Security Threats Hiding In Plain Sight - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Security Threats Hiding In Plain Sight
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Michelle
50%
50%
Michelle,
User Rank: Ninja
7/30/2016 | 5:11:28 PM
Re: Treat them all as insiders.
@Joe that's right! I often forget about insider threats, but they are a significant attack vector. Connected things will become more of a security threat as well (see community.hpe.com/t5/HPE-Business-Insights/The-biggest-security-threats-of-2016-How-CIOs-can-prepare/ba-p/6855393)
Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Author
7/30/2016 | 3:05:50 PM
Re: On Another Note.....
Technorati, 

Yes. At the same time you wonder if it's not stating the obvious. If it would, we wouldn't be having these discussions, though. 

-Susan 
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
7/30/2016 | 1:55:51 PM
Re: On Another Note.....
@Susan   Agreed.  Companies need to be far more proactive regarding security, make it a integral part of their culture.   Something as simple as screensavers that state, "Security is serious business" or "Think first. Before you Click" would be a great way to keep security in the minds of employees.
Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Author
7/30/2016 | 12:56:04 PM
Re: On Another Note.....
Technorati, 

Prevention and education are two great tools everyone should consider in order to avoid security problems as much as possible. It's important to always be vigilant. In-house training is one option.

Another option is encouraging employees to attend security conferences to stay updated, listen to the experts, and have security always present. Everyone in the company needs to be involved. 

-Susan 

 
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
7/29/2016 | 2:51:00 PM
Re: On Another Note.....

@Susan   I agree most employees do take security seriously, it is that percentage of careless people that should keep IT awake at night.  All it takes is one person to be careless and the network is compromised.

 

You and I know this but if you are dealing with people who "click the link first" and then wonder why their machine doesn't work like it use to - it is a big problem.  Locking down the network does not make people happy nor is it an effective solution due to smart phones and Cloud based access. 

Security Firms are reluctant to acknowledge this because of course it directly affects their position.

I like the in-house training, but it will have to be carried out at least bi-annually to keep security in the minds of employees.

Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Author
7/28/2016 | 9:39:52 AM
Re: On Another Note.....
Technorati, 

I don't think it's employees who don't take security measures seriously. It's more a lack of information about those security measures. This is why it's so important for enterprises to always have in-company training on security. how many times we have heard about employees who innocently have made a terrible mistake? Of course, there is also a percentage of people who are simply careless no matter what. 

-Susan 

 
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
7/27/2016 | 7:54:18 PM
Re: On Another Note.....

@vnewman   You make excellent points and I agree you should vet potential vendors regarding their cyber readiness but as you point out, they will never admit they are not up to standard.  If companies were to demand this then the number of third party vendors they actually did business with would decrease dramatically.

Not necessarily a bad thing unless you are one of the companies that didn't make the grade.  And I suppose we would be very surprised by the companies that come up short.

 Those that can meet the standards will probably pass the cost of this on to the consumer.  And even then there are no guarantees - it might even be analogous to "double taxation" for the consumer. 

They will pay for security and then pay for the ensuing breech.    This is a really difficult issue that probably cannot be solved by free market principles.

vnewman2
100%
0%
vnewman2,
User Rank: Ninja
7/27/2016 | 6:06:58 PM
Re: On Another Note.....
Let's talk about third-party vendors (with the Target example in mind).  Vendors should be interrogated about cyber risk before giving them the proverbial keys to the castle. Vendors possess significant understanding ofthe risks presented by the use of new software, network configurations, cloud computing and the like but understandably are not prone to publicize what could be perceived as defects in their service offerings.

Software vendors, in particular, are often in the best position to answer questions about their product vulnerabilities but they are also often reluctant to do so in order to avoid embarrassment and other negative consequences.
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
7/27/2016 | 1:24:37 PM
Re: On Another Note.....

I see.  Third Parties are those within the business cycle.  Well, this is a major problem because not all businesses have the resources or the insight to provide the kind of security measures necessary in today's world. 

Use your Amex at a local store, you now entrust them to have secure systems ?  

Who remembers the Target  breech ?

 

Michelle's comment about using cash is sounding better and better by the minute.

Technocrati
50%
50%
Technocrati,
User Rank: Ninja
7/27/2016 | 1:18:39 PM
Re: On Another Note.....

Third parties are mentions as threats.  What does this mean ?   Is this a reference to employees that don't take security measures seriously ?  

Because this happens constantly.

Page 1 / 2   >   >>


State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Commentary
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
Slideshows
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll