“Success breeds complacency. Complacency breeds failure. Only the paranoid survive,” wrote Andy Grove, former CEO of semiconductor giant Intel.
And in today’s connected world, a little healthy dose of paranoia might save you from serious damage that hackers, ransomware, malware, and viruses could cause coming in to your network.
With more and more business partners increasingly expecting to use digital exchanges for doing business, network security not only affects you, but also all of your connected partners. Nobody will thank you for passing on a digital infection or leaking confidential information they entrusted to you.
3 Types of Network Threats
A simple way to understand the different types of network security threats is to group them into the following 3 categories:
- Active Threats. These include cyber-criminal attempts to gain immediate access to your data and/or resources, and computer viruses, worms and Trojan horses – all examples of malware, meaning software designed to damage your systems or facilitate the theft of your information.
- Passive Threats. Some malware is made to find its way into systems and lie in wait for “interesting” information, such as users’ IDs and passwords. A recent development, the Advanced Persistent Threat or APT, can even lead to the whole of an organization’s IT resources being surreptitiously controlled by an external hacker.
- Distributed Attacks. By using several external systems, hackers can bombard a company’s IT servers with communications that either make the servers inaccessible to genuine users or reduce their performance to a crawl. If you also are using VoIP (Voice over IP) telephone systems, you may be doubly vulnerable to this kind of attack.
So, what does this mean? Well for starters - know your enemies.
Hackers and cybercriminals have different ways of attacking your business. Protection comes from both network security technologies such as network firewalls, dual factor authentication, and anti-virus and anti-malware software, as well as taking advantage of gaps in policies and procedures. If they can't get in by the digital door, hackers may try to penetrate your network through social engineering.
By masquerading as helpless users, internal support staff, or third-party service providers, they can often acquire access to information simply by asking staff members for it. Check out our Keys to a Successful Cyber Security Awareness Training Program for more details about how to get your users up to speed. Training your personnel to use due caution about divulging such information is important. Also, remember that threats can come from the inside as well – for example, a disgruntled employee.
Besides working to ensure employee happiness and loyalty, make sure that the possibilities of deliberate damage are also kept to a minimum. Put appropriate internal “need-to-know” protection and security authorizations in place.
New Challenges to Network Security
As businesses increasingly use the Cloud and mobile computing for their flexibility and cost-efficiency, challenges to network security change too. Mobility and BYOD (Bring Your Own Device) computing is a case in point.
By allowing employees to use their own mobile computing devices such as tablets and smartphones for handling business information, you should consider limiting the confidentiality of the data being downloaded. Security solutions that also control the extent to which an employee can pass the data on to another user needs to be in place.
Putting Solutions in Place
To put the right security in place, you need to know what the major vulnerabilities and risks are for your business. Whether or not an enterprise has in-house network security expertise in place, a competent external partner can also provide an expert, objective eye.
Trusted third party services can then help in selecting the right solutions (ensuring the right balance between protection and budget), installing and configuring them, and ensuring they remain up to date and effective into the future.
Keep in mind, just because you don’t think you have anything a hacker would value, doesn’t mean you’re not a target! The reality these days is - it’s not a matter of if you’ll be attacked, but rather when. So the question is, what have you done to mitigate your risk and minimize the damage when this does happen?
Which network security threats have you experienced? And how did you deal with them? And which most concern you? Please share your war stories in the Comment box below or shoot me an email if you’d like to chat about this in more detail.