Experts: Threats come from within

Experts: Threats come from within

According to Dark Reading, some of the leading threats to companies may be lurking within. IT security policies that do not have strict access control lists could be allowing malicious users inside the company to commit fraud at the expense of the corporate network. While administrators may believe preparing defenses against insider attacks shows a lack of faith, failure to do so could lead to serious data loss events.

Guarding against insiders
When setting up defenses and arranging penetration testing, leaders would be wise to see how defenses hold up against attackers with insider access. Security software developer Adam Bosnian told the source that firms can carefully monitor the status of internal systems, even those that require access. He explained that companies can help determine which users have an inappropriate amount of access by changing credentialing systems and seeing who reports that they have been locked out.

Dark Reading noted that a recent survey sponsored by the U.S. Department of Homeland Security found a vast number of fraud cases coming from inside the corporate structure. These cases tended to go undetected for long periods of time, as malicious workers dodge blame for their transgressions through their positions. According to the data, managers can maintain fraudulent practices for an average of almost three years.

The accidental threat
Some employees place their employers at risk without ever realizing it. According to a new survey conducted by Forrester Research, consumerized mobile device plans have caused serious headaches for some early adopters. The source polled IT managers, 54 percent of whom confessed they lacked the software necessary to secure the mobile environment with employee-owned devices in the mix. Fighting accidental threats through unsecured devices is a high priority. According to the source, 67 percent of IT leaders plan to focus on that area in the coming year.