Top 10 threats facing the enterprise - Part One

We speak to the security experts on the frontline about the threats they see as most serious for businesses.

Don Jackson from the Dell SecureWorks' Counter Threat Unit Research Team said all enterprises should make use of "input validation for any form to ensure that only the type of input that is expected is accepted."

Recent high-profile hacking attacks where customer information has been compromised have highlighted the vulnerabilities of today's online infrastructure.

"It is important to protect the web server on which the web application is running, the database from which the web application is retrieving information, and the operating systems upon which the web servers, applications and database reside," Jackson warned.

Meanwhile, Jacques Erasmus, director of technical engineering at Webroot said stricter analysis and standards is the way forward.

"The recent high-profile hacking attacks where customer information has been compromised have highlighted the vulnerabilities of today's online and internet infrastructure," Erasmus told IT Pro.

"Assessing how such attacks have occurred and taking the necessary steps, such as stricter coding standards, would be the best start to mitigate these risks. From here, organisations must analyse which areas are most exposed and take a bespoke approach to rectify this."

4. Distributed Denial of Service (DDoS)

Another old school attack vector is back in the media spotlight courtesy of high-profile politically motivated attacks against large online organisations.

DDoS attacks have never really gone away, but they have undergone something of a resurgence following the whole WikiLeaks affair that seems to have kicked hacktivism back into action.

"The rise in social networking communications and the widespread availability of easy to use hacking tools has attracted a new generation of young hactivists who see themselves as online warriors at liberty to attack those businesses or organisations they see as political enemies," said Richard Archdeacon, chief technology officer (CTO) for information security in EMEA at HP.

The trouble is that a DDoS attack uses a brute force of network traffic to cause chaos, effectively leveraging legitimate application services, in what has become known as a non-vulnerability or zero-minute' attack methodology.

"Standard security solutions depend on static signature protection against known exploits and rate-based protection against high-volume attacks and unknown attacks," warned Ron Meyram from Radware.

"Traditional perimeter security relies on periodic signature updates, leaving the business vulnerable to zero-minute attacks with no solution against non-vulnerabilitybased attacks. The solution then is to adopt a behavioural based real-time signatures technology including DoS protection, network behaviour analysis, information protection service and a reputation engine."

5. IPv6

It may seem odd to include Internet Protocol v6 (IPv6) in a list of enterprise security threats, but bear with us.

IPv6 Day, as 8 June became known, has come and gone with the likes of Google and Facebook now delivering much of their public services over IPv6 networks. The IP address space increases from 32 to 128 bits with IPv6, and random attacks should decrease courtesy of that wider address range making it difficult to assume devices will be associated with any given block of IP addresses.

But with every enterprise eventually having to implement IPv6, security problems will soon enter the equation, according to Sourcefire's Leon Ward.

"IPv6 creates a whole host of new opportunities for hackers to take advantage of," Ward warned.

"Much of the current network security infrastructure for IPv4 is not compatible with IPv6 and can sometimes leave a system completely open. As you purchase new devices and update operating systems you will likely find that IPv6 will be enabled by default."

And the best way to mitigate these risks? "Identifying controls, security solutions and policies that support IPv6 alongside IPv4 is essential to maintaining your organisation's security requirements" Ward explains.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
NSA releases guidance on voice and video communications security
Voice over Internet Protocol (VoIP)

NSA releases guidance on voice and video communications security

18 Jun 2021
Ransomware criminals look to other hackers to provide them with network access
ransomware

Ransomware criminals look to other hackers to provide them with network access

17 Jun 2021
CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021