Basic security must be thoroughly implemented first.
Seemingly plausible security measures have only served to reassure our society.
It appears that 85% of major infrastructure attacks occurred due to failure to maintain basic levels of security such as patches, 2nd authentication (additional authentication), and the principle of least privilege. (2024 IBM Report)
According to Microsoft research, "implementing multi-factor authentication (MFA) can block 99.9% of account attacks".
To strengthen security, the order of applying 2nd authentication that supports a multi-layer authentication system is first the operating system (OS), second the administrator account or management console, and third the general user account.
80~90% of breaches, including Ransomware, are related to remote access.
(According to KISA's 8 major security rules for data backup, access to backup storage should be blocked to all but the backup personnel, and if possible, multi-step authentication such as OTP should be applied.)
The first security solution to be introduced is a 2nd authentication solution that can block account theft, privilege escalation, and bypass/remote access.
Most attacks can be prevented by simply following basic security policies.
