Top 10 threats facing the enterprise - Part One

We speak to the security experts on the frontline about the threats they see as most serious for businesses.

Don Jackson from the Dell SecureWorks' Counter Threat Unit Research Team said all enterprises should make use of "input validation for any form to ensure that only the type of input that is expected is accepted."

Recent high-profile hacking attacks where customer information has been compromised have highlighted the vulnerabilities of today's online infrastructure.

"It is important to protect the web server on which the web application is running, the database from which the web application is retrieving information, and the operating systems upon which the web servers, applications and database reside," Jackson warned.

Meanwhile, Jacques Erasmus, director of technical engineering at Webroot said stricter analysis and standards is the way forward.

"The recent high-profile hacking attacks where customer information has been compromised have highlighted the vulnerabilities of today's online and internet infrastructure," Erasmus told IT Pro.

"Assessing how such attacks have occurred and taking the necessary steps, such as stricter coding standards, would be the best start to mitigate these risks. From here, organisations must analyse which areas are most exposed and take a bespoke approach to rectify this."

4. Distributed Denial of Service (DDoS)

Another old school attack vector is back in the media spotlight courtesy of high-profile politically motivated attacks against large online organisations.

DDoS attacks have never really gone away, but they have undergone something of a resurgence following the whole WikiLeaks affair that seems to have kicked hacktivism back into action.

"The rise in social networking communications and the widespread availability of easy to use hacking tools has attracted a new generation of young hactivists who see themselves as online warriors at liberty to attack those businesses or organisations they see as political enemies," said Richard Archdeacon, chief technology officer (CTO) for information security in EMEA at HP.

The trouble is that a DDoS attack uses a brute force of network traffic to cause chaos, effectively leveraging legitimate application services, in what has become known as a non-vulnerability or zero-minute' attack methodology.

"Standard security solutions depend on static signature protection against known exploits and rate-based protection against high-volume attacks and unknown attacks," warned Ron Meyram from Radware.

"Traditional perimeter security relies on periodic signature updates, leaving the business vulnerable to zero-minute attacks with no solution against non-vulnerabilitybased attacks. The solution then is to adopt a behavioural based real-time signatures technology including DoS protection, network behaviour analysis, information protection service and a reputation engine."

5. IPv6

It may seem odd to include Internet Protocol v6 (IPv6) in a list of enterprise security threats, but bear with us.

IPv6 Day, as 8 June became known, has come and gone with the likes of Google and Facebook now delivering much of their public services over IPv6 networks. The IP address space increases from 32 to 128 bits with IPv6, and random attacks should decrease courtesy of that wider address range making it difficult to assume devices will be associated with any given block of IP addresses.

But with every enterprise eventually having to implement IPv6, security problems will soon enter the equation, according to Sourcefire's Leon Ward.

"IPv6 creates a whole host of new opportunities for hackers to take advantage of," Ward warned.

"Much of the current network security infrastructure for IPv4 is not compatible with IPv6 and can sometimes leave a system completely open. As you purchase new devices and update operating systems you will likely find that IPv6 will be enabled by default."

And the best way to mitigate these risks? "Identifying controls, security solutions and policies that support IPv6 alongside IPv4 is essential to maintaining your organisation's security requirements" Ward explains.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

Why you should prioritise privileged access management
Sponsored

Why you should prioritise privileged access management

9 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020