses target security vulnerabilities when working in remote locations.
Causes of unauthorized access
There are two main causes of unauthorized access: unauthorized access that targets security vulnerabilities and virus infections from phishing emails and websites. Unauthorized access that targets security vulnerabilities requires thorough security measures from security personnel, but as for the second point, phishing emails and websites, anyone can prevent unauthorized access if they are careful, so the first step in preventing unauthorized access is to not open unknown emails or websites.
Measures against unauthorized access
So far, we have explained various aspects of unauthorized access. From here, we will explain what measures are necessary to prevent unauthorized access.
Introduce multi-factor authentication/two-factor authentication
Multi-factor authentication has recently been introduced in many companies to prevent unauthorized access. Multi-factor authentication refers to a method of authentication that combines two or more of the three factors: “intellectual information,” “possessed information,” and “biometric information.” Two-factor authentication is similar to multi-factor authentication, but two-factor authentication and multi-factor authentication are different things. To be more specific, two-factor authentication is “authentication done twice without the need for a combination of factors,” so it is different from multi-factor authentication, which requires a combination of multiple factors.
The biggest merit of introducing multi-factor authentication is that it significantly reduces the risk of unauthorized access from a third party. This is because it makes it impossible to log in with only intellectual elements such as ID and password. The reason why many people become victims of unauthorized access in the first place is that they register for various applications and services using simple IDs and passwords, which often results in information being leaked to the outside. With multi-factor authentication, even if your ID and password are discovered, unauthorized access is not possible unless elements other than intellectual information are leaked.
For these reasons, multi-factor authentication is gaining importance worldwide, and many companies are introducing it. If you want to prevent unauthorized access, please consider using it.
Avoid reusing IDs and passwords
If you use the same ID and password for various services, the risk of unauthorized access increases significantly. The reason is that if you reuse your ID and password and they are leaked from one application or service, the information will be leaked from all applications and services. According to a survey by the Tokyo Metropolitan Police Department, the most common method of unauthorized access is the leaking of IDs and passwords, accounting for 90% of the total. Furthermore, in 40% of these 90%, IDs and passwords are reused and leaked without the user’s knowledge. Therefore, when operating applications or services, we recommend that you set different IDs and passwords for each one. And since this is something you can do for free, please consider doing so.
Reference information: Status of unauthorized access and research and development of technology related to access control functions.pdf
Do not view suspicious emails or suspicious sites.
The second most common way for unauthorized access to occur is “phishing,” which occurs through suspicious emails or suspicious websites. Many people are aware of this phenomenon as it has been widely covered in the media recently, but the number of victims still seems to be high. In addition, the number of sophisticated methods used to extract IDs and passwords is increasing every year, so be careful not only of emails and websites you do not recognize, but also of emails and websites that seem even slightly strange or that try to extract your ID and password in a strange way.
Do not connect to unknown free Wi-Fi
Have you ever seen a spot offering free Wi-Fi in the city? In fact, even these unknown free Wi-Fi networks pose a risk of unauthorized access. This is because when you connect to Wi-Fi, it is possible for a third party to peek at your device’s information. If you do connect to Wi-Fi, your ID and password may be stolen or a computer virus may be injected into your device. If you are infected with such a virus, there is a very high possibility that it will affect not only you but also those around you, therefore please be careful.
Lastly
Unauthorized access is something that lurks all around us, and many people need to take measures against it. There are a variety of countermeasures, from free and easy measures to costly and strict measures. From these, it is best to choose the measures and methods that suit you best when it comes to countermeasures. Even if you have never been a victim of unauthorized access before, there is a good chance that you could become a victim of unauthorized access tomorrow. Let’s start by taking measures against unauthorized access with some easy steps.
Related articles
■If you want to introduce DaaS to SMEs, applippli DX Pro is recommended
■What is remote desktop? applippli DX Pro is the recommended service for corporations
■What is hybrid work? Explaining the difference with remote work What are the recommended services?
■How to do telework? Explaining the merits and demerits of virtual desktops
