September 27, 2016
10 Hidden Security Vulnerabilities Crippling Business
Companies that get complete 3rd party security reviews develop balanced security strategies. Lack of security visibility can result in security vulnerabilities and can lead to a very imbalanced security infrastructure with over or under budget spending or mis-allocation of resources.
Top vulnerabilities caused by the lack of a complete risk assessment.
- Lack of regular security testing. Failing to use the right security testing regularly can lead to vulnerabilities that would otherwise be detected. Most common tests include network vulnerability scans and penetration tests, but can also include cloud-application, Wi-Fi, VOIP or other tests.
- Lack of strong user access control. Since passwords have been demonstrated to not be sufficient for strong security, multi-factor authentication, access policies and other control solutions are typically required and frequently not used.
- Lack of visibility, monitoring and alerting. Preventative solutions like firewalls and antivirus alone are not enough to defend against advanced persistent threats, and real-time adaptive malware. Total system security monitoring solutions (SIEM) are required to provide visibility, threat correlation and alerting.
- Lack of security to prevent new threats. Increased use of cloud applications (such as CRM, HR, Financial, cloud storage), virtual servers, and remote data centers means new threats not previously protected against. These threats require specialized solutions that target these new threats.
- Lack of adequate security to secure remote workers, and work-sites. By opening up access from remote sites, security threats are magnified with data access and storage issues. Solutions must be customized to each situation.
- Lack of appropriate data loss prevention technologies. Given remote workers, portable devices (such as laptops, smart phones) and cloud application usage, controlling data access, storage and usage is very important and requires customized solutions.
- Lack of protection against advanced threats. APTs (Advanced Persistent Threats) and advanced malware (such as ransomware) are serious new and evolving threats that require multiple targeted solutions that vary by company size and situation.
- Lack of protection for email. Email threats such as phishing are the #1 security threat vector. Multiple new