As humans, we learn from our mistakes but, in the world of cybersecurity, minor errors or the lack of awareness can lead to grave consequences for the enterprise. It’s safe to say that no electronic device connected to the Internet is completely secure from intrusion, but if basic security enforcing practices are employed, enterprises can definitely stay away from attacks. This article, provides information around the most common threats that can be posed to an entity because of their lack of cyber-security awareness.
- Default / Weak Passwords – This problem has basically been here since the dawn of technology and is still responsible for the majority of cyberattacks in the world. Also, guessing passwords is the easiest way of breaking into a system and it has always been the first trick for hackers. Evidently, this can easily be fixed by spreading awareness about strong passwords and the part this action can play in keeping the hackers at bay.
- Disabled Security Controls – In many enterprises, the Administrators often disable security controls to make applications more usable for the employees but, obviously, this can cause great deal of damage to both systems and network. This can be fixed by hardening servers and network with all security controls enabled and unwanted privileges removed. Periodic audits are essential to maintain the status quo thereafter.
- Phishing – Phishing is a phenomenon in which a fraudster tricks the victim into clicking on malicious attachments or links sent through email / via social media websites / via advertisements. Over the years, phishing has grown in sophistication with hackers being able to make phishing looks more and more realistic. Phishing simulation exercises help in keeping such attacks out of bay to large extent.
- Remote Security – Remote insecurity can also have disastrous consequences. The enforcement of a company-wide policy prohibiting the transfer of data from corporate devices to personal along with imposing restrictions and controls via tools, process and periodic awareness does the trick.
- Social Networking – Social networking allows the entire workplace to stay collaborative and lively but it can also pose huge risks. The number of sophisticated social engineering attacks has also been increasing exponentially over the years. To fix this, technical awareness needs to be imparted to the employees via training sessions periodically.
- Obsolete Software or Uninstalled Patches – The threat posed by obsolete software is greatest worry and has been exploited multiple times (recent ransomware attacks is still fresh in minds). Often, there is delay in pushing updates/patches and which ends up opening a lot of vulnerability gaps in systems, giving open invitation for potential attacks. Once again, employees must be made aware of the importance that updates and patches. This will help to prevent systems from getting compromised because of this common mistake.
- Unauthorized Application Installation/Usage – Installation of unauthorized applications on workstations is a very common phenomenon. With malicious code embedded in the application and administrative privileges available with the user, it is very easy to take control of system and execute at will or exfiltrate data. Revoking administrative access for corporate devices along with periodic awareness sessions for employees can bring situation under control to greater extent.
The above-mentioned are some of the most common reasons for modern day cyberattacks and it’s of supreme importance that precautionary awareness regarding them be made widespread, enterprise-wide, covering each employee and all levels.
By:- Sapan Talwar