Today, enterprise-scale companies are more interconnected than ever. People, applications, servers, networks, and devices in different departments and even in different parts of the world are constantly exchanging information in both the public and private cloud. That’s not a bad thing. In fact, most organisations strive for this kind of silo-less interconnectivity. Desirable as it may be, however, it’s not risk-free.
There are cybercriminals ready to exploit any vulnerability in an organisation’s digital defences. That much should be obvious from the 60 000-plus reports of fraud and cybercrime that came from UK businesses in 2021. It’s critical, therefore, that organisations do everything possible to understand and mitigate those risks.
Failing to do so not only means putting their own businesses at risk but also data held by their clients, partners, and employees. That, in turn, opens those organisations up to reputational damage as well as fines and even prosecution. With that in mind, here are three of the most common threats faced by today’s organisations and the methods they can use to mitigate them.
Weaknesses in user access controls
Most of us know that we should have strong, unique passwords and practice things like multi-factor authentication (MFA) in our personal lives, but how many of us actually do so? Given that around 56% of people in the UK use the same password for multiple accounts, I’d wager the number is worryingly small.
Many of those habits carry over into the enterprise world too. That makes identity and access management (IAM) tools like two-factor authentication (2FA) and multi-factor authentication (MFA) incredibly important. They are not, however, cure-alls and there are other risks that organisations need to be aware of when it comes to access management.
These include the fact that business applications are typically built on top of complex technology stacks and deployed with a wide variety of service accounts, local users, interface users, and standard accounts. Most IAM solutions are not able to fully secure these accounts. Another risk comes from the complexity of most business processes. With numerous internal and external users accessing data simultaneously, assigning the right set of authorisations can be challenging. Additionally, if this isn’t done properly, it can lead to risks in the segregation of duties and critical access areas.
It’s worth pointing out that even the most sophisticated network authentication can’t stop a disgruntled employee (for example) from seeing sensitive company documents and leveraging them to their advantage. It’s therefore critical that enterprises carefully regulate which applications, transactions, resources, and systems people can access. Not doing so puts the entire system at risk.
Problematic patch management
Did you know that it takes an average of 97 days from a vulnerability being identified to a patch being deployed applied, tested, and fully deployed on an endpoint? Or that the number’s even higher for servers, and even higher when it comes to business-critical applications? That’s a serious problem. The longer it takes an organisation to patch a vulnerability, the more time cybercriminals have to exploit it. That becomes even more worrying when you factor in that it can take as little as three hours for hackers to exploit newly-discovered vulnerabilities in internet-facing business applications.
Many of the delays related to patch management come from the fact that manually installing patches is time-consuming for IT teams that are already over-stretched. It can also be difficult to know which patch to prioritise if they start piling up.
The right vulnerability management platform can, however, help alleviate much of the strain felt by patch management teams. As well as providing IT teams full visibility of their entire IT ecosystem, including on-premise, cloud, and hybrid environments, these platforms can help keep a track of previous vulnerabilities, provide them with a comprehensive record of all their assets, and a full understanding of their attack surface.
Custom code
No matter how good an off-the-shelf application or productivity suite are functionally, enterprise-scale organisations all make use of custom code at some point.
Indeed, it’s critical to an organisation’s ability to adapt those applications to their needs and existing business processes. Trouble is that custom code can be prone to security bugs, with some experts estimating that there are an average of 15 – 30 bugs in a single line of code.
When it comes to addressing these bugs, many organisations rely on manual code reviews, which are time-consuming and prone to error. A far better approach is to embrace the automated tools capable of scanning large amounts of code in just a few minutes, detecting any bugs present, and mitigating their risk.
Facing the risks
None of these risks are going to go away anytime soon. Indeed, as cybercriminals become more sophisticated and enterprises more interconnected, they’ll only become more prevalent. That makes it absolutely critical that organisations do everything they can to mitigate these risks and ensure that their systems and data are safe, starting with making cybersecurity a priority.
Founder Dinis Guarda
IntelligentHQ Your New Business Network.
IntelligentHQ is a Business network and an expert source for finance, capital markets and intelligence for thousands of global business professionals, startups, and companies.
We exist at the point of intersection between technology, social media, finance and innovation.
IntelligentHQ leverages innovation and scale of social digital technology, analytics, news, and distribution to create an unparalleled, full digital medium and social business networks spectrum.
IntelligentHQ is working hard, to become a trusted, and indispensable source of business news and analytics, within financial services and its associated supply chains and ecosystems