Are Your Employees Undermining Your Network Security?

Enterprises are constantly fighting to stay one step ahead of hackers, from upgrading endpoints using the now vulnerable Windows XP to Windows 8 or implementing more secure remote access technologies in light of the Target breach. Then came Heartbleed, which necessitated another immediate response for countless enterprises. Creating and executing a network security plan can feel like fighting the Hydra, famous from Greek mythology – as soon as one threat is neutralized, another two spring up in its place. The best strategy for enterprises trying to stay ahead of the next threat is to take a preventative approach by implementing technologies that can quickly adjust to threats and ensure that employees comply with network security best practices. Given the ubiquity of threats that can affect networks, it would seem as though one of a company’s best defenses would be its own employees. After all, they care about their company and genuinely do not want to expose sensitive information. However, in many cases, employees are just as likely to unknowingly help tear down the castle gates as they are to protect them. Transforming Employees from Vulnerability to Asset Because of the increasing Bring Your Own Device (BYOD) trend, employee endpoints are now a major threat to network security. Think about all the vulnerabilities your employees could create. They could log on to the corporate network on an insecure mobile hotspot at a café, or they could misplace their device, which could then fall into the wrong hands. The Ponemon Institute found in its recent “Cost of Data Breach” study that this sort of exposure is all too common. Thirty percent of all data breaches...

Mobile Malware and the Corporate Network

Cybersecurity threats are constantly evolving, and for IT teams looking to patch the latest vulnerability (i.e. Heartbleed), trying to prevent the next attack is a full-time job in itself. However, it’s not very often that we have a chance to examine some tangible information about the threats we’re trying to safeguard against. That’s why research recently highlighted in CIO Insight caught our attention. A Look Back In order to understand where we’re headed, it’s important to understand where we’ve come from. The research took a look back at 2013, examining the prevalence of security concerns like spam and malware, which allowed some extrapolations to be made about what to expect in 2014. For example, CIO Insight reports a significant drop in spam levels as a result of more botnets being traced and removed. But true to form, when one way to wreak havoc is stifled, cyber criminals quickly changed tactics. Now, instead of trying to lure unsuspecting victims into downloading an illegitimate attachment containing malware, malicious links are being included right in the body of the message. These malicious links aren’t only in emails, though – the research revealed the number of malware URLs increased by 131 percent last year, appearing most frequently on education, travel, sports and pornography websites. Unsurprisingly, an increasing amount of traffic to the aforementioned websites is being driven from mobile devices. And, as we’ve previously discussed, Android devices are becoming cyber criminals’ favorite targets. In fact, over the last six months of 2013, “an average of 5,768 types of Android malware was found per day.” With enterprises already contemplating security concerns spurred by BYOD,...

Gaining the Upper Hand on Hackers with Comprehensive Network Security

Over the last year, we’ve witnessed some very prominent hacks including Adobe, Target and Neiman Marcus, so enterprises could be forgiven for feeling a bit nervous about the ever-present threat of network infiltration. Unfortunately, a recent Ponemon Institute report will likely do little to ease these concerns. According to the research, the majority of security professionals believe attackers are able to dodge the defenses enterprises are deploying. That’s a major problem for enterprises, especially considering the research revealed 80 percent of respondents believe the loss of data could lead to lost income. However, if denial is the first stage of addressing a problem and acceptance is the second, logically, action must be the third. And that’s precisely what enterprises need to do – take action. Advantage: Cyber Criminals As Joerg Hirschman, CTO of NCP engineering explains in SC Magazine, “For the most part, the good guys are being more reactive than proactive.” There’s advantage number one for cyber criminals. Advantage number two, as detailed by eWeek’s Robert Lemos is the fact that “Attackers are able to gain intelligence on corporate defenses, [therefore] they have a first-mover advantage and the ability to actively look for vulnerabilities.” Finally, the communication amongst attackers gives them yet another advantage over enterprises, who are subject to the same types of threats but very rarely share important defense information or collaborate to patch flaws in network security. Considering this, Larry Ponemon’s summary of the research comes as little surprise: “The overall analysis indicates that a majority of security professionals do not feel adequately armed to defend their organizations from threats.” But what if enterprises were...