The 5 Vulnerabilities You’re Missing on Your Corporate Network
When an organization thinks of insider threats, it’s often thought that it means malicious employees stealing data or destroying resources. Insider threats aren’t just employees with malicious intent. It’s also employee negligence either by allowing malware to be installed on the local network or just accidentally leaking data. Whatever the reason, it’s the responsibility of IT and security administrators to protect against these types of threats.
1. Targeted Phishing Attacks at C-Level Executives
When attackers send phishing emails, they sometimes send them to a group of people within the organization, but they also use a technique called spear phishing that targets specific employees with high-level access. C-level executives are the perfect target due to their ability to access data that other employees can’t.
Any C-level employee (including the CEO) should be educated on red flags, and IT must monitor these accounts for suspicious network activity. Email filters can block much of the phishing attempts for the entire organization, including C-level executives.
2. Review Your BYOD Policies
Bring your own device (BYOD) policies are convenient for employees to connect their smartphones, tablets, and laptops to the network, but this opens up a plethora of possible exploits. Attackers specifically go for mobile devices due to the poor security and monitoring of the system. They can send malware to the network, steal data from the device, or drop malware on the network waiting for an employee to run the executable.
BYOD policies are there to protect the network from these attacks, but extra steps must be taken to ensure that the section of the network where BYOD devices connect are segregated from the main critical storage. Traffic should be monitored and suspicious traffic flagged for administrator review.
3. Intrusion Detection and Prevention
Intrusion detection systems (IDS) monitor the network for any suspicious traffic. When unusual traffic patterns happen, these systems alert the administrator. The administrator can then look into a possible breach. IDS software alerts you to any suspicious data access before it can browse the network for more sensitive data.
IDSes do not stop traffic. Intrusion prevention systems (IPS) stop malware from gaining access to sensitive data. Most organizations incorporate both to detect malware and then stop it from doing more damage if it’s already been installed on the network. This gives administrators a quick heads-up that it’s time to review corporate resources. Insider threats are some of the most difficult to detect and can stay on the network silently and undetected for months. Using IDS and IPS, you can stop the damage quickly instead of allowing data to continually leak to an attacker unknowingly.
4. Poor Security Budget
Many organizations make the mistake of disregarding the importance of IT security until it’s too late. It’s important that budgets are given to help beef up security and put the right monitoring in place. Poor security budgets are often the root cause of breaches because organizations are not able to keep up with the latest attacks, vulnerabilities, exploits, and updates needed to implement proper security protocols.
5. Don’t Forget Social Engineering
Social engineering comes in many forms, but one issue that most organizations don’t account for is physical access to an employee’s desktop. Social engineers use their tricks to gain access to the physical location or even a mobile device when the employee is traveling. They can then use employee credentials to steal data, install malware on the local machine or any other numerous exploits when physical access is granted.
The way to stop this kind of attack is with GateKeeper. GateKeeper automatically locks the desktop when an employee walks away from it. You no longer need to worry about physical access when an employee is away from their machine.
See GateKeeper Enterprise in action
Take a self-guided tour of GateKeeper Enterprise, the proximity-based centralized access control for secure identity and access management.