Top 10 threats facing the enterprise - Part Two

Here's the second part of our look into the most serious threats facing organisations today.

While it was once considered good enough' to leave network access control to a simple pairing of username and password, those nave days have long since been left behind if you talk to pretty much anyone in the enterprise security space.

So why is it that so many businesses still use this basic login approach, and even more worrying, why do so many employees use the same pairings for everything from business networks to social networks?

Isn't it time for every enterprise to move beyond the basics and re-evaluate security controls if they really want to be seen to be taking data protection seriously?

Peter Regent, director of online authentication at Gemalto, certainly thinks so. "A multi-layered approach, with two or more forms of identity verification, will ensure only authorised users gain network access," Regent told IT Pro

"A smartcard solution encompassing certificate-based authentication and Public Key Infrastructure (PKI) certificates will enable only authorised employees to access sensitive information and will allow for a full audit trail of all access events".

Do that and your enterprise will attain a similar level of protection to corporate information assets that banking customers expect from chip and pins card when getting cash from ATM machines.

10. Supply Chain Insecurity

No, supply chain security didn't immediately spring to our minds either when compiling this list, but Adrian Davis, from the Information Security Forum, provided a very persuasive argument for including it.

He reminded us that the tsunami in Japan highlighted the global and interdependent nature of physical supply chains and the potential for their disruption. Less remarked, but by no means less important, is the information that binds these supply chains together. This information can range from trade or commercial secrets and intellectual property to mundane items such as quantities.

All this information, however, is critical - without it, the supplier cannot fulfill its part in the chain. "Any acquirer or purchaser needs to conduct due diligence on its suppliers before entering into a contract or relationship," Davis warned.

"That used to include finances and legal issues. Today, however, due diligence must include how well a supplier addresses the security of its own and other organisations' information. Once the acquirer and supplier start working together, this due diligence should be repeated on a regular basis - either through audit or assessment - and backed up by regular reporting and discussion".

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021