Top 10 threats facing the enterprise - Part One
We speak to the security experts on the frontline about the threats they see as most serious for businesses.
Don Jackson from the Dell SecureWorks' Counter Threat Unit Research Team said all enterprises should make use of "input validation for any form to ensure that only the type of input that is expected is accepted."
Recent high-profile hacking attacks where customer information has been compromised have highlighted the vulnerabilities of today's online infrastructure.
"It is important to protect the web server on which the web application is running, the database from which the web application is retrieving information, and the operating systems upon which the web servers, applications and database reside," Jackson warned.
Meanwhile, Jacques Erasmus, director of technical engineering at Webroot said stricter analysis and standards is the way forward.
"The recent high-profile hacking attacks where customer information has been compromised have highlighted the vulnerabilities of today's online and internet infrastructure," Erasmus told IT Pro.
"Assessing how such attacks have occurred and taking the necessary steps, such as stricter coding standards, would be the best start to mitigate these risks. From here, organisations must analyse which areas are most exposed and take a bespoke approach to rectify this."
4. Distributed Denial of Service (DDoS)
Another old school attack vector is back in the media spotlight courtesy of high-profile politically motivated attacks against large online organisations.
DDoS attacks have never really gone away, but they have undergone something of a resurgence following the whole WikiLeaks affair that seems to have kicked hacktivism back into action.
"The rise in social networking communications and the widespread availability of easy to use hacking tools has attracted a new generation of young hactivists who see themselves as online warriors at liberty to attack those businesses or organisations they see as political enemies," said Richard Archdeacon, chief technology officer (CTO) for information security in EMEA at HP.
The trouble is that a DDoS attack uses a brute force of network traffic to cause chaos, effectively leveraging legitimate application services, in what has become known as a non-vulnerability or zero-minute' attack methodology.
"Standard security solutions depend on static signature protection against known exploits and rate-based protection against high-volume attacks and unknown attacks," warned Ron Meyram from Radware.
"Traditional perimeter security relies on periodic signature updates, leaving the business vulnerable to zero-minute attacks with no solution against non-vulnerabilitybased attacks. The solution then is to adopt a behavioural based real-time signatures technology including DoS protection, network behaviour analysis, information protection service and a reputation engine."
It may seem odd to include Internet Protocol v6 (IPv6) in a list of enterprise security threats, but bear with us.
IPv6 Day, as 8 June became known, has come and gone with the likes of Google and Facebook now delivering much of their public services over IPv6 networks. The IP address space increases from 32 to 128 bits with IPv6, and random attacks should decrease courtesy of that wider address range making it difficult to assume devices will be associated with any given block of IP addresses.
But with every enterprise eventually having to implement IPv6, security problems will soon enter the equation, according to Sourcefire's Leon Ward.
"IPv6 creates a whole host of new opportunities for hackers to take advantage of," Ward warned.
"Much of the current network security infrastructure for IPv4 is not compatible with IPv6 and can sometimes leave a system completely open. As you purchase new devices and update operating systems you will likely find that IPv6 will be enabled by default."
And the best way to mitigate these risks? "Identifying controls, security solutions and policies that support IPv6 alongside IPv4 is essential to maintaining your organisation's security requirements" Ward explains.
In This Article
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now