[BreachExchange] 5 Enterprise Cybersecurity Threats and How to Minimize Them
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Jun 11 19:38:47 EDT 2018
http://www.itsecurityguru.org/2018/06/11/5-enterprise-cybersecurity-threats-
minimize/
The top companies of generations ago didn’t have to worry about
cybersecurity because the internet didn’t exist yet. Because it’s so
prevalent in our society now, criminals turn to the online realm to wage
war against victims — and often target entire organizations in the process.
It’s essential for business leaders to be aware of potential cybersecurity
threats to enterprises and know how to reduce them.
1. Disgruntled Former Employees
Individuals who become upset after terminations, being laid off or getting
denied an opportunity for promotion are all people who could use their
insider knowledge to put a company’s data at risk after they leave the
organization.
Factors that motivate malicious insiders include greed, thrill-seeking and
the desire to get revenge after a perceived wrongful action.
Companies can reduce the malicious insider risk by immediately deactivating
credentials after people leave the company and carefully monitoring any
sensitive material, including encouraging people not to print out or take
home confidential documents.
2. Attacks From International Hackers
It’s crucial for companies not to have a solely domestic mindset when
thinking about cybersecurity. Whereas government agencies usually have the
resources to deal with cybercriminals from other countries and prevent
their attacks, the same is not often true for entities at the enterprise
level, making potential attacks particularly costly.
A 2014 attack at Sony that was reportedly launched by state-sponsored
hackers from North Korea and resulted in the loss of substantial amounts of
data — plus over 47,000 social security numbers — swiped from computers.
The cybersecurity team at a business must realize the organization is not
out of reach of international attackers. They should keep that in mind when
securing their networks and monitoring for threats. It’s also necessary to
immediately begin communicating with law enforcement officials after a
suspected attack to tap into their resources.
3. Staff Mistakes
Untrained and careless staff members also cause a significant percentage of
cybersecurity incidents. Data collected in 2016 found that 57 percent of
security issues in the government sector happened due to human error,
producing 14 percent of the system downtime in those situations.
Sometimes, training itself isn’t adequate, especially if employees don’t
realize their roles in keeping an enterprise safe from threats.
All-encompassing training that evolves as new threats arrive is
instrumental in minimizing risks due to staff mistakes.
It’s also useful to consider having cybersecurity experts speak to your
teams to help solidify learned concepts and give staff members the
opportunity to ask questions.
4. Unsecured Devices Brought From Home
BYOD workplaces that involve employees bringing gadgets like laptops and
tablets from home into the enterprise environment can save companies money
and allow people to work on devices that they know well and feel
comfortable using. However, these devices are also vulnerable to hackers,
especially if not properly secured.
One way to cut down on the risk to an enterprise is to write and uphold a
BYOD policy that spells out how employees should handle their devices,
whether or not they’re at work.
For example, keeping all software up-to-date, avoiding connecting to public
Wi-Fi networks and locking down computer interfaces with passwords can all
cut down on security risks on portable devices, regardless of where people
are when using them.
The IT team at an organization should also adopt a practice of periodically
checking BYOD devices to ensure they comply with the policy.
5. Outdated or Nonexistent Cybersecurity Practices
Statistics indicate there are 59 records lost every second. Whether due to
insufficient internal practices alone or successful hacking attempts from
cybercriminals that target organizations, that number suggests companies
are not doing enough to lock down their data.
A survey of over 4,000 organizations found that seven out of 10 were not
prepared for cyberattacks. In some cases, that might mean the enterprise
has not updated its security strategies for several years. However, perhaps
they have never formally incorporated cybersecurity efforts into business
operations.
Carrying out a security audit is an excellent activity that allows business
leaders to see where their companies stand and pinpoint the most glaring
shortcomings. The insights gleaned enable enterprises to get a strong start
when addressing cybersecurity from the ground up or to edit current
practices so that they more adequately meet emerging needs.
Stay Vigilant to Avoid Catastrophes
This list details some of the most substantial threats to modern
enterprises.
Fortunately, it also addresses how to make those risks less prominent.
Business executives cannot afford to assume hackers won’t target them.
They must be aware of the daunting possibilities and rely on skilled
cybersecurity experts — and the workplace at large — to keep costly and
stressful threats minimized.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180611/dc8e8410/attachment.html>
More information about the BreachExchange
mailing list