Top 10 Threats to Information Security
Last week, I was talking about the data breach case that happened to Marriott hotel. Data breach is one of the most critical threats to all organizations. This threat will never stop, so all businesses and homes need to be well prepared for defending against this threat. This week, I am going to expand on the security risk and talk about the top 10 threats to information security.
According to Georgetown University, the top 10 threats to information security are:
1. Technology with Weak Security - This threat comes from new technology and new technology devices, especially devices with Internet access that have little or insecure security protection. With the fast development of technology, some innovators focus more on new inventions or features for technology, but focus less focus on security, which causes security holes in the development of technology.
2. Social Media Attacks - Social media has boomed in the last decade or so. According to the latest social media statistics, "81% of the U.S. population has a social media account. That amounts to about 264 million people” (Lincoln, 2018). With a huge number of people using social media, Cybercriminals have exploited social media for attacks, such as the Water Holding attack, which is when attackers identify and infect a cluster of websites they believe members of the targeted organization will visit.
3. Mobile Malware - According to Statista, "In 2019 the number of mobile phone users is forecast to reach 4.68 billion. The number of mobile phone users in the world is expected to pass the five billion mark by 2019" (Statista,2018). With more and more people using mobile devices, I believe that there will be more mobile threats, malware attacks, and more threats/vulnerabilities on mobile devices.
4. Third-party Entry - Many enterprises use third-party software/services for their business. The reasons being are the third-party service providers are often highly experienced, certified, and efficient. Another reason is to save money for the company. For example, if the company wants to write their own antivirus software, it would cost a lot more money than just buying one from the third party. However, third party software or services have security holes too, and Cybercriminals could exploit those security holes to steal confidential data. For example, "HVAC vendor was the unfortunate contractor whose credentials were stolen and used to steal financial data sets for 70 million customers" (Georgetown University, 2018).
5. Neglecting Proper Configuration - most security controls come with default settings and the settings do not fit all businesses. It is not "one size fits all", so when the enterprises use security controls, they need to understand the tools and configure them to best fit with the business needs. Do not use the default security settings.
6. Outdated Security Software - a common mistake about this threat is when a business uses antivirus software but does not configure it to auto update the definition files. Both businesses and homes are facing new threats every day. Without having the latest security software or definition files, both businesses and homes are vulnerable to the current threats.
7. Social Engineering - this threat is so popular now that hackers try to use different techniques on social interaction and psychological manipulation to gain access to confidential data. The common techniques that hackers often use are phishing, spear phishing/whaling, pretexting, water hole, and tailgating.
8. Lack of Encryption - To protect data at rest or in transit, companies should protect the data by encrypting the data. For example, all websites, especially the websites with the online transactions, should use https. For sensitive data at rest, they should be encrypted. For example, SSN, date of birth, addresses, banking account numbers, and driving license numbers should all be encrypted.
9. This is another common threat since many enterprises have started using the Bring Your Own Device (BYOD) option. For example, many employees use their personal phones to connect with their worked email server to read emails and download work documents to the phone for review. The same thing for laptops; many employees use their own laptop for work. One common security problem is the personal devices don’t have any type of encryption, and if the device get stolen, people can retrieve and view the information easily.
10. Inadequate Security Technology – companies need to invest the right amount of money for security technology. Security is a trade-off between risk and cost. Each company has different types of business. Spending more or less on IT Security is dependent on each company’s situation. However, “businesses now spend a higher percentage of their IT budgets on security than ever before. According to the survey, large organizations spend an average of 11 percent of their IT budgets on security while small businesses spend nearly 15 percent” (Rubens, 2015)
These are the things that you need to consider for today security. Wherever you are at work or at home, those threats can happen to you. It is good to know the current threats so that you can understand and defend against them. I always like a sentence: “Prevention is better than a cure”. Do you agree with me on this?
Reference:
Cooney, D. (2018, Jan 22). 5 Social Engineering Threats. Retrieved from http://www.consultparagon.com/blog/5-social-engineering-threats
Lincoln, J. (2018). Powerful Social Media Statistics In 2018. Retrieved from https://ignitevisibility.com/social-media-statistics/
Georgetown University. (2018). Top 10 Threats to Information Security. Retrieved from https://scsonline.georgetown.edu/programs/masters-technology-management/resources/top-threats-to-information-technology
Rubens, P. (2015, Apr 1). Why you should be spending more on security. Retrieved from https://www.cio.com/article/2904364/security0/why-you-should-be-spending-more-on-security.html
No comments:
Post a Comment