In this season of new year resolutions and predictions we, at Seclore, have come up with our own "top 10". This is the last part.Governments & Enterprises are increasingly targeted by overlapping surges of cyber attacks from within, from criminals and nation-states seeking economic or military advantage. This article lists the top 5 security risks in front of such organizations for 2012 and recommends ways to deal with them :
1. Insider Threats : Threats of information breaches from "trusted" people and groups like employees, vendors, customers is already the largest threat and is going to grow in importance. This one is right at the top because its probability directly increases with the number of people in the trusted network and also because of the high amount of damage it can do. Besides obvious controls like access management and privileged user activity monitoring, organizations need to be able to control the flow and usage of information within and outside the enterprise. Enterprises should evaluate identity management, DLP and IRM technologies to mitigate this risk."I don't need enemies ... I got enough friends to deal with"
2. Cloud Adoption : Enterprises are adopting the cloud, in most cases without realizing it themselves ! Extremely easy to use systems like Drop box and Skype are essentially cloud based services which users adopt without informing any central security decision maker. In most cases the cloud adoption requires nothing more than a URL and only in few cases does it require the person to actually seek IT help. What users do not realize is that cloud adoption, irrespective of the form (SaaS, PaaS, IaaS... ) needs to be carefully evaluated at the enterprise level and not adopted by the individual without understanding the risks. Enterprises can start with a policy for using cloud based services and then translate that into controls over access which can be gradually relaxed as the specific cloud service is deemed safe. Enterprises should evaluate content filtering and IRM technologies to mitigate this risk."Things are looking very cloudy for enterprise security"
3. Un-Managed Devices : Till a few years ago the rules of internal network and application access were very simple i.e. only devices owned and managed by the enterprise's IT team were allowed to access the IT resources. This has changed rapidly where personal devices like smartphones, tablets and even personal computers are accessing corporate emails, knowledge portals and applications. Enterprises are evaluating and sometimes deploying a Bring-Your-Own-Device (BYOD) strategy ! Traditional tenets of endpoint security systems i.e controlling devices from becoming rogue are therefore falling. The rules for un-managed devices should be defined very stringently. Data which is allowed to go the device should be protected. Enterprises should evaluate virtualization technologies to mitigate this risk by reducing the amount of data going to the un-managed device."Who is the stranger in the house??"
4. Mobility : Mobility presents the greatest opportunity and also one of the greatest threats for enterprises today. Mobile devices and operating systems are coming closer to the capabilities of the desktop ones but still lag behind in terms of security. Adoption rates are growing faster than what security teams of enterprises can grapple with. Enterprises are best advised to start with policy formulation and then extend to technology controls on mobile devices for enterprise applications. Data going to the mobile device should be protected. Private mobile app store is an option to control the flow of apps to the mobile enterprise workforce but is not feasible for small enterprises. Enterprises should evaluate the multitude of mobile security systems available today."The network follows me and so do the threats"
5. Social Media : Use of social media platforms by the workforce is growing rapidly. In this use, distinguishing between personal information and corporate information is becoming difficult. This leads to personnel and enterprises coming under the attack of social engineers and espionage. Starting with guidelines, enterprises need to increase awareness on appropriate use of social media and may evaluate Data Loss Prevention (DLP) technologies to do content based filtering on social media access."Man is a social animal and its a jungle out there"
Posts
0 comments:
Post a Comment