10 Security Risks Enterprises May Be Overlooking

By Chris Preimesberger  |  Posted 2014-07-02 Print this article Print

All one needs to do is glance at the news once in a while to see that cyber-security issues for both enterprise and consumers are getting worse and more common, despite the best efforts of IT security experts. These stories are in the news virtually every day. The recent Target, eBay, Domino's Pizza and scores of other breaches (such as the Heartbleed bug) bear this out. Naturally, as a result of these security threats, organizations large and small are putting more and more emphasis on protecting their data. But are they protecting against every risk? We're quite aware, thank you, of denial-of-service attacks from bad guys from basically anywhere in the world, cyber-spying by governments and their agencies, malware injections, command-and-control attacks, Trojan horses and so on. However, there are several other types of security lapses that could happen in any IT system, no matter how large or small. In this slide show, put together using eWEEK reporting and industry insight from Armond Caglar, senior threat specialist at TSC Advantage, presents the top 10 risks that organizations often overlook.

  • 10 Security Risks Enterprises May Be Overlooking

    by Chris Preimesberger
    1 - 10 Security Risks Enterprises May Be Overlooking
  • Your Dining Habits

    Hackers are becoming increasingly creative in the ways that they infiltrate computer networks. In one case, hackers breached the computer network of an oil company by infecting the online menu of the employees' favorite Chinese restaurant with malware. This type of watering-hole attack reflects the extent to which an adversary will go to attack a target.
    2 - Your Dining Habits
  • Your Hotel Room

    When traveling internationally, competitive rivals may be aware of your trip beforehand and will plan accordingly in order to take advantage while you're on the road. If you are staying at a hotel and leave your laptop unaccompanied in your room while going to the gym, your chances of having your device compromised through the discreet installation of key-logging malware increases exponentially.
    3 - Your Hotel Room
  • Other Risks to International Travelers

    Business travelers should always assume that they could be a target, particularly when traveling to known competitive intelligence destinations around the world, such as in Asia and Western Europe. If possible, use devices specifically designated for traveling that should only contain data relevant for the purpose of the trip.
    4 - Other Risks to International Travelers
  • The Lost Cell Phone

    An effective bring-your-own-device (BYOD) policy increases employee efficiency and can build a happier, more productive workforce. It is crucial to standardize acceptable use policies that cover topics such as local storage of files, connectivity to the network and remote-wipe capability in case of loss.
    5 - The Lost Cell Phone
  • The Insider Threat

    In many cases, data theft within organizations is linked to employees and others with legitimate access to systems, networks and sensitive data. This can be the result of inadvertent behaviors due to human error and a lack of policies or a deliberate breach attributed to a malicious insider. From a hiring perspective, comprehensive background checks and due diligence can help reveal a pre-hire's connection to any potential competitive intelligence adversaries.
    6 - The Insider Threat
  • The Unlocked Server Rack

    Physical security should be considered at locations where IT infrastructure and data are stored and created. Alarms and guards may be necessary, but the most effective approach ensures physical security controls are mapped to well-defined and well-enforced policies and procedures.
    7 - The Unlocked Server Rack
  • Third-Party Web Applications

    Research indicates that a limited number of exploits in only a handful of widely used third-party applications are responsible for nearly all successful enterprise malware infections on Windows clients. Transitioning away from commonly exploited applications and using less popular alternatives would prevent some exploits, because many of them target the libraries specific to those applications.
    8 - Third-Party Web Applications
  • Your Cleaning Service

    Because external relationships are a reality of modern business operations, a proper analysis of vulnerability should extend to the various vendors, suppliers and other third parties within a company's ecosystem—even the cleaning service. In the case of Target, a company that invested millions in malware detection and endpoint protection, the data breach was the result of stolen credentials belonging to a third-party vendor.
    9 - Your Cleaning Service
  • Your Document-Shredding Policy

    Many companies don't give file or document disposal a second thought. Employees toss documents in the trash or recycle bin, or delete them from a shared drive, and they think that's the end of it. If a would-be data thief is looking for intellectual property or confidential information, the act of "dumpster diving" can lead to a potential goldmine.
    10 - Your Document-Shredding Policy
  • The Unencrypted Email

    Although most companies understand the importance of secure file sharing, you'd be surprised by how many still communicate with third parties via unencrypted emails and employ generally poor WiFi practices. Organizations should implement tools that force storage encryption and encrypt data for end-to-end communication. They should also ensure that employees avoid using public WiFi networks.
    11 - The Unencrypted Email

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel