So You Think You’re Safe? Maybe ‘Strike Three, You’re Out’ is More Appropriate.
Businesses are making some poor decisions regarding security. The question asked in the article ‘Dangerous Assumptions that Put Enterprises at Risk’, by Kacy Zurkus, stacks up the evidence that many companies are confident in their security but shouldn’t be. As a result, they are unwittingly increasing the potential for security breaches.
According to the article, Andrey Pozhogin, cybersecurity expert at Kaspersky Lab, said, “Thinking they’re protected from DDoS attacks is one of the most dangerous assumptions businesses make. A recent Kaspersky Lab survey found that 40 percent of organizations fail to put preventative measures in place because they think their Internet service provider (ISP) will protect them.” Oops, they won’t. Did you know that?
It gets worse, “In addition to those that assume their ISPs are protecting them, the survey found an additional 30 percent think their data center or infrastructure partners will protect them.” Oops again.
Pozhogin went on to say that a cloud provider can protect an organization from large scale attacks, but can’t do anything about what Pozhogin calls “smart attacks”, such as those using encryption, or replicating user behavior. Another 30 percent won’t take action because they don’t feel it will happen to them! Oops one more time.
What are some of the other risks identified in the article?
- Password complexity – if a company states then every password must begin with a digit and have five letters, it is giving a hacker a hint about what should be the first key of the password.
- If everything is done over SSL and you think you’re safe, then guess what, you’re not.
- Don’t think your organization is too small to get hacked – it isn’t.
- Just because an organization is compliant, doesn’t mean it is secure.
- Don’t think the digital world is the same as the physical world. This is one of the most dangerous assumptions. The digital world has no boundaries – geography doesn’t matter.
- Trust, in both people and solutions, doesn’t actually exist in the digital world. You can have confidence in a system, but don’t become complacent.
- Protection has to move closer to the assets it is trying to protect, and away from trying to identify who committed the crime.
Well, if that list doesn’t make you think your security is lacking, I don’t know what will. It is an interesting article and has some good pointers on how organizations create their own risk, without even knowing it. Do any of these risks apply to you?
Our webinars also address the topics explored in our blogs. Access all our webinar recordings and presentation slides at any time, from our website, in the Recorded Webinars area, via the Resources tab.