Five Critical Shifts That Threaten Network Security
Today, the individual hacker typically doesn’t operate alone. They most likely belong to an informal group of hackers or perhaps even an organized hacker syndicate. Together, they may orchestrate and coordinate their attacks and share techniques and methods, creating a more serious threat that’s more difficult to identify and defeat.
The network security industry has also noticed an increase in progressive stepped attacks—when hackers repeatedly try to penetrate the systems through different vectors. The organization may stop some of the attacks, but the attackers are counting on one of them succeeding… and one is all it takes.
The rise of social media networking also poses inherent challenges. Although it can be a significant benefit to the organization when appropriately managed, it can also present some dangers in terms of network security. Companies should make their social media users aware of the risks of information sharing and educate them specifically about the types of information they can and cannot share. Organizations should strongly consider revising policies to address social media and should monitor what employees say and share in social media channels.
Social media also offers hackers and other criminals the opportunity to engage in social engineering—using deception or fraud to persuade employees to reveal passwords and other confidential information. Attackers then use this information to penetrate network computer systems and compromise data. To prevent this method of attack, companies should build a defense around education, policy, and activity monitoring.
Finally, organizations face one of their largest network security threats from their own people, often in the form of careless or disgruntled employees. For example, many employees generally lack knowledge about what comprises sensitive data. Or employees sometimes circumvent established business processes or controls for the sake of speed and efficiency, which creates the risk of accidental data leakage.
Together, the threats described above represent five critical shifts in the threat profile. In response to these shifts, organizations must rethink how they plan and execute computer network and data security to safeguard their systems, applications, and— most importantly—their data. And they should strongly consider a network security assessment to identify security vulnerabilities.
- Emergence of systematic, syndicated, multi-layered global hacking - This essentially amounts to the industrialization of hacking, which produces a supply chain that starkly resembles that of drug cartels. Automated tools such as malware distributed via botnets can provide the weapons of choice.
- Shift from application security to data security - Companies are shifting to data security as cyber-criminals devise and uncover new ways for bypassing existing security measures to obtain information and critical data.
- Emergence of social networking as major vulnerability - People who are less educated in security policy are more susceptible to social engineering, which makes companies more vulnerable.
- Shift to proactive defense from reactive defense - Rather than sitting around, waiting to be breached, smart organizations are actively seeking holes and plugging them. Basically, it’s another instance in which offense is the best defense.
- Shift in focus to multi-dimensional password theft - Attackers expect that credentials for one application, like an email account, likely will also apply to other applications, like online banking. As a result, attackers are ramping up their efforts against these big payoff targets. Changing passwords frequently, insisting on different passwords for each account, or even choosing an altogether different security option other than passwords all make good defenses.
To combat the threats from these shifts in computer network security, managers need the visibility and control that lie at the heart of information governance. Organizations know all about corporate and financial governance. Now they must apply it diligently to information that—when you come down to it—is one of their most valuable assets.