In-depth

Top 10 threats facing the enterprise - Part Two

Here's the second part of our look into the most serious threats facing organisations today.

In part one of our countdown of the top 10 enterprise security threats, we looked at some serious dangers, like targeted attacks and super sophisticated malware.

In part two, our security industry experts cover everything from insider threats to supply chain insecurity.

6. The Insider Threat

In a recent survey by Cyber Ark, it was found that some 44 per cent of IT staff admitted to accessing data not directly related to their role, and another 31 per cent confessed to using admin passwords in order to gain access to confidential or sensitive data.

Advertisement
Advertisement - Article continues below

If that were not worrying enough for the average enterprise, it gets worse when you take into account that such insiders are often the very people most familiar with and therefore best placed to exploit network security controls.

"Associated with this insider threat is the need for organisations to implement comprehensive activity monitoring," advised Cyber Ark's Mark Fullbrook.

"Go beyond access control and privileges enforcement, and actually record and track the precise actions that were performed on which assets and by whom," Fullbrook suggested.

"Do that, and the enterprise should be able to integrate operational data and security analysis, providing a complete overview of their systems. Overall, if businesses are to mitigate the insider threat, they must look to invest in appropriate technology that ensures information is stored securely." Businesses also need systems that log and monitor all privileged identities and activities, Fullbrook concluded.

7. Mobile Device Security

The consumerisation of the smartphone and tablet computer is a real enterprise security hot potato at the moment, and for good reason.

Actually, a couple of very good reasons, as Dimitri Sirota from Layer 7 Technologies explains: "More individuals store personal information on their devices that could be stolen, and this risk will only compound as mobile devices become more popular payment technologies. Secondly mobile devices could bring Trojan horses into the enterprise as compromised apps provide a backdoor into enterprise systems."

The consumerisation of the smartphone and tablet computer is a real enterprise security hot potato at the moment, and for good reason.

There are as many different approaches to mobile device security as there are MPs at a free lunch, but the most effective include locking down access to the device, isolating different apps using a virtualisation layer and implementing SSH clients for secure tunnelling into the enterprise.

However, as Sirotafrom warned, much still depends on the OS vendors and the application approval process. The industry remains in its embryonic days.

Advertisement
Advertisement - Article continues below

8. Log Analysis (what log analysis?)

If your business is subject to Payment Card Industry Data Security Standard (PCIDSS) compliance, then you should already be aware of the requirement to monitor your logs.

Thing is, as Ron Gula from Tenable Network Security reminds us, this monitoring requirement is at an organisational level and there remain plenty of logs that are either missed or not even contemplated.

This lack of comprehensive log analysis remains a huge missed opportunity to close down attacks, and as such has a deserved place in our top ten list.

Think about it for a moment, both Anonymous and LulzSec have exploited some very well-known security holes yet hardly anyone at the organisations targeted by them even noticed.

"Organisations should unify their log analysis program with their vulnerability and configuration motioning programs to ensure that systems are configured to collect and send logs centrally for analysis," Gula recommended.

"In addition, any type of passive network traffic analysis should be used to compensate for the lack of system logs".

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019