The IT security group within every corporation is under file. Relentless cyber-attacks, user errors and improperly designed and implemented processes and procedures contribute to a maelstrom of problems that executives expect to be instantly solved.
The news for IT departments continues to sound dire. Companies like Symantec estimate that 56% of employees believe it is appropriate to take information with them when they leave a job site. Exacerbating the urgency for companies to implement stronger security measures are statistics from the Carnegie Mellon US CERT team estimating that 75% of cyber incidents go unreported.
Surprisingly, a vast majority of the problems faced by IT on a daily basis can be traced back to three key mistakes. These missteps endanger organizations every day, yet all can be fixed or at least worked on to mitigate the problems they cause. But before we talk about solutions, let’s first identify the terrible three.
Regardless of sector or industry, or of the size of an organization, the need for third-party vendors and outside companies to have access to a client’s proprietary network, data and intellectual property is a given.Read More
The data breach at UK accounting software company Sage has brought the insider threat facing businesses into focus and, according to security experts Hypersocket Software, highlights the need for more stringent access control.
The Sage breach, which may have compromised the personal information of employees at 280 businesses, is thought to have resulted from unauthorised access from an internal computer log-in.
In contrast to the popular image of evil hackers trying to steal data using brute force and denial of service attacks, this latest incident emphasises that the danger for organisations can just as easily come from inside. In addition to the threat of malicious activity from otherwise legitimate insiders or employee errors, there also is a risk that the user credentials can be compromised and that the ID authentication process can be exploited to let malicious outsiders into the system.
But according to Lee Painter CEO of Hypersocket Software many businesses are not properly addressing the risk from within their business and do not fully follow the principle of least privilege access.Read More