Top 10 threats facing the enterprise - Part Two

Here's the second part of our look into the most serious threats facing organisations today.

While it was once considered good enough' to leave network access control to a simple pairing of username and password, those nave days have long since been left behind if you talk to pretty much anyone in the enterprise security space.

So why is it that so many businesses still use this basic login approach, and even more worrying, why do so many employees use the same pairings for everything from business networks to social networks?

Isn't it time for every enterprise to move beyond the basics and re-evaluate security controls if they really want to be seen to be taking data protection seriously?

Peter Regent, director of online authentication at Gemalto, certainly thinks so. "A multi-layered approach, with two or more forms of identity verification, will ensure only authorised users gain network access," Regent told IT Pro

"A smartcard solution encompassing certificate-based authentication and Public Key Infrastructure (PKI) certificates will enable only authorised employees to access sensitive information and will allow for a full audit trail of all access events".

Do that and your enterprise will attain a similar level of protection to corporate information assets that banking customers expect from chip and pins card when getting cash from ATM machines.

10. Supply Chain Insecurity

No, supply chain security didn't immediately spring to our minds either when compiling this list, but Adrian Davis, from the Information Security Forum, provided a very persuasive argument for including it.

He reminded us that the tsunami in Japan highlighted the global and interdependent nature of physical supply chains and the potential for their disruption. Less remarked, but by no means less important, is the information that binds these supply chains together. This information can range from trade or commercial secrets and intellectual property to mundane items such as quantities.

All this information, however, is critical - without it, the supplier cannot fulfill its part in the chain. "Any acquirer or purchaser needs to conduct due diligence on its suppliers before entering into a contract or relationship," Davis warned.

"That used to include finances and legal issues. Today, however, due diligence must include how well a supplier addresses the security of its own and other organisations' information. Once the acquirer and supplier start working together, this due diligence should be repeated on a regular basis - either through audit or assessment - and backed up by regular reporting and discussion".

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020