Concern for IT security has come to the forefront of every organization in 2015, with 76 percent of companies ranging from US business executives, law enforcement services, and government agencies saying that they are more concerned about it now compared to 59 percent in 2014.
More corporations have come to realize that it’s no longer just the IT security and solutions providers in the Philippines that needs to be aware and be involved in IT security but everyone in the company, from the CEO to its employees—proving that this a globally recognized norm.
5 IT Security Risks Every CEO Needs to Know in 2016
IT security researchers were kept busy, as they have uncovered five security risks that every CEO needs to be aware of this year to help decrease vulnerable spots and security risks within the organization, in addition to the IT security predictions this year.
1. Java Security Risk
Oracle’s Java is the biggest security risk to desktops, as 48 percent of users are not running the latest patched versions according to a report from Secunia ApS, a Copenhagen-based security vendor. As of the latest, 119 new vulnerabilities have been identified in Java. But, what’s scarier is that sixty-five percent of computers have the program installed.
The security risk lies not in the difficulty of updating to the latest secured version, rather user neglect. Most users do not care to run updates to the program even if prompts are visible on their desktops.
This biggest security risk can simply be overcome by instructing users to consistently run patches to latest security updates from software programs they have in their computers. Strict monitoring by the IT department can make sure this has a strict implementation. A solution for this is for IT to implement a general patch management solution that can apply patches to all operating systems connected to the network automatically without relying on each individual user to apply the patches by themselves.
2. Visual Hacking
Did you know that hacking can be done offline and on site? It seems that security measures need to be implemented within company sites since hackers can successfully get their hands on sensitive company information 88 percent of the time, according to a Ponemon Institute Study.
In their research, they sent people to large corporations who agreed to participate in their research. Researchers came in with staff IDs and while the management knew they were coming, the office staff didn’t. Surprisingly, they were able to take pictures of computer screens and pick up confidential documents clearly marked “confidential” all in full view of regular employees without being called out, all under two hours.
This clearly falls under IT security risks without ever coming around one’s IT networks or programs. We need to develop security policies in the office that limit access privileges and warns end-users of potential visual theft around the office. Of course, awareness to each of the individual users or employees is important.
3. Vulnerabilities in Company Websites
Most companies have websites these days, but unfortunately, most of them had, at least, one serious site vulnerability for 150 or more days in 2015, according to an analysis run by WhiteHat Security among 30,000 websites. This means most sites were very vulnerable to hacking for more than half of the year.
An even more alarming statistic is that sixty-four percent of public administration websites were vulnerable every day, followed by retail sites, with 55 percent having, at least, one serious vulnerability every single day of the year. These sites store confidential information for consumers – mostly SSS and financial information (bank and credit card details) – so, this statistic is dreadful.
We need to have better IT security monitoring in our websites, and having a dedicated team to manage and monitors these sites would be better. Being updated with the latest security cyber threats and fixes to each of these threats are also crucial in keeping sites protected.
4. Threats via Apps
Mobile security vendor, Veracode, analyzed 400,000 of the most popular applications in the Apple and Google app stores. They tagged 3 percent (14,000 apps) of them as having security problems that exposed private information such as location, and access to contacts and SMS messages.
In a global enterprise, there are as much as 2,400 unsafe apps on mobile devices and these pose a threat to organizations, as most employees access work mail and do remote work on their mobile devices and tablets.
Limiting access to work e-mail from unsecured devices and locations or screening laptops, mobile devices, and tablets for BYOB (bring your own device) can greatly reduce this risk.
5. Malware via Ad Clicking
We have been warned about getting our computers infected with malware via pop-up ads, but this has gone unnoticed since there are about 32 million active infections discovered during the first half of 2015, according to a report by security vendor Damballa. And while this may seem harmless at first, malware usually serves as a gateway for more serious infections, as it increases security vulnerability to cyber attacks.
Running anti-malware programs can stop malware from running. Then again, it is an end-user orientation and education to not just to “click” on ads and avoid going to unsecured websites that eliminate this risk, or, a better alternative is to implement a central ad-blocking solution or a central network anti-malware solution.
These security threats are relatively small compared to what usually makes rounds on the Internet, with cyber hacks getting more aggressive and complicated, thus, harder to mitigate. However, these risks increase your vulnerabilities to more complex security threats in the future.
By nipping these small threats in the bud, such as consistently running and monitoring security patches/updates, developing better security policies, implementing them strictly, and end-user (employee) training, orientation and re-training, you are significantly decreasing the chances of cyber attacks happening in your organization.