Security loopholes that businesses need to plug right now

简介: The number of cybersecurity breaches for enterprises continues to spike, leaving even the world's largest companies vulnerable to attacks.

Security_loopholes_that_businesses_need_to_plug_now

The number of cybersecurity breaches for enterprises continues to spike, leaving even the world's largest companies vulnerable to attacks. Companies are bolstering their cybersecurity initiatives as a result, investing heavily in procedures and tools that will protect their business and their customers. What some don't realize, however, is that the biggest threats to their security could be coming from the inside.

Access Control

Privileged access accounts, which are traditionally created for administrators or super users who maintain and support IT infrastructure, were the source of 55% of all cyber-attacks in 20151 . Together with the increasing need to integrate third party services into an enterprise's IT system, these access accounts should be monitored by businesses and controlled extra carefully, to prevent them from becoming weak points for hackers.

Social Media Security

Social media is an essential channel for businesses, but security measures on some social sites are not too well defined and the third-party links which appear on them may not always be authentic. Businesses should avoid practices such as shared passwords for multiple platforms and accepting unknown friend requests, which may be fake accounts, in order to mitigate the security threat from social media.

Internet of Things (IoT) Devices

According to Gartner, the number of IoT devices is expected to reach 21 billion by 2020, with around 35% utilized for business. Not many users realize that their IoT devices store an abundant amount of their personal or even work data which could be accessed by hackers. IoT devices could even be "hijacked" to perform attacks on networks, such as in the Mirai botnet attack. To help prevent IoT devices from being hacked or hijacked, businesses should change the default passwords of the devices and keep the firmware of the devices up-to-date.

Physical Device/Infrastructure Security

Security for IT infrastructure and physical devices is equally vital to software and data protection. Whether it's a USB hard drive, a cell phone or a server room, all of these pieces of hardware pose a potential security risk. For example, cell phones of employees may have apps which provide access to the data of an enterprise. One such app is Office 365, a common mobile business app, that provides easy access a company's documents or email servers. Thus if an employee cell phone is lost or stolen, this could cause a huge liability for the business. Companies should therefore ramp up the security of all physical hardware, such as through passwords or fingerprint recognition, to prevent information from leaking off the hardware.

The Assume Breach Paradigm

It may help for companies to operate under the Assume Breach Paradigm. This paradigm argues that, in light of the sophistication and prevalence of cyber threats today, organizations should not assume that they will easily be able to avoid any attacks. On the contrary, they should assume that it's only a matter of time before their defenses are breached, or that an attack has already occurred, but has yet to be detected. This kind of ‘assume breach' mentality will sharpen organizations to deploy robust identification and response mechanisms to cyber threats rather than rest on their laurels with half-hearted measures.

1 IBM's 2015 Cyber Security Index

目录
相关文章
|
安全
Information Systems Security Assessment – Open information security framework
The Information Systems Security Assessment Framework (ISSAF) seeks to integrate the following m...
991 0
|
安全 物联网 API
Security Authentication Framework in AliOS Things uMesh
Discover how AliOS Things safeguards the integrity of IoT networks with uMesh and Internet Device ID authentication.
4212 0
Security Authentication Framework in AliOS Things uMesh
|
安全
5 ways to minimize the security risks of the cloud
Like real clouds, cloud services have holes. The Cloud Security Alliance (CSA) has warned that the shared and on-demand nature of cloud computing intr
1666 0
|
安全
Magic Quadrant for Security Information and Event Management 2015
http://www.gartner.com/technology/reprints.do?id=1-2J31FF4&ct=150706&st=sb ...
694 0
|
安全
common sense security framework
http://www.commonsenseframework.org/wp-content/uploads/2015/01/Common-Sense-Security-Framework-v1.
829 0
|
SQL 安全 数据库
C#——Web.config中的Integrated Security=SSPI
<h1> <span style="font-size:18px">    </span><span style="font-size:24px">问题由来</span> </h1> <p><span style="font-size:18px">    之前在进行机房收费系统个人重构的时候,配置文件访问数据库,用的是这种方式,如:  </span></p> <p><span styl
1770 0
|
分布式计算 Java Spark
Spark - A tiny Sinatra inspired framework for creating web applications in Java 8 with minimal effor
Spark - A tiny Sinatra inspired framework for creating web applications in Java 8 with minimal effort Quick start import static spark.
1240 0
|
安全 Oracle 关系型数据库
first security assessment toolkit for virtual infrastructures
[译]Thanks 如今虚拟化在各个企业中应用的越来越多,且火热的云计算也依托于此技术。虚拟化技术确实能够使物理资源的利用更加灵活和便捷,那么虚拟机的安全性如何?相比传统架构,是否像传说中的一样安全? 什么是虚拟化 虚拟化是指计算机元件在虚拟的基础上而不是真实的基础上运行。
1080 0
software security
http://www.ppurl.com/?s=software+security
662 0