So You Think You’re Safe? Maybe ‘Strike Three, You’re Out’ is More Appropriate.
Businesses are making some poor decisions regarding security. The question asked in the article ‘Dangerous Assumptions that Put Enterprises at Risk’, by Kacy Zurkus, stacks up the evidence that many companies are confident in their security but shouldn’t be. As a result, they are unwittingly increasing the potential for security breaches.
According to the article, Andrey Pozhogin, cybersecurity expert at Kaspersky Lab, said, “Thinking they’re protected from DDoS attacks is one of the most dangerous assumptions businesses make. A recent Kaspersky Lab survey found that 40 percent of organizations fail to put preventative measures in place because they think their Internet service provider (ISP) will protect them.” Oops, they won’t. Did you know that?
It gets worse, “In addition to those that assume their ISPs are protecting them, the survey found an additional 30 percent think their data center or infrastructure partners will protect them.” Oops again.
Pozhogin went on to say that a cloud provider can protect an organization from large scale attacks, but can’t do anything about what Pozhogin calls “smart attacks”, such as those using encryption, or replicating user behavior. Another 30 percent won’t take action because they don’t feel it will happen to them! Oops one more time.
What are some of the other risks identified in the article?
- Password complexity – if a company states than every password must begin with a digit and have five letters, it is giving a hacker a hint about what should be the first key of the password.
- If everything is done over SSL and you think you’re safe, then guess what, you’re not.
- Don’t think your organization is too small to get hacked – it isn’t.
- Just because an organization is compliant, doesn’t mean it is secure.
- Don’t think the digital world is the same as the physical world. This is one of the most dangerous assumptions. The digital world has no boundaries – geography doesn’t matter.
- Trust, in both people and solutions, doesn’t actually exist in the digital world. You can have confidence in a system, but don’t become complacent.
- Protection has to move closer to the assets it is trying to protect, and away from trying to identify who committed the crime.
Well, if that list doesn’t make you think your security is lacking, I don’t know what will. It is an interesting article and has some good pointers on how organizations create their own risk, without even knowing it. Do any of these risks apply to you?
Join us for our ‘Eliminate the 17.4% Documents that Contain Data Breaches’ webinar on Wednesday, September 13th. Issues relating to security breaches from within content now occur with alarming frequency. This session shows how to focus on the identification of unknown security exposures that exist as content is ingested or created, to avoid costly and damaging ramifications.