Security Threats Facing All Enterprises: Top 10 Issues That Need Attention

 
 
By Chris Preimesberger  |  Posted 2012-06-11
 
 
 

Excessive Internal Data Access Privileges

System administrators with complete access to servers and data pose a tremendous internal threat if they turn against the company. So does anyone (including executives) who maintains inappropriate access rights to information after changing positions within a company.

Excessive Internal Data Access Privileges

Third-Party Access

Employees of third parties may have access to any unencrypted data. Data stored in the cloud can be located across the country or overseas and sit on physical servers owned by one vendor, but housed in facilities owned by any number of data center hosts.

Third-Party Access

Political Hactivism

Politically motivated hacking is on the rise, as illustrated by organizations such as Anonymous and Lulz-Sec. However, they assert that much of their success comes from finding easy targets, not because of any particular technical expertise. While you may not have control over whether you're attacked or not, you can make it far more difficult for an attacker to succeed.

Political Hactivism

Social Engineering

Using lies, deception, manipulation and more to gain sufficient knowledge to dupe an unwary company (and any unintentionally yielding employee) is an age-old technique. But it's no longer limited to just the phone; it can be done over a social network. Posting the details on Facebook of every aspect of your upcoming "unplugged vacation" may be just the weak link of information that a scammer needs.  

Social Engineering

Internal Negligence

Negligence is typically an offense committed by management when "they should have known better." Most successful data security breaches have some element of managerial negligence associated with them.

Internal Negligence

Lack of Transparency in Cloud Service Offering

Never, never, never leave it up to blind trust that cloud service providers are implementing appropriate security measures and looking out for their customers. Check service providers thoroughly.

Lack of Transparency in Cloud Service Offering

Rogue Certificates

Many whitelisting and application control systems depend on valid digital systems, which basically tell the operating system, "You can trust me, because I am valid." Using rogue or fake digital certificates that are in circulation, attackers can engage in almost undetectable attacks. 

Rogue Certificates

Mobile Devices in the Workplace

A balancing act of convenience versus security, the growing use of personal mobile devices puts organizations at risk and leaves the company vulnerable to attacks. This is an especially sensitive area for companies that have yet to create and enforce a strong bring-your-own-device policy. Most have not.

Mobile Devices in the Workplace

Misuse (Malicious or Nonmalicious)

Misuse of entrusted organizational resources or privileges is exclusive to parties that are trusted by an organization, such as insiders and business partners. This also happens when policies are not clearly defined and enforced. Abuse flourishes when boundaries are not well-established.

Misuse (Malicious or Nonmalicious)

Physical Attacks

Tampering, surveillance and theft can be caused by a disgruntled former employee. Terminated employees who still have their security badges can easily gain access if the badge system was not updated upon termination. 

Physical Attacks

Rocket Fuel