Top 10 threats facing the enterprise - Part Two

Here's the second part of our look into the most serious threats facing organisations today.

While it was once considered good enough' to leave network access control to a simple pairing of username and password, those nave days have long since been left behind if you talk to pretty much anyone in the enterprise security space.

So why is it that so many businesses still use this basic login approach, and even more worrying, why do so many employees use the same pairings for everything from business networks to social networks?

Isn't it time for every enterprise to move beyond the basics and re-evaluate security controls if they really want to be seen to be taking data protection seriously?

Peter Regent, director of online authentication at Gemalto, certainly thinks so. "A multi-layered approach, with two or more forms of identity verification, will ensure only authorised users gain network access," Regent told IT Pro

Advertisement - Article continues below

"A smartcard solution encompassing certificate-based authentication and Public Key Infrastructure (PKI) certificates will enable only authorised employees to access sensitive information and will allow for a full audit trail of all access events".

Do that and your enterprise will attain a similar level of protection to corporate information assets that banking customers expect from chip and pins card when getting cash from ATM machines.

10. Supply Chain Insecurity

No, supply chain security didn't immediately spring to our minds either when compiling this list, but Adrian Davis, from the Information Security Forum, provided a very persuasive argument for including it.

He reminded us that the tsunami in Japan highlighted the global and interdependent nature of physical supply chains and the potential for their disruption. Less remarked, but by no means less important, is the information that binds these supply chains together. This information can range from trade or commercial secrets and intellectual property to mundane items such as quantities.

All this information, however, is critical - without it, the supplier cannot fulfill its part in the chain. "Any acquirer or purchaser needs to conduct due diligence on its suppliers before entering into a contract or relationship," Davis warned.

"That used to include finances and legal issues. Today, however, due diligence must include how well a supplier addresses the security of its own and other organisations' information. Once the acquirer and supplier start working together, this due diligence should be repeated on a regular basis - either through audit or assessment - and backed up by regular reporting and discussion".

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now

Most Popular

digital transformation

Boston Dynamics dog-like robots sniff out bombs for Massachusetts police

26 Nov 2019
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019
Mobile Phones

Samsung sails past Apple's market share despite smartphone market slump

28 Nov 2019
social media

Businesses should act fast during upcoming Twitter purge

27 Nov 2019