Security loopholes that businesses need to plug right now

The number of cybersecurity breaches for enterprises continues to spike, leaving even the world's largest companies vulnerable to attacks. Companies are bolstering their cybersecurity initiatives as a result, investing heavily in procedures and tools that will protect their business and their customers. What some don't realize, however, is that the biggest threats to their security could be coming from the inside.

Access Control

Privileged access accounts, which are traditionally created for administrators or super users who maintain and support IT infrastructure, were the source of 55% of all cyber-attacks in 20151 . Together with the increasing need to integrate third party services into an enterprise's IT system, these access accounts should be monitored by businesses and controlled extra carefully, to prevent them from becoming weak points for hackers.

Social Media Security

Social media is an essential channel for businesses, but security measures on some social sites are not too well defined and the third-party links which appear on them may not always be authentic. Businesses should avoid practices such as shared passwords for multiple platforms and accepting unknown friend requests, which may be fake accounts, in order to mitigate the security threat from social media.

Internet of Things (IoT) Devices

According to Gartner, the number of IoT devices is expected to reach 21 billion by 2020, with around 35% utilized for business. Not many users realize that their IoT devices store an abundant amount of their personal or even work data which could be accessed by hackers. IoT devices could even be "hijacked" to perform attacks on networks, such as in the Mirai botnet attack. To help prevent IoT devices from being hacked or hijacked, businesses should change the default passwords of the devices and keep the firmware of the devices up-to-date.

Physical Device/Infrastructure Security

Security for IT infrastructure and physical devices is equally vital to software and data protection. Whether it's a USB hard drive, a cell phone or a server room, all of these pieces of hardware pose a potential security risk. For example, cell phones of employees may have apps which provide access to the data of an enterprise. One such app is Office 365, a common mobile business app, that provides easy access a company's documents or email servers. Thus if an employee cell phone is lost or stolen, this could cause a huge liability for the business. Companies should therefore ramp up the security of all physical hardware, such as through passwords or fingerprint recognition, to prevent information from leaking off the hardware.

The Assume Breach Paradigm

It may help for companies to operate under the Assume Breach Paradigm. This paradigm argues that, in light of the sophistication and prevalence of cyber threats today, organizations should not assume that they will easily be able to avoid any attacks. On the contrary, they should assume that it's only a matter of time before their defenses are breached, or that an attack has already occurred, but has yet to be detected. This kind of ‘assume breach' mentality will sharpen organizations to deploy robust identification and response mechanisms to cyber threats rather than rest on their laurels with half-hearted measures.

1 IBM's 2015 Cyber Security Index

时间: 2024-11-24 23:59:45

Security loopholes that businesses need to plug right now的相关文章

How the cloud is enabling a mobile workforce

A mobile workforce is increasingly becoming the norm around the world. According to Strategy Analytics, the global mobile workforce will expand to 1.87 billion in 2022, and comprise nearly half of the entire global workforce 1. The main impetus behin

In-depth Profiling of JSBridge

Overview Developers who have been involved in hybrid development are familiar with frameworks such as Ionic and PhoneGap. These frameworks cover a web-based app in a Native layer and then call the local library through the JSBridge technology. Before

Beyond Bitcoins - How Blockchain Technology Can Transform Businesses

Blockchain - the technology behind the virtual currency bitcoin - might sound new to you today, but it has all the potential to transform your world once it is widely adopted.  In this blog, we will get familiar with the widely used bitcoins and bloc

Why Your Current Security Infrastructure Isn't Cutting It

Why Your Current Security Infrastructure Isn't Cutting It 2016 was an apocalyptic year in terms of big organizations being plagued by data theft. Throughout the year, news came out about how user account information had been stolen from some of the m

User experience vs user security

The adoption of cloud computing among enterprises continues to accelerate. Seventy percent of organizations have at least one cloud-based application, and they are investing US $1.62 million in cloud computing on average, according to the latest 2016

REST Security with JWT using Java and Spring Security

  Security Security is the enemy of convenience, and vice versa. This statement is true for any system, virtual or real, from the physical house entrance to web banking platforms. Engineers are constantly trying to find the right balance for the give

How Important is Data Security for the Financial Industry?

Data is the lifeblood of the financial industry. Poor security management and the cyber attacks they enable are like sharp knives waiting to cause data hemorrhaging at financial companies. In a recent survey, 90% of financial companies worldwide thin

java.security.Guard翻译

  Overview Package  Class Use Tree Deprecated Index Help JavaTM 2 PlatformStd. Ed. v1.4.2  PREV CLASS   NEXT CLASSFRAMES    NO FRAMES     All Classes SUMMARY: NESTED | FIELD | CONSTR | METHODDETAIL: FIELD | CONSTR | METHOD java.security Interface Gua

【资料整理】Security Features in the CRT

     本文简要整理了 MSDN 上关于 "Security Features in the CRT" 方面的内容.详细参考官网.      许多老旧的 CRT 函数都有更新且更加安全的后续版本.在安全版本存在的情况下,老旧版本都会被标识为废弃(deprecated)的状态,而安全版本都会以 "_s" 作为后缀. 注意:上面提到的废弃的状态不代表函数已经从 CRT 中被移除,而是表示不推荐使用.而安全版本同样不能阻止或者自行修正安全错误,而是其能够在这类错误发生时