Biggest security threat? Your users
How to protect against naive, careless or malicious users
Computerworld - Whether it is the FBI's sheepish acknowledgement that at least 10 of the 160 agency laptops that have gone missing in recent years contained "sensitive or classified information" or the drama of retailer TJX's February admission that the incident that put its customer credit card information in the hands of thieves impacted more people than originally thought, security incidents keep making headlines and vexing organizations.
Unfortunately, even the best security technology in the world can't completely protect a company from the biggest vulnerability it has -- its own end users. Security researchers repeatedly label end users the biggest threat to enterprise security. Unlike applications that can be patched or systems that can be hardened, end users -- whether through naivete, carelessness, or malicious intent -- continue to expose IT resources to serious security threats.
"Security is fundamentally a human issue," says Scott Crawford, an analyst at Enterprise Management Associates in Boulder, Colo. "Human nature can be totally unpredictable, so when it comes to IT, the risk posture changes every day."
And as enterprise data becomes more portable and thus more vulnerable to an evolving list of threats, both the dangers and the costs associated with these risks continue to rise. Companies face serious economic consequences from data breaches that can damage their reputations and result in remediation expenses, fines and other costs.
A study conducted by the privacy think tank the Ponemon Institute and funded by security vendors PGP Corp. and Vontu Inc. pegs the cost of a breach at an average of $182 per lost or exposed record. And costs can rise beyond that, depending both on the business the breached company is in and how critical the records are to that organization. For example, data aggregation vendor ChoicePoint Inc., which delivers risk management and fraud information to clients in the insurance industry and other fields, watched its market capitalization plummet $720 million after news that 145,000 consumer accounts were compromised after a breach of its systems.
But while safeguarding networked information in a time when data is so mobile is a challenge, businesses that apply the right security techniques and technologies can successfully protect their resources. This starts with having the best first line of defense possible: an effective set of enforceable enterprise security policies that address how and by whom information should be accessed, stored, transferred and handled. Organizations need to communicate policies to staff members, contractors and partners that have access to this information.
A culture of control
"What you want to do is create in your organization a culture that has security in its core," says Robert Lerner, an analyst at Heavy Reading, a New York-based market research firm. "When you create that, you immediately have a much more secure organization."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts