Securing their most important assets and data is a top priority for companies right now. But are they doing enough to protect themselves?
There is no shortage of huge data breaches being reported in the news that are affecting everyone from industry giants to small business owners. Every year cyber crime is rising, and the attacks are becoming more sophisticated.
This is especially alarming in India, which faces the most threats according to IT giant CISCO. Their recent report notes that about half a million threat alerts plague the country on a daily basis. While around 56% of these are false alarms, a confirmed breach can cost companies up to $100,000 (INR 7.1 million) in lost revenue, customers, and expenses.
This cost alone has prompted most companies to work with multiple vendors to tighten up their cyber security protocols. But despite the huge costs, some remain oblivious to some of the worst vulnerabilities their companies have. Here are four of them:
In Bloomberg’s review of the recent Marriott breach, it highlights the vulnerabilities of most brick and mortar businesses—legacy systems. These are the old and out-dated systems. While the massive data breach at the hotel chain giant happened after it acquired their new software Starwood, the complacency in integration led to the incident.
In particular, despite the system using state-of-the-art defence, the data was inputted and accessed through old computers in the hotels—compromising the whole network. Making sure all systems are integrated and secure is key to curtailing these vulnerabilities.
While social engineering and phishing remain the most frequent attacks companies experience, many fail to recognise the most vulnerable aspect of a company’s cyber defence, and that is their people. A global assessment made by Dtex Systems found that 78% of data vulnerabilities were caused by negligent employees. Not only that, a staggering 91% of employees were accessing personal emails, two-thirds were visiting inappropriate sites, and 90% were using an unsecured USB at work.
In addition, the report also found malicious employee behaviours, which can be characterised as “revenge” attacks, to be a major issue. In HP’s feature on ‘Who’s the Weakest Link’ they warn businesses against disgruntled former employees who still have access to the network. Neutralising risky behaviors through regular training and regularly changing access codes is the key to closing down this specific vulnerability.
While it’s common sense to put anti-malware and antivirus software in company devices, most of them still remain vulnerable to a wide array of attacks. This is especially true for businesses that have Bring Your Own Device policies in place.
It results in multiple endpoint vulnerabilities as they connect to the same Wi-Fi, and can even have access to enterprise tools and data. One way to mitigate this is by deploying endpoint security software and enforcing more stringent policies which limits the number of endpoints in the workplace.
With all the data breaches happening around the world, there are currently millions of passwords and login credentials which are now publicly available. In underground hacker communities, these are continuously aggregated, traded, and sold.
While using password managers such as LastPass might be enough for individuals, companies have to be more stringent. Two-factor authentication should be implemented everywhere, as well as enforcing stricter access clearance mechanisms.