Cyber threats used to consist of annoying viruses or college-aged hackers looking for a challenge, but today cyberthreats are a real danger to businesses, governments and other organizations. Hackers have grown to be much more sophisticated, from groups hired by nation states, to hackers stealing business secrets for profit. Unfortunately, many organizations continue to be unaware of the danger they face even though any company no matter how big or small could be attacked at any time, and has probably been attacked before. Even those who are aware of the danger and use firewalls and a secure web gateway are often overlooking certain vulnerabilities that hackers can exploit.
1. Physical Access
Sometimes organizations will put so much emphasis on protecting the IT system’s firewall from outside attacks that they forget that physical access to the server can give hackers just as much leeway to cause damage. Sometimes getting in is as simple as an employee holding a door open for the person behind them after the employee has entered in the access code. For example, in April of this year thieves broke into Walmart’s video service and stole the hard drives that contained customer data. A huge part of securing the actual physical hardware is to train employees on security and to observe and test them often in order to find ways in which security can be improved.
2. IT Outages
IT outages generally are not the first thing that comes to mind when you think of a cyber threat, but whether an outage is caused by a vicious third party or an internal glitch, it can result in a significant loss in income and reputation. Organizations should develop a risk management plan to mitigate the losses any outages would cause and come up with ways to protect their system from an outage in the first place. Then they should evaluate their security analytics protocol and test the plan frequently.
3. Mobile Devices
A business can create a fortress of protection on its actual premises, but, unless the company has a mobile policy in place, as soon as an employee walks out of the building they could be jeopardizing security thanks to that cell phone or laptop computer. If an employee accesses company documents on their phone but don’t have protections in place on their connection, a hacker could easily access those documents. In addition, should critical documents actually be saved on a laptop or tablet, and the device gets lost or stolen, the company’s security and reputation could also be compromised.
4. Disgruntled Employees
Employers have to have a certain level of trust in their employees. After all, how can any work get done if those employees don’t have access to anything? However, granting access to secure areas runs it risks. Should an employee become disgruntled with the company or gain some other kind of motivation, that employee can easily steal company secrets and share them. Being on the inside can also make it easier for employees to gain additional access beyond what they normally are allowed, such as the NSA's vulnerability that Snowden exploited. Having strict measures on what files certain employees can access and frequently monitoring what is being accessed can help, as can having strict legal protection against employees who steal intellectual property.
5. False Sense of Security
Finally, many companies remain vulnerable because they have a false sense of security. Small businesses feel they won’t be targeted because they are too little to be noticed, and big companies may feel that the measures they have had in place for years are enough. The truth is anyone can be a target, and without constantly checking and updating security, businesses can quickly become vulnerable.