Wednesday, November 4, 2015
Vendor researcher includes USB drives, smartphones as top security risks. With cyber-threats becoming a daily headache for IT security staff, it helps to have some advice, or at least know what to look out for. A network security software provider, offered his observations on the top 10 threats that can harm networks from the inside and ways to combat them.
“The ways that the networks can be compromised five years ago internally, certainly still exist. It’s just that today, that list is really growing, and that’s why this is ongoing research,”
“It’s really an ongoing case again of all this data that we’re seeing worldwide, all this feedback we’re getting, all the new threats that we’re seeing and how those threats can potentially affect systems,”
According to the researchers, the top 10 internal network vulnerabilities are:
- USB drives
- Laptops and netbooks
- Wireless access points
- Miscellaneous USB devices (digital cameras, MP3 players, etc.)
- Employees borrowing others’ machines or devices
- The Trojan Human (attackers who visit sites disguised as employee personnel or contractors)
- Optical media (CDs, DVDs, etc.)
- Lack of employee alertness
- Smartphones
The list also includes advice for prevention and mitigation, with tips like implementing asset control policies to handle removable media threats and implementing an encrypted file system for sensitive data.
Some potential security threats such as smartphones can be dangerous in part because people don’t see them as threats. And even though they can house viruses, the devices can threaten networks in ways people may not think of.
“If you have any sort of confidential information and you have access to that, even if the document doesn’t leave the quarantined area and you take a picture of that with a smartphone, you can send that over [a] 3G network. You can just keep it on the smartphone and walk out with it,”
But when it comes to locking down networks and implementing security protocols, the government may be in a different position than the private sector when it comes to enforcement.
“They have a heavier hand. They can enforce this and say, ‘OK, across all agencies, we are banning this until we can think of what’s going on with this.’ So that is a good thing in my view because if you can properly enforce something, and you can take action on that, then it’s a step forward,”But there could be drawbacks.
