×
Community Blog Security loopholes that businesses need to plug right now

Security loopholes that businesses need to plug right now

The number of cybersecurity breaches for enterprises continues to spike, leaving even the world's largest companies vulnerable to attacks.

Security_loopholes_that_businesses_need_to_plug_now

The number of cybersecurity breaches for enterprises continues to spike, leaving even the world's largest companies vulnerable to attacks. Companies are bolstering their cybersecurity initiatives as a result, investing heavily in procedures and tools that will protect their business and their customers. What some don't realize, however, is that the biggest threats to their security could be coming from the inside.

Access Control

Privileged access accounts, which are traditionally created for administrators or super users who maintain and support IT infrastructure, were the source of 55% of all cyber-attacks in 20151 . Together with the increasing need to integrate third party services into an enterprise's IT system, these access accounts should be monitored by businesses and controlled extra carefully, to prevent them from becoming weak points for hackers.

Social Media Security

Social media is an essential channel for businesses, but security measures on some social sites are not too well defined and the third-party links which appear on them may not always be authentic. Businesses should avoid practices such as shared passwords for multiple platforms and accepting unknown friend requests, which may be fake accounts, in order to mitigate the security threat from social media.

Internet of Things (IoT) Devices

According to Gartner, the number of IoT devices is expected to reach 21 billion by 2020, with around 35% utilized for business. Not many users realize that their IoT devices store an abundant amount of their personal or even work data which could be accessed by hackers. IoT devices could even be "hijacked" to perform attacks on networks, such as in the Mirai botnet attack. To help prevent IoT devices from being hacked or hijacked, businesses should change the default passwords of the devices and keep the firmware of the devices up-to-date.

Physical Device/Infrastructure Security

Security for IT infrastructure and physical devices is equally vital to software and data protection. Whether it's a USB hard drive, a cell phone or a server room, all of these pieces of hardware pose a potential security risk. For example, cell phones of employees may have apps which provide access to the data of an enterprise. One such app is Office 365, a common mobile business app, that provides easy access a company's documents or email servers. Thus if an employee cell phone is lost or stolen, this could cause a huge liability for the business. Companies should therefore ramp up the security of all physical hardware, such as through passwords or fingerprint recognition, to prevent information from leaking off the hardware.

The Assume Breach Paradigm

It may help for companies to operate under the Assume Breach Paradigm. This paradigm argues that, in light of the sophistication and prevalence of cyber threats today, organizations should not assume that they will easily be able to avoid any attacks. On the contrary, they should assume that it's only a matter of time before their defenses are breached, or that an attack has already occurred, but has yet to be detected. This kind of ‘assume breach' mentality will sharpen organizations to deploy robust identification and response mechanisms to cyber threats rather than rest on their laurels with half-hearted measures.

1 IBM's 2015 Cyber Security Index

0 0 0
Share on

Alibaba Clouder

1,505 posts | 243 followers

You may also like

Comments

Alibaba Clouder

1,505 posts | 243 followers

Related Products

  • Managed Security Service

    Identify vulnerabilities and improve security management of Alibaba Cloud WAF and Anti-DDoS and with a fully managed security service

    Learn More
  • Security Center

    Security Center is a flagship security product that integrates both Server Guard and Threat Detection Service. It is a unified security management system that recognizes, analyzes, and alerts of security threats in real-time.

    Learn More
  • Anti-DDoS Premium

    By leveraging Anycast to redirect malicious traffic to globally distributed scrubbing centers close to the source of the internet traffic, Anti-DDos Premium protects servers against volumetric DDoS attacks.

    Learn More