Loading...
Publication
Cibersegurança numa unidade hospitalar
| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 4 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
Sendo a cibersegurança, um tema de extrema importância para o bom funcionamento de
qualquer instituição e uma vez que os ataques são cada vez mais frequentes, nomeadamente
hospitalares, foram enviados alguns e-mails de alerta sobre segurança e posteriormente simulados
alguns ataques phishing, para todos os utilizadores da instituição visada. Foram registados os acessos
numa base de dados SQL, dos utilizadores que selecionaram o link e os que colocaram credencias. Por
questões de segurança os dados foram anonimizados, inclusive a instituição, https://eur lex.europa.eu/eli/reg/2016/679/oj. Novamente foi enviada informação por e-mail a dar conhecimento
do efetuado e do número de utilizadores que expuseram credenciais, assim como identificados os
pontos que deveriam ter sido reconhecidos como não seguros. Na segunda campanha de phishing, a
simulação foi mais dissimulada, o que originou um número substancialmente maior de utilizadores a
serem vítimas da mesma. O trabalho efetuado foi produtivo, uma vez que serviu para despertar os
utilizadores e a própria instituição sobre as vulnerabilidades e suas consequências.
Embora os resultados tenham sido preocupantes, o objetivo foi atingido, estas simulações
foram de extrema importância para sensibilizar e despertar os utilizadores para estas situações e evitar
que sejam vítimas das mesmas.
Since cybersecurity is an extremely important topic for the proper functioning of any institution and since attacks are increasingly frequent, particularly in hospitals, some security alert emails were sent and later some phishing attacks were simulated, for all the users. Accesses were recorded in an SQL database, of users who selected the link and those who placed credentials. For security and privacy reasons, the data were anonymized, including the institution. Again, information was sent by e-mail informing what had been done and the number of users who had exposed credentials, as well as identifying the points that should have been recognized as unsafe. In the second phishing campaign, the simulation was more covert, which resulted in a substantially greater number of users falling victim to it. The work carried out was productive, as it served to awaken users and the institution itself about vulnerabilities and their consequences. The results were concerning, the objective was achieved, these simulations were extremely important to raise awareness and awaken users to these situations and prevent them from becoming victims.
Since cybersecurity is an extremely important topic for the proper functioning of any institution and since attacks are increasingly frequent, particularly in hospitals, some security alert emails were sent and later some phishing attacks were simulated, for all the users. Accesses were recorded in an SQL database, of users who selected the link and those who placed credentials. For security and privacy reasons, the data were anonymized, including the institution. Again, information was sent by e-mail informing what had been done and the number of users who had exposed credentials, as well as identifying the points that should have been recognized as unsafe. In the second phishing campaign, the simulation was more covert, which resulted in a substantially greater number of users falling victim to it. The work carried out was productive, as it served to awaken users and the institution itself about vulnerabilities and their consequences. The results were concerning, the objective was achieved, these simulations were extremely important to raise awareness and awaken users to these situations and prevent them from becoming victims.
Description
Keywords
phishing cibersegurança segurança na web malware segurança de informação