1Excessive Internal Data Access Privileges
Politically motivated hacking is on the rise, as illustrated by organizations such as Anonymous and Lulz-Sec. However, they assert that much of their success comes from finding easy targets, not because of any particular technical expertise. While you may not have control over whether you’re attacked or not, you can make it far more difficult for an attacker to succeed.
Using lies, deception, manipulation and more to gain sufficient knowledge to dupe an unwary company (and any unintentionally yielding employee) is an age-old technique. But it’s no longer limited to just the phone; it can be done over a social network. Posting the details on Facebook of every aspect of your upcoming “unplugged vacation” may be just the weak link of information that a scammer needs. Â
6Lack of Transparency in Cloud Service Offering
8Mobile Devices in the Workplace
A balancing act of convenience versus security, the growing use of personal mobile devices puts organizations at risk and leaves the company vulnerable to attacks. This is an especially sensitive area for companies that have yet to create and enforce a strong bring-your-own-device policy. Most have not.
9Misuse (Malicious or Nonmalicious)
Tampering, surveillance and theft can be caused by a disgruntled former employee.Â Terminated employees who still have their security badges can easily gain access if the badge system was not updated upon termination.Â