Biggest Cyber Threats to your Business

The point many business owners make when responding to warnings about threats to their technology infrastructure is a simple one, and it is a point well taken. How, they ask, can we defend against a threat if we don’t know what it is?

 

To those experienced in matters of computer security, this might sound like a trivial question, but the best way they can imagine what it is like is to imagine how they might build safeguards against securities fraud, or a submarine attack. It all seems very simple when you have experience, but when the subject is unfamiliar, it turns out threat response solutions aren’t quite so simple.

 

So exactly what are the threats a business owner might face in the realm of cyber security?

The Human Factor

Computers are hard to break, especially if they have been designed to withstand the simplest and most common types of attacks. So many attackers will turn to your staff to get what they want. If all it takes to get a password, or an IP address is a phone call, then why go to the trouble of building elaborate technical weaponry? Always remember that attackers will follow the path of least resistance. They aren’t going to attack your safe. They’re going to attack the envelope of cash the bank VP keeps in his drawer.

Unsecured Web Applications

Any web application that accepts input from the general public must be designed to sanitize that input before it gets to the server-side code. The reason for this is simple. Almost all web applications rely on SQL or Structured Query Language databases. A badly formed string from an input box on a web page can be used to attack that database using a method called “SQL injection.” This essentially means the attacker is putting a database command in the box instead of their name or address. The results can be costly and can take down your site for extended periods of time.

Plain Text

In the modern age of near-instant strong encryption, there is no excuse for storing sensitive information like passwords, account numbers or other personal information in the open. Even intermediate programmers are well aware of the mechanisms by which such information can be scrambled and stored in a manner that makes it either useless for attackers or so labor and CPU-intensive to crack they will move on to easier targets.

 

It should be noted, however, that encryption can be both a blessing and a curse. Employed improperly, encryption can not only become a massive burden on both your systems and personnel, it can also scramble your database beyond repair. If you do make use of it, make sure your backups are current.

 

There are hundreds, if not thousands of additional examples, but these three should be sufficient to demonstrate how easy it is to miss a vulnerability. The key to security is to think like an attacker. What is valuable in your business? How might someone get to it? Training, discipline and repetition are the cure for sloppy security. Keep them all improving in your company and you will make considerable progress securing your valuable data.

Filed Under: Uncategorized

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...Loading...

About the Author:

RSSComments (0)

Trackback URL

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.

*