You can trip
but a balanced control can prevent a fall
Where you can trip:
Hardware or device theft
Personal employee or client details, trade secret, corporate sensitive data can be easily stolen if a violator finds a way to rob someone of a laptop or a smartphone.
Negligent data removal or allocation
Records which an organisation is not going to use are often disregarded. Some companies just get rid of the data they don’t have to refer to and pay no attention to what can happen to it. The information can be swooped up by violators or simply keep on being stored on a hard disk or any other gadget with built-in memory you purchase.
The data disposal is an issue organisations should approach responsibly.
Employee negligence/error
One of the best ways to prevent human error is to educate employees on how important it is to be aware of the consequences of putting wrong information in a mailshot or adding a wrong person in the Cc. But providing staff members with a lecture doesn’t ensure that people will robotically follow the algorithm — human nature makes even a technical staffer misstep.
Unauthorised access
Access restrictions should be constantly revised — sometimes dismissed employees still have the clearance they had been granted. Constant access control is important taking into account the frequency of changes made to authorisation limits. You might not know that there is specialist who sabotages the work, or doesn’t have a clue how to use the access correctly, or is simply a whistleblower working at your company.
Insider threat
Your staff members know your company’s network, which channels lead to sensitive information and who among employees can be approached to in order to procure confidential details. It is necessary to update policies and make them detailed.
Cyber Espionage/aiding hackers
These attacks are targeted. Whereas a common hack will take all the data it can find, a spy-driven injection will pick the data which will impact the core of the business.
Detection of aiding hackers is a slippery and subtle task as soon as anyone can appear to be the “mole” but not actually perform any offensive activities due to being only intermediaries — they can be a former colleague who can be contacted by an ex-employee who appears to be a hacker.
Hacktivists
Hacktivism accounts for 10–15% of all the attacks, there are as few of them occurring as cyber espionage invasions, but they are as shrewdly implemented. Not many offenders are willing to compromise a company’s data receiving no money in return, but if their purpose is social or political it would be enough to damage an organisation’s reputation. Elections, i.e. undermining a campaign, are one of the favorite reasons for hacktivists’ activity.
Cyberwarfare
Cyberwarfare incidents may seem the rarest ones, although the term exists and represents an aggressive and threatening attack on state or nation. It can be sponsored by a government or an influential group determined to stir up the ambience in a country. The biggest risk a cyberwarfare attack can cause is a real war clash.
Information on the move
Remote work or relocation to a branch office puts in jeopardy the data which gets physically transferred outside the perimeter together with corporate laptops, notebooks, smartphones and various gadgets. Devices require solid security measures.
Exposure on the Internet
Cloud storages are popular and pose a big threat to organisations who prefer to keep their data on external servers.
Weak or stolen passwords
There shouldn’t necessarily be an insider to allow a hacker to access a corporate network, there can be more inside reasons for approaching sensitive data — insecure passwords or simply lost ones by employees endanger the security of a system.
Data integrity
An information leakage can be not the worst process happening to data. Breaching a company’s data array and making the very incident known to wide public pushes clients away, whereas alteration of accessed data can lead to unprecedented results.
For example, in 2010 the work of Iran’s Natanz nuclear facility was sabotaged. The functioning of more than 1000 of 9000 machines were disrupted. But the violators went far — they manipulated the internal processes making the workstations play “Thunderstruck” by AC/DC randomly as loud as the song could sound at the facility at night. Since only Iranian folk, pop or classical music is to be performed or enjoyed within the country, the rock band’s hit turned to be a literal hit — a mockery kick in the local censorship.
